diff --git a/assets/fleet-agent/fleet-agent-100.0.0+up0.3.6.tgz b/assets/fleet-agent/fleet-agent-100.0.0+up0.3.6.tgz
new file mode 100644
index 000000000..4f74a9ee9
Binary files /dev/null and b/assets/fleet-agent/fleet-agent-100.0.0+up0.3.6.tgz differ
diff --git a/assets/fleet-crd/fleet-crd-100.0.0+up0.3.6.tgz b/assets/fleet-crd/fleet-crd-100.0.0+up0.3.6.tgz
new file mode 100644
index 000000000..4ad571cfb
Binary files /dev/null and b/assets/fleet-crd/fleet-crd-100.0.0+up0.3.6.tgz differ
diff --git a/assets/fleet/fleet-100.0.0+up0.3.6.tgz b/assets/fleet/fleet-100.0.0+up0.3.6.tgz
new file mode 100644
index 000000000..9bb16443a
Binary files /dev/null and b/assets/fleet/fleet-100.0.0+up0.3.6.tgz differ
diff --git a/assets/logos/alerting-drivers.svg b/assets/logos/alerting-drivers.svg
new file mode 100644
index 000000000..17ae1a692
--- /dev/null
+++ b/assets/logos/alerting-drivers.svg
@@ -0,0 +1,31 @@
+
+
+
diff --git a/assets/longhorn/longhorn-100.0.0+up1.1.2.tgz b/assets/longhorn/longhorn-100.0.0+up1.1.2.tgz
new file mode 100644
index 000000000..1b33876bf
Binary files /dev/null and b/assets/longhorn/longhorn-100.0.0+up1.1.2.tgz differ
diff --git a/assets/longhorn/longhorn-crd-100.0.0+up1.1.2.tgz b/assets/longhorn/longhorn-crd-100.0.0+up1.1.2.tgz
new file mode 100644
index 000000000..74c26ee88
Binary files /dev/null and b/assets/longhorn/longhorn-crd-100.0.0+up1.1.2.tgz differ
diff --git a/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.0+up1.0.1.tgz b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.0+up1.0.1.tgz
new file mode 100644
index 000000000..d12675ff4
Binary files /dev/null and b/assets/rancher-aks-operator-crd/rancher-aks-operator-crd-100.0.0+up1.0.1.tgz differ
diff --git a/assets/rancher-aks-operator/rancher-aks-operator-100.0.0+up1.0.1.tgz b/assets/rancher-aks-operator/rancher-aks-operator-100.0.0+up1.0.1.tgz
new file mode 100644
index 000000000..09b34b62c
Binary files /dev/null and b/assets/rancher-aks-operator/rancher-aks-operator-100.0.0+up1.0.1.tgz differ
diff --git a/assets/rancher-alerting-drivers/rancher-alerting-drivers-100.0.0.tgz b/assets/rancher-alerting-drivers/rancher-alerting-drivers-100.0.0.tgz
new file mode 100644
index 000000000..ae3ee8184
Binary files /dev/null and b/assets/rancher-alerting-drivers/rancher-alerting-drivers-100.0.0.tgz differ
diff --git a/assets/rancher-backup-crd/rancher-backup-crd-2.0.0.tgz b/assets/rancher-backup-crd/rancher-backup-crd-2.0.0.tgz
new file mode 100644
index 000000000..76eaedc34
Binary files /dev/null and b/assets/rancher-backup-crd/rancher-backup-crd-2.0.0.tgz differ
diff --git a/assets/rancher-backup/rancher-backup-2.0.0.tgz b/assets/rancher-backup/rancher-backup-2.0.0.tgz
new file mode 100644
index 000000000..8ac2aa8af
Binary files /dev/null and b/assets/rancher-backup/rancher-backup-2.0.0.tgz differ
diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz
new file mode 100644
index 000000000..f701e8e9c
Binary files /dev/null and b/assets/rancher-cis-benchmark/rancher-cis-benchmark-2.0.0.tgz differ
diff --git a/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.0.tgz b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.0.tgz
new file mode 100644
index 000000000..7ec434c94
Binary files /dev/null and b/assets/rancher-cis-benchmark/rancher-cis-benchmark-crd-2.0.0.tgz differ
diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-100.0.0+up1.1.1.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-100.0.0+up1.1.1.tgz
new file mode 100644
index 000000000..dd0631858
Binary files /dev/null and b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-100.0.0+up1.1.1.tgz differ
diff --git a/assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz b/assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz
new file mode 100644
index 000000000..49aaef41c
Binary files /dev/null and b/assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz differ
diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz
new file mode 100644
index 000000000..a2d5e9b1d
Binary files /dev/null and b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up1.0.0.tgz differ
diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.0+up3.5.1.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.0+up3.5.1.tgz
new file mode 100644
index 000000000..2cf8f42ac
Binary files /dev/null and b/assets/rancher-gatekeeper/rancher-gatekeeper-100.0.0+up3.5.1.tgz differ
diff --git a/assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz b/assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz
new file mode 100644
index 000000000..6eeec5e95
Binary files /dev/null and b/assets/rancher-gatekeeper/rancher-gatekeeper-crd-100.0.0+up3.5.1.tgz differ
diff --git a/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-100.0.0+up1.1.1.tgz b/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-100.0.0+up1.1.1.tgz
new file mode 100644
index 000000000..459ebb34d
Binary files /dev/null and b/assets/rancher-gke-operator-crd/rancher-gke-operator-crd-100.0.0+up1.1.1.tgz differ
diff --git a/assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz b/assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz
new file mode 100644
index 000000000..1b0876bdb
Binary files /dev/null and b/assets/rancher-gke-operator/rancher-gke-operator-100.0.0+up1.1.1.tgz differ
diff --git a/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz b/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz
new file mode 100644
index 000000000..31f26c8d4
Binary files /dev/null and b/assets/rancher-grafana/rancher-grafana-100.0.0+up6.11.0.tgz differ
diff --git a/assets/rancher-istio/rancher-istio-100.0.0+up1.10.4.tgz b/assets/rancher-istio/rancher-istio-100.0.0+up1.10.4.tgz
new file mode 100644
index 000000000..7ed98b655
Binary files /dev/null and b/assets/rancher-istio/rancher-istio-100.0.0+up1.10.4.tgz differ
diff --git a/assets/rancher-kiali-server/rancher-kiali-server-100.0.0+up1.35.0.tgz b/assets/rancher-kiali-server/rancher-kiali-server-100.0.0+up1.35.0.tgz
new file mode 100644
index 000000000..5ba1ff1be
Binary files /dev/null and b/assets/rancher-kiali-server/rancher-kiali-server-100.0.0+up1.35.0.tgz differ
diff --git a/assets/rancher-kiali-server/rancher-kiali-server-crd-100.0.0+up1.35.0.tgz b/assets/rancher-kiali-server/rancher-kiali-server-crd-100.0.0+up1.35.0.tgz
new file mode 100644
index 000000000..5de55c0fe
Binary files /dev/null and b/assets/rancher-kiali-server/rancher-kiali-server-crd-100.0.0+up1.35.0.tgz differ
diff --git a/assets/rancher-kube-state-metrics/rancher-kube-state-metrics-100.0.0+up3.2.0.tgz b/assets/rancher-kube-state-metrics/rancher-kube-state-metrics-100.0.0+up3.2.0.tgz
new file mode 100644
index 000000000..4c6f70a7b
Binary files /dev/null and b/assets/rancher-kube-state-metrics/rancher-kube-state-metrics-100.0.0+up3.2.0.tgz differ
diff --git a/assets/rancher-logging/rancher-logging-100.0.0+up3.12.0.tgz b/assets/rancher-logging/rancher-logging-100.0.0+up3.12.0.tgz
new file mode 100644
index 000000000..a3c1b8ac7
Binary files /dev/null and b/assets/rancher-logging/rancher-logging-100.0.0+up3.12.0.tgz differ
diff --git a/assets/rancher-logging/rancher-logging-crd-100.0.0+up3.12.0.tgz b/assets/rancher-logging/rancher-logging-crd-100.0.0+up3.12.0.tgz
new file mode 100644
index 000000000..2efd7f0b8
Binary files /dev/null and b/assets/rancher-logging/rancher-logging-crd-100.0.0+up3.12.0.tgz differ
diff --git a/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz b/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz
new file mode 100644
index 000000000..931f34e31
Binary files /dev/null and b/assets/rancher-monitoring/rancher-monitoring-100.0.0+up16.6.0.tgz differ
diff --git a/assets/rancher-monitoring/rancher-monitoring-crd-100.0.0+up16.6.0.tgz b/assets/rancher-monitoring/rancher-monitoring-crd-100.0.0+up16.6.0.tgz
new file mode 100644
index 000000000..7531a0f51
Binary files /dev/null and b/assets/rancher-monitoring/rancher-monitoring-crd-100.0.0+up16.6.0.tgz differ
diff --git a/assets/rancher-node-exporter/rancher-node-exporter-100.0.0+up1.18.1.tgz b/assets/rancher-node-exporter/rancher-node-exporter-100.0.0+up1.18.1.tgz
new file mode 100644
index 000000000..ca751fdb6
Binary files /dev/null and b/assets/rancher-node-exporter/rancher-node-exporter-100.0.0+up1.18.1.tgz differ
diff --git a/assets/rancher-prom2teams/rancher-prom2teams-100.0.0+up0.2.0.tgz b/assets/rancher-prom2teams/rancher-prom2teams-100.0.0+up0.2.0.tgz
new file mode 100644
index 000000000..a3e224e66
Binary files /dev/null and b/assets/rancher-prom2teams/rancher-prom2teams-100.0.0+up0.2.0.tgz differ
diff --git a/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-100.0.0+up2.14.0.tgz b/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-100.0.0+up2.14.0.tgz
new file mode 100644
index 000000000..189cc0c89
Binary files /dev/null and b/assets/rancher-prometheus-adapter/rancher-prometheus-adapter-100.0.0+up2.14.0.tgz differ
diff --git a/assets/rancher-pushprox/rancher-pushprox-100.0.0.tgz b/assets/rancher-pushprox/rancher-pushprox-100.0.0.tgz
new file mode 100644
index 000000000..361b1492a
Binary files /dev/null and b/assets/rancher-pushprox/rancher-pushprox-100.0.0.tgz differ
diff --git a/assets/rancher-sachet/rancher-sachet-100.0.0.tgz b/assets/rancher-sachet/rancher-sachet-100.0.0.tgz
new file mode 100644
index 000000000..9f73050b3
Binary files /dev/null and b/assets/rancher-sachet/rancher-sachet-100.0.0.tgz differ
diff --git a/assets/rancher-sriov/sriov-100.0.0+up0.1.0.tgz b/assets/rancher-sriov/sriov-100.0.0+up0.1.0.tgz
new file mode 100644
index 000000000..791528159
Binary files /dev/null and b/assets/rancher-sriov/sriov-100.0.0+up0.1.0.tgz differ
diff --git a/assets/rancher-sriov/sriov-crd-100.0.0+up0.1.0.tgz b/assets/rancher-sriov/sriov-crd-100.0.0+up0.1.0.tgz
new file mode 100644
index 000000000..c8ceff02b
Binary files /dev/null and b/assets/rancher-sriov/sriov-crd-100.0.0+up0.1.0.tgz differ
diff --git a/assets/rancher-tracing/rancher-tracing-100.0.0.tgz b/assets/rancher-tracing/rancher-tracing-100.0.0.tgz
new file mode 100644
index 000000000..6784a1b76
Binary files /dev/null and b/assets/rancher-tracing/rancher-tracing-100.0.0.tgz differ
diff --git a/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-100.0.0.tgz b/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-100.0.0.tgz
new file mode 100644
index 000000000..fe0de966f
Binary files /dev/null and b/assets/rancher-vsphere-cpi/rancher-vsphere-cpi-100.0.0.tgz differ
diff --git a/assets/rancher-vsphere-csi/rancher-vsphere-csi-100.0.0.tgz b/assets/rancher-vsphere-csi/rancher-vsphere-csi-100.0.0.tgz
new file mode 100644
index 000000000..adbc41409
Binary files /dev/null and b/assets/rancher-vsphere-csi/rancher-vsphere-csi-100.0.0.tgz differ
diff --git a/assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0.tgz b/assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0.tgz
new file mode 100644
index 000000000..52f1d7e7d
Binary files /dev/null and b/assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0.tgz differ
diff --git a/assets/rancher-windows-exporter/rancher-windows-exporter-100.0.0.tgz b/assets/rancher-windows-exporter/rancher-windows-exporter-100.0.0.tgz
new file mode 100644
index 000000000..b0b7e70e4
Binary files /dev/null and b/assets/rancher-windows-exporter/rancher-windows-exporter-100.0.0.tgz differ
diff --git a/assets/rancher-wins-upgrader/rancher-wins-upgrader-100.0.0+up0.0.1.tgz b/assets/rancher-wins-upgrader/rancher-wins-upgrader-100.0.0+up0.0.1.tgz
new file mode 100644
index 000000000..9c03d3f11
Binary files /dev/null and b/assets/rancher-wins-upgrader/rancher-wins-upgrader-100.0.0+up0.0.1.tgz differ
diff --git a/assets/system-upgrade-controller/system-upgrade-controller-100.0.0+up0.3.0.tgz b/assets/system-upgrade-controller/system-upgrade-controller-100.0.0+up0.3.0.tgz
new file mode 100644
index 000000000..71b80af81
Binary files /dev/null and b/assets/system-upgrade-controller/system-upgrade-controller-100.0.0+up0.3.0.tgz differ
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/Chart.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/Chart.yaml
new file mode 100644
index 000000000..e2f5371e6
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-fleet-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: fleet-agent
+apiVersion: v2
+appVersion: 0.3.6
+description: Fleet Manager Agent - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-agent
+version: 100.0.0+up0.3.6
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/_helpers.tpl b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/_helpers.tpl
new file mode 100644
index 000000000..f652b5643
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/configmap.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/configmap.yaml
new file mode 100644
index 000000000..ce61a8756
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/configmap.yaml
@@ -0,0 +1,12 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: fleet-agent
+data:
+ config: |-
+ {
+ {{ if .Values.labels }}
+ "labels":{{toJson .Values.labels}},
+ {{ end }}
+ "clientID":"{{.Values.clientID}}"
+ }
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/deployment.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/deployment.yaml
new file mode 100644
index 000000000..72323dc76
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/deployment.yaml
@@ -0,0 +1,30 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: fleet-agent
+spec:
+ selector:
+ matchLabels:
+ app: fleet-agent
+ template:
+ metadata:
+ labels:
+ app: fleet-agent
+ spec:
+ containers:
+ - env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}'
+ name: fleet-agent
+ serviceAccountName: fleet-agent
+ {{- with .Values.fleetAgent.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.fleetAgent.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/network_policy_allow_all.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..a72109a06
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-allow-all
+ namespace: {{ .Values.internal.systemNamespace }}
+spec:
+ podSelector: {}
+ ingress:
+ - {}
+ egress:
+ - {}
+ policyTypes:
+ - Ingress
+ - Egress
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/patch_default_serviceaccount.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..2448cb4f3
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: patch-fleet-sa
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+ template:
+ spec:
+ serviceAccountName: fleet-agent
+ restartPolicy: Never
+ containers:
+ - name: sa
+ image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+ imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+ command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+ args: ["-n", {{ .Values.internal.systemNamespace }}]
+ {{- with .Values.kubectl.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.kubectl.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ backoffLimit: 1
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/rbac.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/rbac.yaml
new file mode 100644
index 000000000..805949bf2
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/rbac.yaml
@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: fleet-agent-system-fleet-agent-role
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: fleet-agent-system-fleet-agent-role-binding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: fleet-agent-system-fleet-agent-role
+subjects:
+- kind: ServiceAccount
+ name: fleet-agent
+ namespace: {{.Release.Namespace}}
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/secret.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/secret.yaml
new file mode 100644
index 000000000..471588204
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/secret.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+ systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}"
+ clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
+ token: "{{b64enc .Values.token}}"
+ apiServerURL: "{{b64enc .Values.apiServerURL}}"
+ apiServerCA: "{{b64enc .Values.apiServerCA}}"
+kind: Secret
+metadata:
+ name: fleet-agent-bootstrap
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/serviceaccount.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/serviceaccount.yaml
new file mode 100644
index 000000000..73e27f0be
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: fleet-agent
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/validate.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/validate.yaml
new file mode 100644
index 000000000..d53ff1c50
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/templates/validate.yaml
@@ -0,0 +1,11 @@
+{{if ne .Release.Namespace .Values.internal.systemNamespace }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }}
+{{end}}
+
+{{if ne .Release.Name .Values.internal.managedReleaseName }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }}
+{{end}}
+
+{{if not .Values.apiServerURL }}
+{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }}
+{{end}}
diff --git a/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/values.yaml b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/values.yaml
new file mode 100644
index 000000000..e00317b4a
--- /dev/null
+++ b/charts/fleet-agent/fleet-agent/100.0.0+up0.3.6/values.yaml
@@ -0,0 +1,57 @@
+image:
+ os: "windows,linux"
+ repository: rancher/fleet-agent
+ tag: v0.3.6
+
+# The public URL of the Kubernetes API server running the Fleet Manager must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# The cluster registration value
+token: ""
+
+# Labels to add to the cluster upon registration only. They are not added after the fact.
+#labels:
+# foo: bar
+
+# The client ID of the cluster to associate with
+clientID: ""
+
+# The namespace of the cluster we are register with
+clusterNamespace: ""
+
+# The namespace containing the clusters registration secrets
+systemRegistrationNamespace: fleet-clusters-system
+
+# Please do not change the below setting unless you really know what you are doing
+internal:
+ systemNamespace: fleet-system
+ managedReleaseName: fleet-agent
+
+# The nodeSelector and tolerations for the agent deployment
+fleetAgent:
+ nodeSelector: {}
+ tolerations: []
+kubectl:
+ nodeSelector:
+ kubernetes.io/os: linux
+ tolerations:
+ - key: cattle.io/os
+ operator: "Equal"
+ value: "linux"
+ effect: NoSchedule
+ - key: node.cloudprovider.kubernetes.io/uninitialized
+ operator: "Equal"
+ value: "true"
+ effect: NoSchedule
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ kubectl:
+ repository: rancher/kubectl
+ tag: v1.20.2
diff --git a/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/Chart.yaml b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/Chart.yaml
new file mode 100644
index 000000000..00f2ff7bc
--- /dev/null
+++ b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/Chart.yaml
@@ -0,0 +1,12 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-fleet-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: fleet-crd
+apiVersion: v2
+appVersion: 0.3.6
+description: Fleet Manager CustomResourceDefinitions
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-crd
+version: 100.0.0+up0.3.6
diff --git a/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/crds.yaml b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/crds.yaml
new file mode 100644
index 000000000..f70486af5
--- /dev/null
+++ b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/crds.yaml
@@ -0,0 +1,5231 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: bundles.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: Bundle
+ plural: bundles
+ singular: bundle
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.display.readyClusters
+ name: BundleDeployments-Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ defaultNamespace:
+ nullable: true
+ type: string
+ dependsOn:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ paused:
+ type: boolean
+ resources:
+ items:
+ properties:
+ content:
+ nullable: true
+ type: string
+ encoding:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ rolloutStrategy:
+ nullable: true
+ properties:
+ autoPartitionSize:
+ nullable: true
+ type: string
+ maxUnavailable:
+ nullable: true
+ type: string
+ maxUnavailablePartitions:
+ nullable: true
+ type: string
+ partitions:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ maxUnavailable:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ serviceAccount:
+ nullable: true
+ type: string
+ targetRestrictions:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ targets:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ defaultNamespace:
+ nullable: true
+ type: string
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ nullable: true
+ type: array
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ status:
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ display:
+ properties:
+ readyClusters:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ maxNew:
+ type: integer
+ maxUnavailable:
+ type: integer
+ maxUnavailablePartitions:
+ type: integer
+ newlyCreated:
+ type: integer
+ observedGeneration:
+ type: integer
+ partitions:
+ items:
+ properties:
+ count:
+ type: integer
+ maxUnavailable:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ unavailable:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ resourceKey:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ unavailable:
+ type: integer
+ unavailablePartitions:
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: bundledeployments.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: BundleDeployment
+ plural: bundledeployments
+ singular: bundledeployment
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.display.deployed
+ name: Deployed
+ type: string
+ - jsonPath: .status.display.monitored
+ name: Monitored
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ dependsOn:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ deploymentID:
+ nullable: true
+ type: string
+ options:
+ properties:
+ defaultNamespace:
+ nullable: true
+ type: string
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ stagedDeploymentID:
+ nullable: true
+ type: string
+ stagedOptions:
+ properties:
+ defaultNamespace:
+ nullable: true
+ type: string
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ type: object
+ status:
+ properties:
+ appliedDeploymentID:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ display:
+ properties:
+ deployed:
+ nullable: true
+ type: string
+ monitored:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ nonModified:
+ type: boolean
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ ready:
+ type: boolean
+ release:
+ nullable: true
+ type: string
+ syncGeneration:
+ nullable: true
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: bundlenamespacemappings.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: BundleNamespaceMapping
+ plural: bundlenamespacemappings
+ singular: bundlenamespacemapping
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ bundleSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaceSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clustergroups.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ categories:
+ - fleet
+ kind: ClusterGroup
+ plural: clustergroups
+ singular: clustergroup
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.display.readyClusters
+ name: Clusters-Ready
+ type: string
+ - jsonPath: .status.display.readyBundles
+ name: Bundles-Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ selector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ type: object
+ status:
+ properties:
+ clusterCount:
+ type: integer
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ display:
+ properties:
+ readyBundles:
+ nullable: true
+ type: string
+ readyClusters:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ nonReadyClusterCount:
+ type: integer
+ nonReadyClusters:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ resourceCounts:
+ properties:
+ desiredReady:
+ type: integer
+ missing:
+ type: integer
+ modified:
+ type: integer
+ notReady:
+ type: integer
+ orphaned:
+ type: integer
+ ready:
+ type: integer
+ unknown:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusters.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: Cluster
+ plural: clusters
+ singular: cluster
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.display.readyBundles
+ name: Bundles-Ready
+ type: string
+ - jsonPath: .status.display.readyNodes
+ name: Nodes-Ready
+ type: string
+ - jsonPath: .status.display.sampleNode
+ name: Sample-Node
+ type: string
+ - jsonPath: .status.agent.lastSeen
+ name: Last-Seen
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ agentEnvVars:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ clientID:
+ nullable: true
+ type: string
+ kubeConfigSecret:
+ nullable: true
+ type: string
+ paused:
+ type: boolean
+ redeployAgentGeneration:
+ type: integer
+ type: object
+ status:
+ properties:
+ agent:
+ properties:
+ lastSeen:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ nonReadyNodeNames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ nonReadyNodes:
+ type: integer
+ readyNodeNames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ readyNodes:
+ type: integer
+ type: object
+ agentDeployedGeneration:
+ nullable: true
+ type: integer
+ agentEnvVarsHash:
+ nullable: true
+ type: string
+ agentMigrated:
+ type: boolean
+ cattleNamespaceMigrated:
+ type: boolean
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ desiredReadyGitRepos:
+ type: integer
+ display:
+ properties:
+ readyBundles:
+ nullable: true
+ type: string
+ readyNodes:
+ nullable: true
+ type: string
+ sampleNode:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ readyGitRepos:
+ type: integer
+ resourceCounts:
+ properties:
+ desiredReady:
+ type: integer
+ missing:
+ type: integer
+ modified:
+ type: integer
+ notReady:
+ type: integer
+ orphaned:
+ type: integer
+ ready:
+ type: integer
+ unknown:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterregistrationtokens.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: ClusterRegistrationToken
+ plural: clusterregistrationtokens
+ singular: clusterregistrationtoken
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.secretName
+ name: Secret-Name
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ ttl:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ expires:
+ nullable: true
+ type: string
+ secretName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: gitrepos.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ categories:
+ - fleet
+ kind: GitRepo
+ plural: gitrepos
+ singular: gitrepo
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.repo
+ name: Repo
+ type: string
+ - jsonPath: .status.commit
+ name: Commit
+ type: string
+ - jsonPath: .status.display.readyBundleDeployments
+ name: BundleDeployments-Ready
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ branch:
+ nullable: true
+ type: string
+ caBundle:
+ nullable: true
+ type: string
+ clientSecretName:
+ nullable: true
+ type: string
+ forceSyncGeneration:
+ type: integer
+ helmSecretName:
+ nullable: true
+ type: string
+ imageScanCommit:
+ properties:
+ authorEmail:
+ nullable: true
+ type: string
+ authorName:
+ nullable: true
+ type: string
+ messageTemplate:
+ nullable: true
+ type: string
+ type: object
+ imageScanInterval:
+ nullable: true
+ type: string
+ insecureSkipTLSVerify:
+ type: boolean
+ paths:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ paused:
+ type: boolean
+ pollingInterval:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ revision:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ targetNamespace:
+ nullable: true
+ type: string
+ targets:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ status:
+ properties:
+ commit:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ desiredReadyClusters:
+ type: integer
+ display:
+ properties:
+ error:
+ type: boolean
+ message:
+ nullable: true
+ type: string
+ readyBundleDeployments:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ gitJobStatus:
+ nullable: true
+ type: string
+ lastSyncedImageScanTime:
+ nullable: true
+ type: string
+ observedGeneration:
+ type: integer
+ readyClusters:
+ type: integer
+ resourceCounts:
+ properties:
+ desiredReady:
+ type: integer
+ missing:
+ type: integer
+ modified:
+ type: integer
+ notReady:
+ type: integer
+ orphaned:
+ type: integer
+ ready:
+ type: integer
+ unknown:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ resourceErrors:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ resources:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ error:
+ type: boolean
+ id:
+ nullable: true
+ type: string
+ incompleteState:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ perClusterState:
+ items:
+ properties:
+ clusterId:
+ nullable: true
+ type: string
+ error:
+ type: boolean
+ message:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterregistrations.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: ClusterRegistration
+ plural: clusterregistrations
+ singular: clusterregistration
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .status.clusterName
+ name: Cluster-Name
+ type: string
+ - jsonPath: .spec.clusterLabels
+ name: Labels
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ clientID:
+ nullable: true
+ type: string
+ clientRandom:
+ nullable: true
+ type: string
+ clusterLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ status:
+ properties:
+ clusterName:
+ nullable: true
+ type: string
+ granted:
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: gitreporestrictions.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: GitRepoRestriction
+ plural: gitreporestrictions
+ singular: gitreporestriction
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .defaultServiceAccount
+ name: Default-ServiceAccount
+ type: string
+ - jsonPath: .allowedServiceAccounts
+ name: Allowed-ServiceAccounts
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ allowedClientSecretNames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ allowedRepoPatterns:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ allowedServiceAccounts:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ defaultClientSecretName:
+ nullable: true
+ type: string
+ defaultServiceAccount:
+ nullable: true
+ type: string
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: contents.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: Content
+ plural: contents
+ singular: content
+ preserveUnknownFields: false
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ content:
+ nullable: true
+ type: string
+ type: object
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: imagescans.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ categories:
+ - fleet
+ kind: ImageScan
+ plural: imagescans
+ singular: imagescan
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.image
+ name: Repository
+ type: string
+ - jsonPath: .status.latestTag
+ name: Latest
+ type: string
+ name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ gitrepoName:
+ nullable: true
+ type: string
+ image:
+ nullable: true
+ type: string
+ interval:
+ nullable: true
+ type: string
+ policy:
+ properties:
+ alphabetical:
+ nullable: true
+ properties:
+ order:
+ nullable: true
+ type: string
+ type: object
+ semver:
+ nullable: true
+ properties:
+ range:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ suspend:
+ type: boolean
+ tagName:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ canonicalImageName:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ lastScanTime:
+ nullable: true
+ type: string
+ latestDigest:
+ nullable: true
+ type: string
+ latestImage:
+ nullable: true
+ type: string
+ latestTag:
+ nullable: true
+ type: string
+ observedGeneration:
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+{{- else -}}
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: bundles.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.display.readyClusters
+ name: BundleDeployments-Ready
+ type: string
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ group: fleet.cattle.io
+ names:
+ kind: Bundle
+ plural: bundles
+ singular: bundle
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ defaultNamespace:
+ nullable: true
+ type: string
+ dependsOn:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ paused:
+ type: boolean
+ resources:
+ items:
+ properties:
+ content:
+ nullable: true
+ type: string
+ encoding:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ rolloutStrategy:
+ nullable: true
+ properties:
+ autoPartitionSize:
+ nullable: true
+ type: string
+ maxUnavailable:
+ nullable: true
+ type: string
+ maxUnavailablePartitions:
+ nullable: true
+ type: string
+ partitions:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ maxUnavailable:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ serviceAccount:
+ nullable: true
+ type: string
+ targetRestrictions:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ targets:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ defaultNamespace:
+ nullable: true
+ type: string
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ nullable: true
+ type: array
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ status:
+ properties:
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ display:
+ properties:
+ readyClusters:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ maxNew:
+ type: integer
+ maxUnavailable:
+ type: integer
+ maxUnavailablePartitions:
+ type: integer
+ newlyCreated:
+ type: integer
+ observedGeneration:
+ type: integer
+ partitions:
+ items:
+ properties:
+ count:
+ type: integer
+ maxUnavailable:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ unavailable:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ resourceKey:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ unavailable:
+ type: integer
+ unavailablePartitions:
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: bundledeployments.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.display.deployed
+ name: Deployed
+ type: string
+ - JSONPath: .status.display.monitored
+ name: Monitored
+ type: string
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ group: fleet.cattle.io
+ names:
+ kind: BundleDeployment
+ plural: bundledeployments
+ singular: bundledeployment
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ dependsOn:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ deploymentID:
+ nullable: true
+ type: string
+ options:
+ properties:
+ defaultNamespace:
+ nullable: true
+ type: string
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ stagedDeploymentID:
+ nullable: true
+ type: string
+ stagedOptions:
+ properties:
+ defaultNamespace:
+ nullable: true
+ type: string
+ diff:
+ nullable: true
+ properties:
+ comparePatches:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ jsonPointers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ operations:
+ items:
+ properties:
+ op:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ forceSyncGeneration:
+ type: integer
+ helm:
+ nullable: true
+ properties:
+ chart:
+ nullable: true
+ type: string
+ force:
+ type: boolean
+ maxHistory:
+ type: integer
+ releaseName:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ takeOwnership:
+ type: boolean
+ timeoutSeconds:
+ type: integer
+ values:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ valuesFiles:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ valuesFrom:
+ items:
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ version:
+ nullable: true
+ type: string
+ type: object
+ kustomize:
+ nullable: true
+ properties:
+ dir:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ yaml:
+ nullable: true
+ properties:
+ overlays:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ type: object
+ status:
+ properties:
+ appliedDeploymentID:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ display:
+ properties:
+ deployed:
+ nullable: true
+ type: string
+ monitored:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ nonModified:
+ type: boolean
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ ready:
+ type: boolean
+ release:
+ nullable: true
+ type: string
+ syncGeneration:
+ nullable: true
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: bundlenamespacemappings.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: BundleNamespaceMapping
+ plural: bundlenamespacemappings
+ singular: bundlenamespacemapping
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ bundleSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaceSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: clustergroups.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.display.readyClusters
+ name: Clusters-Ready
+ type: string
+ - JSONPath: .status.display.readyBundles
+ name: Bundles-Ready
+ type: string
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ group: fleet.cattle.io
+ names:
+ categories:
+ - fleet
+ kind: ClusterGroup
+ plural: clustergroups
+ singular: clustergroup
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ selector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ type: object
+ status:
+ properties:
+ clusterCount:
+ type: integer
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ display:
+ properties:
+ readyBundles:
+ nullable: true
+ type: string
+ readyClusters:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ nonReadyClusterCount:
+ type: integer
+ nonReadyClusters:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ resourceCounts:
+ properties:
+ desiredReady:
+ type: integer
+ missing:
+ type: integer
+ modified:
+ type: integer
+ notReady:
+ type: integer
+ orphaned:
+ type: integer
+ ready:
+ type: integer
+ unknown:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: clusters.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.display.readyBundles
+ name: Bundles-Ready
+ type: string
+ - JSONPath: .status.display.readyNodes
+ name: Nodes-Ready
+ type: string
+ - JSONPath: .status.display.sampleNode
+ name: Sample-Node
+ type: string
+ - JSONPath: .status.agent.lastSeen
+ name: Last-Seen
+ type: string
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ group: fleet.cattle.io
+ names:
+ kind: Cluster
+ plural: clusters
+ singular: cluster
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ agentEnvVars:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ clientID:
+ nullable: true
+ type: string
+ kubeConfigSecret:
+ nullable: true
+ type: string
+ paused:
+ type: boolean
+ redeployAgentGeneration:
+ type: integer
+ type: object
+ status:
+ properties:
+ agent:
+ properties:
+ lastSeen:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ nonReadyNodeNames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ nonReadyNodes:
+ type: integer
+ readyNodeNames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ readyNodes:
+ type: integer
+ type: object
+ agentDeployedGeneration:
+ nullable: true
+ type: integer
+ agentEnvVarsHash:
+ nullable: true
+ type: string
+ agentMigrated:
+ type: boolean
+ cattleNamespaceMigrated:
+ type: boolean
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ desiredReadyGitRepos:
+ type: integer
+ display:
+ properties:
+ readyBundles:
+ nullable: true
+ type: string
+ readyNodes:
+ nullable: true
+ type: string
+ sampleNode:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ namespace:
+ nullable: true
+ type: string
+ readyGitRepos:
+ type: integer
+ resourceCounts:
+ properties:
+ desiredReady:
+ type: integer
+ missing:
+ type: integer
+ modified:
+ type: integer
+ notReady:
+ type: integer
+ orphaned:
+ type: integer
+ ready:
+ type: integer
+ unknown:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterregistrationtokens.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.secretName
+ name: Secret-Name
+ type: string
+ group: fleet.cattle.io
+ names:
+ kind: ClusterRegistrationToken
+ plural: clusterregistrationtokens
+ singular: clusterregistrationtoken
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ ttl:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ expires:
+ nullable: true
+ type: string
+ secretName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: gitrepos.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .spec.repo
+ name: Repo
+ type: string
+ - JSONPath: .status.commit
+ name: Commit
+ type: string
+ - JSONPath: .status.display.readyBundleDeployments
+ name: BundleDeployments-Ready
+ type: string
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ group: fleet.cattle.io
+ names:
+ categories:
+ - fleet
+ kind: GitRepo
+ plural: gitrepos
+ singular: gitrepo
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ branch:
+ nullable: true
+ type: string
+ caBundle:
+ nullable: true
+ type: string
+ clientSecretName:
+ nullable: true
+ type: string
+ forceSyncGeneration:
+ type: integer
+ helmSecretName:
+ nullable: true
+ type: string
+ imageScanCommit:
+ properties:
+ authorEmail:
+ nullable: true
+ type: string
+ authorName:
+ nullable: true
+ type: string
+ messageTemplate:
+ nullable: true
+ type: string
+ type: object
+ imageScanInterval:
+ nullable: true
+ type: string
+ insecureSkipTLSVerify:
+ type: boolean
+ paths:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ paused:
+ type: boolean
+ pollingInterval:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ revision:
+ nullable: true
+ type: string
+ serviceAccount:
+ nullable: true
+ type: string
+ targetNamespace:
+ nullable: true
+ type: string
+ targets:
+ items:
+ properties:
+ clusterGroup:
+ nullable: true
+ type: string
+ clusterGroupSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ clusterSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ status:
+ properties:
+ commit:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ desiredReadyClusters:
+ type: integer
+ display:
+ properties:
+ error:
+ type: boolean
+ message:
+ nullable: true
+ type: string
+ readyBundleDeployments:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ type: object
+ gitJobStatus:
+ nullable: true
+ type: string
+ lastSyncedImageScanTime:
+ nullable: true
+ type: string
+ observedGeneration:
+ type: integer
+ readyClusters:
+ type: integer
+ resourceCounts:
+ properties:
+ desiredReady:
+ type: integer
+ missing:
+ type: integer
+ modified:
+ type: integer
+ notReady:
+ type: integer
+ orphaned:
+ type: integer
+ ready:
+ type: integer
+ unknown:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ resourceErrors:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ resources:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ error:
+ type: boolean
+ id:
+ nullable: true
+ type: string
+ incompleteState:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ perClusterState:
+ items:
+ properties:
+ clusterId:
+ nullable: true
+ type: string
+ error:
+ type: boolean
+ message:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ summary:
+ properties:
+ desiredReady:
+ type: integer
+ errApplied:
+ type: integer
+ modified:
+ type: integer
+ nonReadyResources:
+ items:
+ properties:
+ bundleState:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ modifiedStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ delete:
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ missing:
+ type: boolean
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ patch:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ nonReadyStatus:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ summary:
+ properties:
+ error:
+ type: boolean
+ message:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ notReady:
+ type: integer
+ outOfSync:
+ type: integer
+ pending:
+ type: integer
+ ready:
+ type: integer
+ waitApplied:
+ type: integer
+ type: object
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterregistrations.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.clusterName
+ name: Cluster-Name
+ type: string
+ - JSONPath: .spec.clusterLabels
+ name: Labels
+ type: string
+ group: fleet.cattle.io
+ names:
+ kind: ClusterRegistration
+ plural: clusterregistrations
+ singular: clusterregistration
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ clientID:
+ nullable: true
+ type: string
+ clientRandom:
+ nullable: true
+ type: string
+ clusterLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ status:
+ properties:
+ clusterName:
+ nullable: true
+ type: string
+ granted:
+ type: boolean
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: gitreporestrictions.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .defaultServiceAccount
+ name: Default-ServiceAccount
+ type: string
+ - JSONPath: .allowedServiceAccounts
+ name: Allowed-ServiceAccounts
+ type: string
+ group: fleet.cattle.io
+ names:
+ kind: GitRepoRestriction
+ plural: gitreporestrictions
+ singular: gitreporestriction
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ allowedClientSecretNames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ allowedRepoPatterns:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ allowedServiceAccounts:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ defaultClientSecretName:
+ nullable: true
+ type: string
+ defaultServiceAccount:
+ nullable: true
+ type: string
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: contents.fleet.cattle.io
+spec:
+ group: fleet.cattle.io
+ names:
+ kind: Content
+ plural: contents
+ singular: content
+ preserveUnknownFields: false
+ scope: Cluster
+ validation:
+ openAPIV3Schema:
+ properties:
+ content:
+ nullable: true
+ type: string
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: imagescans.fleet.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .spec.image
+ name: Repository
+ type: string
+ - JSONPath: .status.latestTag
+ name: Latest
+ type: string
+ group: fleet.cattle.io
+ names:
+ categories:
+ - fleet
+ kind: ImageScan
+ plural: imagescans
+ singular: imagescan
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ gitrepoName:
+ nullable: true
+ type: string
+ image:
+ nullable: true
+ type: string
+ interval:
+ nullable: true
+ type: string
+ policy:
+ properties:
+ alphabetical:
+ nullable: true
+ properties:
+ order:
+ nullable: true
+ type: string
+ type: object
+ semver:
+ nullable: true
+ properties:
+ range:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ suspend:
+ type: boolean
+ tagName:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ canonicalImageName:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ lastScanTime:
+ nullable: true
+ type: string
+ latestDigest:
+ nullable: true
+ type: string
+ latestImage:
+ nullable: true
+ type: string
+ latestTag:
+ nullable: true
+ type: string
+ observedGeneration:
+ type: integer
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/gitjobs-crds.yaml b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/gitjobs-crds.yaml
new file mode 100644
index 000000000..958aad932
--- /dev/null
+++ b/charts/fleet-crd/fleet-crd/100.0.0+up0.3.6/templates/gitjobs-crds.yaml
@@ -0,0 +1,6876 @@
+{{- if .Capabilities.APIVersions.Has "apiextensions.k8s.io/v1" -}}
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: gitjobs.gitjob.cattle.io
+spec:
+ group: gitjob.cattle.io
+ names:
+ kind: GitJob
+ plural: gitjobs
+ singular: gitjob
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.git.repo
+ name: REPO
+ type: string
+ - jsonPath: .spec.git.branch
+ name: BRANCH
+ type: string
+ - jsonPath: .status.commit
+ name: COMMIT
+ type: string
+ - jsonPath: .status.jobStatus
+ name: JOBSTATUS
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ forceUpdateGeneration:
+ type: integer
+ git:
+ properties:
+ branch:
+ nullable: true
+ type: string
+ caBundle:
+ nullable: true
+ type: string
+ clientSecretName:
+ nullable: true
+ type: string
+ insecureSkipTLSVerify:
+ type: boolean
+ provider:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ revision:
+ nullable: true
+ type: string
+ type: object
+ jobSpec:
+ properties:
+ activeDeadlineSeconds:
+ nullable: true
+ type: integer
+ backoffLimit:
+ nullable: true
+ type: integer
+ completions:
+ nullable: true
+ type: integer
+ manualSelector:
+ nullable: true
+ type: boolean
+ parallelism:
+ nullable: true
+ type: integer
+ selector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ template:
+ properties:
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ creationTimestamp:
+ nullable: true
+ type: string
+ deletionGracePeriodSeconds:
+ nullable: true
+ type: integer
+ deletionTimestamp:
+ nullable: true
+ type: string
+ finalizers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ generateName:
+ nullable: true
+ type: string
+ generation:
+ type: integer
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ managedFields:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldsType:
+ nullable: true
+ type: string
+ fieldsV1:
+ nullable: true
+ type: object
+ manager:
+ nullable: true
+ type: string
+ operation:
+ nullable: true
+ type: string
+ time:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ ownerReferences:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ blockOwnerDeletion:
+ nullable: true
+ type: boolean
+ controller:
+ nullable: true
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ resourceVersion:
+ nullable: true
+ type: string
+ selfLink:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ spec:
+ properties:
+ activeDeadlineSeconds:
+ nullable: true
+ type: integer
+ affinity:
+ nullable: true
+ properties:
+ nodeAffinity:
+ nullable: true
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ weight:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nullable: true
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ type: object
+ podAffinity:
+ nullable: true
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ weight:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ podAntiAffinity:
+ nullable: true
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ weight:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ type: object
+ automountServiceAccountToken:
+ nullable: true
+ type: boolean
+ containers:
+ items:
+ properties:
+ args:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ prefix:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ nullable: true
+ type: array
+ image:
+ nullable: true
+ type: string
+ imagePullPolicy:
+ nullable: true
+ type: string
+ lifecycle:
+ nullable: true
+ properties:
+ postStart:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ preStop:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ name:
+ nullable: true
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ type: integer
+ hostIP:
+ nullable: true
+ type: string
+ hostPort:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ protocol:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ readinessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ securityContext:
+ nullable: true
+ properties:
+ allowPrivilegeEscalation:
+ nullable: true
+ type: boolean
+ capabilities:
+ nullable: true
+ properties:
+ add:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ drop:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ privileged:
+ nullable: true
+ type: boolean
+ procMount:
+ nullable: true
+ type: string
+ readOnlyRootFilesystem:
+ nullable: true
+ type: boolean
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ terminationMessagePath:
+ nullable: true
+ type: string
+ terminationMessagePolicy:
+ nullable: true
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ nullable: true
+ type: string
+ mountPropagation:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ nullable: true
+ type: string
+ subPathExpr:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ workingDir:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ dnsConfig:
+ nullable: true
+ properties:
+ nameservers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ options:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ searches:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ dnsPolicy:
+ nullable: true
+ type: string
+ enableServiceLinks:
+ nullable: true
+ type: boolean
+ ephemeralContainers:
+ items:
+ properties:
+ args:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ prefix:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ nullable: true
+ type: array
+ image:
+ nullable: true
+ type: string
+ imagePullPolicy:
+ nullable: true
+ type: string
+ lifecycle:
+ nullable: true
+ properties:
+ postStart:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ preStop:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ name:
+ nullable: true
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ type: integer
+ hostIP:
+ nullable: true
+ type: string
+ hostPort:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ protocol:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ readinessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ securityContext:
+ nullable: true
+ properties:
+ allowPrivilegeEscalation:
+ nullable: true
+ type: boolean
+ capabilities:
+ nullable: true
+ properties:
+ add:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ drop:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ privileged:
+ nullable: true
+ type: boolean
+ procMount:
+ nullable: true
+ type: string
+ readOnlyRootFilesystem:
+ nullable: true
+ type: boolean
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ targetContainerName:
+ nullable: true
+ type: string
+ terminationMessagePath:
+ nullable: true
+ type: string
+ terminationMessagePolicy:
+ nullable: true
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ nullable: true
+ type: string
+ mountPropagation:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ nullable: true
+ type: string
+ subPathExpr:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ workingDir:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ hostAliases:
+ items:
+ properties:
+ hostnames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ ip:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ hostIPC:
+ type: boolean
+ hostNetwork:
+ type: boolean
+ hostPID:
+ type: boolean
+ hostname:
+ nullable: true
+ type: string
+ imagePullSecrets:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ initContainers:
+ items:
+ properties:
+ args:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ prefix:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ nullable: true
+ type: array
+ image:
+ nullable: true
+ type: string
+ imagePullPolicy:
+ nullable: true
+ type: string
+ lifecycle:
+ nullable: true
+ properties:
+ postStart:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ preStop:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ name:
+ nullable: true
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ type: integer
+ hostIP:
+ nullable: true
+ type: string
+ hostPort:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ protocol:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ readinessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ securityContext:
+ nullable: true
+ properties:
+ allowPrivilegeEscalation:
+ nullable: true
+ type: boolean
+ capabilities:
+ nullable: true
+ properties:
+ add:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ drop:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ privileged:
+ nullable: true
+ type: boolean
+ procMount:
+ nullable: true
+ type: string
+ readOnlyRootFilesystem:
+ nullable: true
+ type: boolean
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ terminationMessagePath:
+ nullable: true
+ type: string
+ terminationMessagePolicy:
+ nullable: true
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ nullable: true
+ type: string
+ mountPropagation:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ nullable: true
+ type: string
+ subPathExpr:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ workingDir:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ nodeName:
+ nullable: true
+ type: string
+ nodeSelector:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ overhead:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ preemptionPolicy:
+ nullable: true
+ type: string
+ priority:
+ nullable: true
+ type: integer
+ priorityClassName:
+ nullable: true
+ type: string
+ readinessGates:
+ items:
+ properties:
+ conditionType:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ restartPolicy:
+ nullable: true
+ type: string
+ runtimeClassName:
+ nullable: true
+ type: string
+ schedulerName:
+ nullable: true
+ type: string
+ securityContext:
+ nullable: true
+ properties:
+ fsGroup:
+ nullable: true
+ type: integer
+ fsGroupChangePolicy:
+ nullable: true
+ type: string
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ supplementalGroups:
+ items:
+ type: integer
+ nullable: true
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ nullable: true
+ type: string
+ serviceAccountName:
+ nullable: true
+ type: string
+ setHostnameAsFQDN:
+ nullable: true
+ type: boolean
+ shareProcessNamespace:
+ nullable: true
+ type: boolean
+ subdomain:
+ nullable: true
+ type: string
+ terminationGracePeriodSeconds:
+ nullable: true
+ type: integer
+ tolerations:
+ items:
+ properties:
+ effect:
+ nullable: true
+ type: string
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ tolerationSeconds:
+ nullable: true
+ type: integer
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ topologySpreadConstraints:
+ items:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ maxSkew:
+ type: integer
+ topologyKey:
+ nullable: true
+ type: string
+ whenUnsatisfiable:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumes:
+ items:
+ properties:
+ awsElasticBlockStore:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ partition:
+ type: integer
+ readOnly:
+ type: boolean
+ volumeID:
+ nullable: true
+ type: string
+ type: object
+ azureDisk:
+ nullable: true
+ properties:
+ cachingMode:
+ nullable: true
+ type: string
+ diskName:
+ nullable: true
+ type: string
+ diskURI:
+ nullable: true
+ type: string
+ fsType:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ readOnly:
+ nullable: true
+ type: boolean
+ type: object
+ azureFile:
+ nullable: true
+ properties:
+ readOnly:
+ type: boolean
+ secretName:
+ nullable: true
+ type: string
+ shareName:
+ nullable: true
+ type: string
+ type: object
+ cephfs:
+ nullable: true
+ properties:
+ monitors:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretFile:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ user:
+ nullable: true
+ type: string
+ type: object
+ cinder:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ volumeID:
+ nullable: true
+ type: string
+ type: object
+ configMap:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ csi:
+ nullable: true
+ properties:
+ driver:
+ nullable: true
+ type: string
+ fsType:
+ nullable: true
+ type: string
+ nodePublishSecretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ readOnly:
+ nullable: true
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ downwardAPI:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ items:
+ items:
+ properties:
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ emptyDir:
+ nullable: true
+ properties:
+ medium:
+ nullable: true
+ type: string
+ sizeLimit:
+ nullable: true
+ type: string
+ type: object
+ ephemeral:
+ nullable: true
+ properties:
+ readOnly:
+ type: boolean
+ volumeClaimTemplate:
+ nullable: true
+ properties:
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ creationTimestamp:
+ nullable: true
+ type: string
+ deletionGracePeriodSeconds:
+ nullable: true
+ type: integer
+ deletionTimestamp:
+ nullable: true
+ type: string
+ finalizers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ generateName:
+ nullable: true
+ type: string
+ generation:
+ type: integer
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ managedFields:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldsType:
+ nullable: true
+ type: string
+ fieldsV1:
+ nullable: true
+ type: object
+ manager:
+ nullable: true
+ type: string
+ operation:
+ nullable: true
+ type: string
+ time:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ ownerReferences:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ blockOwnerDeletion:
+ nullable: true
+ type: boolean
+ controller:
+ nullable: true
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ resourceVersion:
+ nullable: true
+ type: string
+ selfLink:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ spec:
+ properties:
+ accessModes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ dataSource:
+ nullable: true
+ properties:
+ apiGroup:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ selector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ storageClassName:
+ nullable: true
+ type: string
+ volumeMode:
+ nullable: true
+ type: string
+ volumeName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ fc:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ lun:
+ nullable: true
+ type: integer
+ readOnly:
+ type: boolean
+ targetWWNs:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ wwids:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ flexVolume:
+ nullable: true
+ properties:
+ driver:
+ nullable: true
+ type: string
+ fsType:
+ nullable: true
+ type: string
+ options:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ flocker:
+ nullable: true
+ properties:
+ datasetName:
+ nullable: true
+ type: string
+ datasetUUID:
+ nullable: true
+ type: string
+ type: object
+ gcePersistentDisk:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ partition:
+ type: integer
+ pdName:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ type: object
+ gitRepo:
+ nullable: true
+ properties:
+ directory:
+ nullable: true
+ type: string
+ repository:
+ nullable: true
+ type: string
+ revision:
+ nullable: true
+ type: string
+ type: object
+ glusterfs:
+ nullable: true
+ properties:
+ endpoints:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ type: object
+ hostPath:
+ nullable: true
+ properties:
+ path:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ iscsi:
+ nullable: true
+ properties:
+ chapAuthDiscovery:
+ type: boolean
+ chapAuthSession:
+ type: boolean
+ fsType:
+ nullable: true
+ type: string
+ initiatorName:
+ nullable: true
+ type: string
+ iqn:
+ nullable: true
+ type: string
+ iscsiInterface:
+ nullable: true
+ type: string
+ lun:
+ type: integer
+ portals:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ targetPortal:
+ nullable: true
+ type: string
+ type: object
+ name:
+ nullable: true
+ type: string
+ nfs:
+ nullable: true
+ properties:
+ path:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ server:
+ nullable: true
+ type: string
+ type: object
+ persistentVolumeClaim:
+ nullable: true
+ properties:
+ claimName:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ type: object
+ photonPersistentDisk:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ pdID:
+ nullable: true
+ type: string
+ type: object
+ portworxVolume:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ volumeID:
+ nullable: true
+ type: string
+ type: object
+ projected:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ sources:
+ items:
+ properties:
+ configMap:
+ nullable: true
+ properties:
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ downwardAPI:
+ nullable: true
+ properties:
+ items:
+ items:
+ properties:
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ secret:
+ nullable: true
+ properties:
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ serviceAccountToken:
+ nullable: true
+ properties:
+ audience:
+ nullable: true
+ type: string
+ expirationSeconds:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ quobyte:
+ nullable: true
+ properties:
+ group:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ registry:
+ nullable: true
+ type: string
+ tenant:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ volume:
+ nullable: true
+ type: string
+ type: object
+ rbd:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ image:
+ nullable: true
+ type: string
+ keyring:
+ nullable: true
+ type: string
+ monitors:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ pool:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ user:
+ nullable: true
+ type: string
+ type: object
+ scaleIO:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ gateway:
+ nullable: true
+ type: string
+ protectionDomain:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ sslEnabled:
+ type: boolean
+ storageMode:
+ nullable: true
+ type: string
+ storagePool:
+ nullable: true
+ type: string
+ system:
+ nullable: true
+ type: string
+ volumeName:
+ nullable: true
+ type: string
+ type: object
+ secret:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ optional:
+ nullable: true
+ type: boolean
+ secretName:
+ nullable: true
+ type: string
+ type: object
+ storageos:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ volumeName:
+ nullable: true
+ type: string
+ volumeNamespace:
+ nullable: true
+ type: string
+ type: object
+ vsphereVolume:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ storagePolicyID:
+ nullable: true
+ type: string
+ storagePolicyName:
+ nullable: true
+ type: string
+ volumePath:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ type: object
+ ttlSecondsAfterFinished:
+ nullable: true
+ type: integer
+ type: object
+ syncInterval:
+ type: integer
+ type: object
+ status:
+ properties:
+ commit:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ event:
+ nullable: true
+ type: string
+ hookId:
+ nullable: true
+ type: string
+ jobStatus:
+ nullable: true
+ type: string
+ lastExecutedCommit:
+ nullable: true
+ type: string
+ lastSyncedTime:
+ nullable: true
+ type: string
+ observedGeneration:
+ type: integer
+ secretToken:
+ nullable: true
+ type: string
+ updateGeneration:
+ type: integer
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+{{- else -}}
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: gitjobs.gitjob.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .spec.git.repo
+ name: REPO
+ type: string
+ - JSONPath: .spec.git.branch
+ name: BRANCH
+ type: string
+ - JSONPath: .status.commit
+ name: COMMIT
+ type: string
+ - JSONPath: .status.jobStatus
+ name: JOBSTATUS
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ group: gitjob.cattle.io
+ names:
+ kind: GitJob
+ plural: gitjobs
+ singular: gitjob
+ preserveUnknownFields: false
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ forceUpdateGeneration:
+ type: integer
+ git:
+ properties:
+ branch:
+ nullable: true
+ type: string
+ caBundle:
+ nullable: true
+ type: string
+ clientSecretName:
+ nullable: true
+ type: string
+ insecureSkipTLSVerify:
+ type: boolean
+ provider:
+ nullable: true
+ type: string
+ repo:
+ nullable: true
+ type: string
+ revision:
+ nullable: true
+ type: string
+ type: object
+ jobSpec:
+ properties:
+ activeDeadlineSeconds:
+ nullable: true
+ type: integer
+ backoffLimit:
+ nullable: true
+ type: integer
+ completions:
+ nullable: true
+ type: integer
+ manualSelector:
+ nullable: true
+ type: boolean
+ parallelism:
+ nullable: true
+ type: integer
+ selector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ template:
+ properties:
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ creationTimestamp:
+ nullable: true
+ type: string
+ deletionGracePeriodSeconds:
+ nullable: true
+ type: integer
+ deletionTimestamp:
+ nullable: true
+ type: string
+ finalizers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ generateName:
+ nullable: true
+ type: string
+ generation:
+ type: integer
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ managedFields:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldsType:
+ nullable: true
+ type: string
+ fieldsV1:
+ nullable: true
+ type: object
+ manager:
+ nullable: true
+ type: string
+ operation:
+ nullable: true
+ type: string
+ time:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ ownerReferences:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ blockOwnerDeletion:
+ nullable: true
+ type: boolean
+ controller:
+ nullable: true
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ resourceVersion:
+ nullable: true
+ type: string
+ selfLink:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ spec:
+ properties:
+ activeDeadlineSeconds:
+ nullable: true
+ type: integer
+ affinity:
+ nullable: true
+ properties:
+ nodeAffinity:
+ nullable: true
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ preference:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ weight:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ nullable: true
+ properties:
+ nodeSelectorTerms:
+ items:
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchFields:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ type: object
+ type: object
+ podAffinity:
+ nullable: true
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ weight:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ podAntiAffinity:
+ nullable: true
+ properties:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ podAffinityTerm:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ weight:
+ type: integer
+ type: object
+ nullable: true
+ type: array
+ requiredDuringSchedulingIgnoredDuringExecution:
+ items:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaces:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ topologyKey:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ type: object
+ automountServiceAccountToken:
+ nullable: true
+ type: boolean
+ containers:
+ items:
+ properties:
+ args:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ prefix:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ nullable: true
+ type: array
+ image:
+ nullable: true
+ type: string
+ imagePullPolicy:
+ nullable: true
+ type: string
+ lifecycle:
+ nullable: true
+ properties:
+ postStart:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ preStop:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ name:
+ nullable: true
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ type: integer
+ hostIP:
+ nullable: true
+ type: string
+ hostPort:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ protocol:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ readinessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ securityContext:
+ nullable: true
+ properties:
+ allowPrivilegeEscalation:
+ nullable: true
+ type: boolean
+ capabilities:
+ nullable: true
+ properties:
+ add:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ drop:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ privileged:
+ nullable: true
+ type: boolean
+ procMount:
+ nullable: true
+ type: string
+ readOnlyRootFilesystem:
+ nullable: true
+ type: boolean
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ terminationMessagePath:
+ nullable: true
+ type: string
+ terminationMessagePolicy:
+ nullable: true
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ nullable: true
+ type: string
+ mountPropagation:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ nullable: true
+ type: string
+ subPathExpr:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ workingDir:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ dnsConfig:
+ nullable: true
+ properties:
+ nameservers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ options:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ searches:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ dnsPolicy:
+ nullable: true
+ type: string
+ enableServiceLinks:
+ nullable: true
+ type: boolean
+ ephemeralContainers:
+ items:
+ properties:
+ args:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ prefix:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ nullable: true
+ type: array
+ image:
+ nullable: true
+ type: string
+ imagePullPolicy:
+ nullable: true
+ type: string
+ lifecycle:
+ nullable: true
+ properties:
+ postStart:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ preStop:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ name:
+ nullable: true
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ type: integer
+ hostIP:
+ nullable: true
+ type: string
+ hostPort:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ protocol:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ readinessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ securityContext:
+ nullable: true
+ properties:
+ allowPrivilegeEscalation:
+ nullable: true
+ type: boolean
+ capabilities:
+ nullable: true
+ properties:
+ add:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ drop:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ privileged:
+ nullable: true
+ type: boolean
+ procMount:
+ nullable: true
+ type: string
+ readOnlyRootFilesystem:
+ nullable: true
+ type: boolean
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ targetContainerName:
+ nullable: true
+ type: string
+ terminationMessagePath:
+ nullable: true
+ type: string
+ terminationMessagePolicy:
+ nullable: true
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ nullable: true
+ type: string
+ mountPropagation:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ nullable: true
+ type: string
+ subPathExpr:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ workingDir:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ hostAliases:
+ items:
+ properties:
+ hostnames:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ ip:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ hostIPC:
+ type: boolean
+ hostNetwork:
+ type: boolean
+ hostPID:
+ type: boolean
+ hostname:
+ nullable: true
+ type: string
+ imagePullSecrets:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ initContainers:
+ items:
+ properties:
+ args:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ env:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ valueFrom:
+ nullable: true
+ properties:
+ configMapKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ secretKeyRef:
+ nullable: true
+ properties:
+ key:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ type: object
+ nullable: true
+ type: array
+ envFrom:
+ items:
+ properties:
+ configMapRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ prefix:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ nullable: true
+ type: array
+ image:
+ nullable: true
+ type: string
+ imagePullPolicy:
+ nullable: true
+ type: string
+ lifecycle:
+ nullable: true
+ properties:
+ postStart:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ preStop:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ livenessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ name:
+ nullable: true
+ type: string
+ ports:
+ items:
+ properties:
+ containerPort:
+ type: integer
+ hostIP:
+ nullable: true
+ type: string
+ hostPort:
+ type: integer
+ name:
+ nullable: true
+ type: string
+ protocol:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ readinessProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ securityContext:
+ nullable: true
+ properties:
+ allowPrivilegeEscalation:
+ nullable: true
+ type: boolean
+ capabilities:
+ nullable: true
+ properties:
+ add:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ drop:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ privileged:
+ nullable: true
+ type: boolean
+ procMount:
+ nullable: true
+ type: string
+ readOnlyRootFilesystem:
+ nullable: true
+ type: boolean
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ startupProbe:
+ nullable: true
+ properties:
+ exec:
+ nullable: true
+ properties:
+ command:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ failureThreshold:
+ type: integer
+ httpGet:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ httpHeaders:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ scheme:
+ nullable: true
+ type: string
+ type: object
+ initialDelaySeconds:
+ type: integer
+ periodSeconds:
+ type: integer
+ successThreshold:
+ type: integer
+ tcpSocket:
+ nullable: true
+ properties:
+ host:
+ nullable: true
+ type: string
+ port:
+ nullable: true
+ type: string
+ type: object
+ timeoutSeconds:
+ type: integer
+ type: object
+ stdin:
+ type: boolean
+ stdinOnce:
+ type: boolean
+ terminationMessagePath:
+ nullable: true
+ type: string
+ terminationMessagePolicy:
+ nullable: true
+ type: string
+ tty:
+ type: boolean
+ volumeDevices:
+ items:
+ properties:
+ devicePath:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumeMounts:
+ items:
+ properties:
+ mountPath:
+ nullable: true
+ type: string
+ mountPropagation:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ subPath:
+ nullable: true
+ type: string
+ subPathExpr:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ workingDir:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ nodeName:
+ nullable: true
+ type: string
+ nodeSelector:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ overhead:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ preemptionPolicy:
+ nullable: true
+ type: string
+ priority:
+ nullable: true
+ type: integer
+ priorityClassName:
+ nullable: true
+ type: string
+ readinessGates:
+ items:
+ properties:
+ conditionType:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ restartPolicy:
+ nullable: true
+ type: string
+ runtimeClassName:
+ nullable: true
+ type: string
+ schedulerName:
+ nullable: true
+ type: string
+ securityContext:
+ nullable: true
+ properties:
+ fsGroup:
+ nullable: true
+ type: integer
+ fsGroupChangePolicy:
+ nullable: true
+ type: string
+ runAsGroup:
+ nullable: true
+ type: integer
+ runAsNonRoot:
+ nullable: true
+ type: boolean
+ runAsUser:
+ nullable: true
+ type: integer
+ seLinuxOptions:
+ nullable: true
+ properties:
+ level:
+ nullable: true
+ type: string
+ role:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ type: object
+ seccompProfile:
+ nullable: true
+ properties:
+ localhostProfile:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ supplementalGroups:
+ items:
+ type: integer
+ nullable: true
+ type: array
+ sysctls:
+ items:
+ properties:
+ name:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ windowsOptions:
+ nullable: true
+ properties:
+ gmsaCredentialSpec:
+ nullable: true
+ type: string
+ gmsaCredentialSpecName:
+ nullable: true
+ type: string
+ runAsUserName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ serviceAccount:
+ nullable: true
+ type: string
+ serviceAccountName:
+ nullable: true
+ type: string
+ setHostnameAsFQDN:
+ nullable: true
+ type: boolean
+ shareProcessNamespace:
+ nullable: true
+ type: boolean
+ subdomain:
+ nullable: true
+ type: string
+ terminationGracePeriodSeconds:
+ nullable: true
+ type: integer
+ tolerations:
+ items:
+ properties:
+ effect:
+ nullable: true
+ type: string
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ tolerationSeconds:
+ nullable: true
+ type: integer
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ topologySpreadConstraints:
+ items:
+ properties:
+ labelSelector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ maxSkew:
+ type: integer
+ topologyKey:
+ nullable: true
+ type: string
+ whenUnsatisfiable:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ volumes:
+ items:
+ properties:
+ awsElasticBlockStore:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ partition:
+ type: integer
+ readOnly:
+ type: boolean
+ volumeID:
+ nullable: true
+ type: string
+ type: object
+ azureDisk:
+ nullable: true
+ properties:
+ cachingMode:
+ nullable: true
+ type: string
+ diskName:
+ nullable: true
+ type: string
+ diskURI:
+ nullable: true
+ type: string
+ fsType:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ readOnly:
+ nullable: true
+ type: boolean
+ type: object
+ azureFile:
+ nullable: true
+ properties:
+ readOnly:
+ type: boolean
+ secretName:
+ nullable: true
+ type: string
+ shareName:
+ nullable: true
+ type: string
+ type: object
+ cephfs:
+ nullable: true
+ properties:
+ monitors:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ path:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretFile:
+ nullable: true
+ type: string
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ user:
+ nullable: true
+ type: string
+ type: object
+ cinder:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ volumeID:
+ nullable: true
+ type: string
+ type: object
+ configMap:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ csi:
+ nullable: true
+ properties:
+ driver:
+ nullable: true
+ type: string
+ fsType:
+ nullable: true
+ type: string
+ nodePublishSecretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ readOnly:
+ nullable: true
+ type: boolean
+ volumeAttributes:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ downwardAPI:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ items:
+ items:
+ properties:
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ emptyDir:
+ nullable: true
+ properties:
+ medium:
+ nullable: true
+ type: string
+ sizeLimit:
+ nullable: true
+ type: string
+ type: object
+ ephemeral:
+ nullable: true
+ properties:
+ readOnly:
+ type: boolean
+ volumeClaimTemplate:
+ nullable: true
+ properties:
+ metadata:
+ properties:
+ annotations:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ clusterName:
+ nullable: true
+ type: string
+ creationTimestamp:
+ nullable: true
+ type: string
+ deletionGracePeriodSeconds:
+ nullable: true
+ type: integer
+ deletionTimestamp:
+ nullable: true
+ type: string
+ finalizers:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ generateName:
+ nullable: true
+ type: string
+ generation:
+ type: integer
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ managedFields:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldsType:
+ nullable: true
+ type: string
+ fieldsV1:
+ nullable: true
+ type: object
+ manager:
+ nullable: true
+ type: string
+ operation:
+ nullable: true
+ type: string
+ time:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ namespace:
+ nullable: true
+ type: string
+ ownerReferences:
+ items:
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ blockOwnerDeletion:
+ nullable: true
+ type: boolean
+ controller:
+ nullable: true
+ type: boolean
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ resourceVersion:
+ nullable: true
+ type: string
+ selfLink:
+ nullable: true
+ type: string
+ uid:
+ nullable: true
+ type: string
+ type: object
+ spec:
+ properties:
+ accessModes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ dataSource:
+ nullable: true
+ properties:
+ apiGroup:
+ nullable: true
+ type: string
+ kind:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ type: object
+ resources:
+ properties:
+ limits:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ requests:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ selector:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ operator:
+ nullable: true
+ type: string
+ values:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ storageClassName:
+ nullable: true
+ type: string
+ volumeMode:
+ nullable: true
+ type: string
+ volumeName:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ type: object
+ fc:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ lun:
+ nullable: true
+ type: integer
+ readOnly:
+ type: boolean
+ targetWWNs:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ wwids:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ flexVolume:
+ nullable: true
+ properties:
+ driver:
+ nullable: true
+ type: string
+ fsType:
+ nullable: true
+ type: string
+ options:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ flocker:
+ nullable: true
+ properties:
+ datasetName:
+ nullable: true
+ type: string
+ datasetUUID:
+ nullable: true
+ type: string
+ type: object
+ gcePersistentDisk:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ partition:
+ type: integer
+ pdName:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ type: object
+ gitRepo:
+ nullable: true
+ properties:
+ directory:
+ nullable: true
+ type: string
+ repository:
+ nullable: true
+ type: string
+ revision:
+ nullable: true
+ type: string
+ type: object
+ glusterfs:
+ nullable: true
+ properties:
+ endpoints:
+ nullable: true
+ type: string
+ path:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ type: object
+ hostPath:
+ nullable: true
+ properties:
+ path:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ iscsi:
+ nullable: true
+ properties:
+ chapAuthDiscovery:
+ type: boolean
+ chapAuthSession:
+ type: boolean
+ fsType:
+ nullable: true
+ type: string
+ initiatorName:
+ nullable: true
+ type: string
+ iqn:
+ nullable: true
+ type: string
+ iscsiInterface:
+ nullable: true
+ type: string
+ lun:
+ type: integer
+ portals:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ targetPortal:
+ nullable: true
+ type: string
+ type: object
+ name:
+ nullable: true
+ type: string
+ nfs:
+ nullable: true
+ properties:
+ path:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ server:
+ nullable: true
+ type: string
+ type: object
+ persistentVolumeClaim:
+ nullable: true
+ properties:
+ claimName:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ type: object
+ photonPersistentDisk:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ pdID:
+ nullable: true
+ type: string
+ type: object
+ portworxVolume:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ volumeID:
+ nullable: true
+ type: string
+ type: object
+ projected:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ sources:
+ items:
+ properties:
+ configMap:
+ nullable: true
+ properties:
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ downwardAPI:
+ nullable: true
+ properties:
+ items:
+ items:
+ properties:
+ fieldRef:
+ nullable: true
+ properties:
+ apiVersion:
+ nullable: true
+ type: string
+ fieldPath:
+ nullable: true
+ type: string
+ type: object
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ resourceFieldRef:
+ nullable: true
+ properties:
+ containerName:
+ nullable: true
+ type: string
+ divisor:
+ nullable: true
+ type: string
+ resource:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ secret:
+ nullable: true
+ properties:
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ name:
+ nullable: true
+ type: string
+ optional:
+ nullable: true
+ type: boolean
+ type: object
+ serviceAccountToken:
+ nullable: true
+ properties:
+ audience:
+ nullable: true
+ type: string
+ expirationSeconds:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ quobyte:
+ nullable: true
+ properties:
+ group:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ registry:
+ nullable: true
+ type: string
+ tenant:
+ nullable: true
+ type: string
+ user:
+ nullable: true
+ type: string
+ volume:
+ nullable: true
+ type: string
+ type: object
+ rbd:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ image:
+ nullable: true
+ type: string
+ keyring:
+ nullable: true
+ type: string
+ monitors:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ pool:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ user:
+ nullable: true
+ type: string
+ type: object
+ scaleIO:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ gateway:
+ nullable: true
+ type: string
+ protectionDomain:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ sslEnabled:
+ type: boolean
+ storageMode:
+ nullable: true
+ type: string
+ storagePool:
+ nullable: true
+ type: string
+ system:
+ nullable: true
+ type: string
+ volumeName:
+ nullable: true
+ type: string
+ type: object
+ secret:
+ nullable: true
+ properties:
+ defaultMode:
+ nullable: true
+ type: integer
+ items:
+ items:
+ properties:
+ key:
+ nullable: true
+ type: string
+ mode:
+ nullable: true
+ type: integer
+ path:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ optional:
+ nullable: true
+ type: boolean
+ secretName:
+ nullable: true
+ type: string
+ type: object
+ storageos:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ readOnly:
+ type: boolean
+ secretRef:
+ nullable: true
+ properties:
+ name:
+ nullable: true
+ type: string
+ type: object
+ volumeName:
+ nullable: true
+ type: string
+ volumeNamespace:
+ nullable: true
+ type: string
+ type: object
+ vsphereVolume:
+ nullable: true
+ properties:
+ fsType:
+ nullable: true
+ type: string
+ storagePolicyID:
+ nullable: true
+ type: string
+ storagePolicyName:
+ nullable: true
+ type: string
+ volumePath:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ nullable: true
+ type: array
+ type: object
+ type: object
+ ttlSecondsAfterFinished:
+ nullable: true
+ type: integer
+ type: object
+ syncInterval:
+ type: integer
+ type: object
+ status:
+ properties:
+ commit:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ event:
+ nullable: true
+ type: string
+ hookId:
+ nullable: true
+ type: string
+ jobStatus:
+ nullable: true
+ type: string
+ lastExecutedCommit:
+ nullable: true
+ type: string
+ lastSyncedTime:
+ nullable: true
+ type: string
+ observedGeneration:
+ type: integer
+ secretToken:
+ nullable: true
+ type: string
+ updateGeneration:
+ type: integer
+ type: object
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
+{{- end -}}
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml
new file mode 100644
index 000000000..f830ac69b
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/Chart.yaml
@@ -0,0 +1,19 @@
+annotations:
+ catalog.cattle.io/auto-install: fleet-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/experimental: "true"
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-fleet-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+ catalog.cattle.io/release-name: fleet
+apiVersion: v2
+appVersion: 0.3.6
+dependencies:
+- condition: gitops.enabled
+ name: gitjob
+ repository: file://./charts/gitjob
+description: Fleet Manager - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet
+version: 100.0.0+up0.3.6
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/.helmignore b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/.helmignore
new file mode 100644
index 000000000..691fa13d6
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/Chart.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/Chart.yaml
new file mode 100644
index 000000000..cf9151510
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: v0.1.21
+description: Controller that run jobs based on git events
+name: gitjob
+version: v0.1.21
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/_helpers.tpl b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/_helpers.tpl
new file mode 100644
index 000000000..f652b5643
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrole.yaml
new file mode 100644
index 000000000..bcad90164
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrole.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: gitjob
+rules:
+ - apiGroups:
+ - "batch"
+ resources:
+ - 'jobs'
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - 'pods'
+ verbs:
+ - 'list'
+ - 'get'
+ - 'watch'
+ - apiGroups:
+ - ""
+ resources:
+ - 'secrets'
+ verbs:
+ - '*'
+ - apiGroups:
+ - ""
+ resources:
+ - 'configmaps'
+ verbs:
+ - '*'
+ - apiGroups:
+ - "gitjob.cattle.io"
+ resources:
+ - "gitjobs"
+ - "gitjobs/status"
+ verbs:
+ - "*"
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..0bf07c4ef
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/clusterrolebinding.yaml
@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: gitjob-binding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: gitjob
+subjects:
+ - kind: ServiceAccount
+ name: gitjob
+ namespace: {{ .Release.Namespace }}
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/deployment.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/deployment.yaml
new file mode 100644
index 000000000..a12a30d92
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/deployment.yaml
@@ -0,0 +1,42 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gitjob
+spec:
+ selector:
+ matchLabels:
+ app: "gitjob"
+ template:
+ metadata:
+ labels:
+ app: "gitjob"
+ spec:
+ serviceAccountName: gitjob
+ containers:
+ - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+ name: gitjob
+ command:
+ - gitjob
+ - --tekton-image
+ - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}"
+ env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.proxy }}
+ - name: HTTP_PROXY
+ value: {{ .Values.proxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.proxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/service.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/service.yaml
new file mode 100644
index 000000000..bf57c1b55
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: gitjob
+spec:
+ ports:
+ - name: http-80
+ port: 80
+ protocol: TCP
+ targetPort: 8080
+ selector:
+ app: "gitjob"
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/serviceaccount.yaml
new file mode 100644
index 000000000..5f8aecb04
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/templates/serviceaccount.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: gitjob
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/values.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/values.yaml
new file mode 100644
index 000000000..0cb5b31a6
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/charts/gitjob/values.yaml
@@ -0,0 +1,26 @@
+gitjob:
+ repository: rancher/gitjob
+ tag: v0.1.21
+
+tekton:
+ repository: rancher/tekton-utils
+ tag: v0.1.2
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+# http[s] proxy server
+# proxy: http://@::
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+nodeSelector:
+ kubernetes.io/os: linux
+
+tolerations:
+ - key: cattle.io/os
+ operator: "Equal"
+ value: "linux"
+ effect: NoSchedule
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/_helpers.tpl b/charts/fleet/fleet/100.0.0+up0.3.6/templates/_helpers.tpl
new file mode 100644
index 000000000..f652b5643
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/configmap.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/configmap.yaml
new file mode 100644
index 000000000..c546c4b97
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/configmap.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: fleet-controller
+data:
+ config: |
+ {
+ "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
+ "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
+ "apiServerURL": "{{.Values.apiServerURL}}",
+ "apiServerCA": "{{b64enc .Values.apiServerCA}}",
+ "agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
+ "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
+ "bootstrap": {
+ "paths": "{{.Values.bootstrap.paths}}",
+ "repo": "{{.Values.bootstrap.repo}}",
+ "secret": "{{.Values.bootstrap.secret}}",
+ "branch": "{{.Values.bootstrap.branch}}",
+ "namespace": "{{.Values.bootstrap.namespace}}",
+ },
+ "webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
+ "githubURLPrefix": "{{.Values.githubURLPrefix}}"
+ }
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/deployment.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/deployment.yaml
new file mode 100644
index 000000000..c22a23739
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/deployment.yaml
@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: fleet-controller
+spec:
+ selector:
+ matchLabels:
+ app: fleet-controller
+ template:
+ metadata:
+ labels:
+ app: fleet-controller
+ spec:
+ containers:
+ - env:
+ - name: NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ {{- if .Values.proxy }}
+ - name: HTTP_PROXY
+ value: {{ .Values.proxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.proxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+ {{- end }}
+ image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+ name: fleet-controller
+ imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+ command:
+ - fleetcontroller
+ {{- if not .Values.gitops.enabled }}
+ - --disable-gitops
+ {{- end }}
+ serviceAccountName: fleet-controller
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/rbac.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/rbac.yaml
new file mode 100644
index 000000000..59df51b1f
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/rbac.yaml
@@ -0,0 +1,106 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: fleet-controller
+rules:
+- apiGroups:
+ - gitjob.cattle.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - fleet.cattle.io
+ resources:
+ - '*'
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - serviceaccounts
+ verbs:
+ - '*'
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ - configmaps
+ verbs:
+ - '*'
+- apiGroups:
+ - rbac.authorization.k8s.io
+ resources:
+ - clusterroles
+ - clusterrolebindings
+ - roles
+ - rolebindings
+ verbs:
+ - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: fleet-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: fleet-controller
+subjects:
+- kind: ServiceAccount
+ name: fleet-controller
+ namespace: {{.Release.Namespace}}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: fleet-controller
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: fleet-controller
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: fleet-controller
+subjects:
+- kind: ServiceAccount
+ name: fleet-controller
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: fleet-controller-bootstrap
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+ name: fleet-controller-bootstrap
+ namespace: {{.Release.Namespace}}
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/templates/serviceaccount.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/templates/serviceaccount.yaml
new file mode 100644
index 000000000..bd99d9958
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/templates/serviceaccount.yaml
@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: fleet-controller
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: fleet-controller-bootstrap
diff --git a/charts/fleet/fleet/100.0.0+up0.3.6/values.yaml b/charts/fleet/fleet/100.0.0+up0.3.6/values.yaml
new file mode 100644
index 000000000..3132f673f
--- /dev/null
+++ b/charts/fleet/fleet/100.0.0+up0.3.6/values.yaml
@@ -0,0 +1,56 @@
+image:
+ repository: rancher/fleet
+ tag: v0.3.6
+ imagePullPolicy: IfNotPresent
+
+agentImage:
+ repository: rancher/fleet-agent
+ tag: v0.3.6
+ imagePullPolicy: IfNotPresent
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# A duration string for how often agents should report a heartbeat
+agentCheckinInterval: "15m"
+
+# Whether you want to allow cluster upon registration to specify their labels.
+ignoreClusterRegistrationLabels: false
+
+# http[s] proxy server
+# proxy: http://@::
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+bootstrap:
+ # The namespace that will be autocreated and the local cluster will be registered in
+ namespace: fleet-local
+ # A repo to add at install time that will deploy to the local cluster. This allows
+ # one to fully bootstrap fleet, it's configuration and all it's downstream clusters
+ # in one shot.
+ repo: ""
+ secret: ""
+ branch: master
+ paths: ""
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+nodeSelector:
+ kubernetes.io/os: linux
+
+tolerations:
+ - key: cattle.io/os
+ operator: "Equal"
+ value: "linux"
+ effect: NoSchedule
+
+gitops:
+ enabled: true
\ No newline at end of file
diff --git a/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/Chart.yaml b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/Chart.yaml
new file mode 100644
index 000000000..f2baeee0b
--- /dev/null
+++ b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: longhorn-system
+ catalog.cattle.io/release-name: longhorn-crd
+apiVersion: v1
+description: Installs the CRDs for longhorn.
+name: longhorn-crd
+type: application
+version: 100.0.0+up1.1.2
diff --git a/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/README.md b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/README.md
new file mode 100644
index 000000000..d9f7f14b3
--- /dev/null
+++ b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/README.md
@@ -0,0 +1,2 @@
+# longhorn-crd
+A Rancher chart that installs the CRDs used by longhorn.
diff --git a/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml
new file mode 100644
index 000000000..f352ce370
--- /dev/null
+++ b/charts/longhorn/longhorn-crd/100.0.0+up1.1.2/templates/crds.yaml
@@ -0,0 +1,524 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: Engine
+ name: engines.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Engine
+ listKind: EngineList
+ plural: engines
+ shortNames:
+ - lhe
+ singular: engine
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: State
+ type: string
+ description: The current state of the engine
+ jsonPath: .status.currentState
+ - name: Node
+ type: string
+ description: The node that the engine is on
+ jsonPath: .spec.nodeID
+ - name: InstanceManager
+ type: string
+ description: The instance manager of the engine
+ jsonPath: .status.instanceManagerName
+ - name: Image
+ type: string
+ description: The current image of the engine
+ jsonPath: .status.currentImage
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: Replica
+ name: replicas.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Replica
+ listKind: ReplicaList
+ plural: replicas
+ shortNames:
+ - lhr
+ singular: replica
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: State
+ type: string
+ description: The current state of the replica
+ jsonPath: .status.currentState
+ - name: Node
+ type: string
+ description: The node that the replica is on
+ jsonPath: .spec.nodeID
+ - name: Disk
+ type: string
+ description: The disk that the replica is on
+ jsonPath: .spec.diskID
+ - name: InstanceManager
+ type: string
+ description: The instance manager of the replica
+ jsonPath: .status.instanceManagerName
+ - name: Image
+ type: string
+ description: The current image of the replica
+ jsonPath: .status.currentImage
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: Setting
+ name: settings.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Setting
+ listKind: SettingList
+ plural: settings
+ shortNames:
+ - lhs
+ singular: setting
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ x-kubernetes-preserve-unknown-fields: true
+ additionalPrinterColumns:
+ - name: Value
+ type: string
+ description: The value of the setting
+ jsonPath: .value
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: Volume
+ name: volumes.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Volume
+ listKind: VolumeList
+ plural: volumes
+ shortNames:
+ - lhv
+ singular: volume
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: State
+ type: string
+ description: The state of the volume
+ jsonPath: .status.state
+ - name: Robustness
+ type: string
+ description: The robustness of the volume
+ jsonPath: .status.robustness
+ - name: Scheduled
+ type: string
+ description: The scheduled condition of the volume
+ jsonPath: .status.conditions['scheduled']['status']
+ - name: Size
+ type: string
+ description: The size of the volume
+ jsonPath: .spec.size
+ - name: Node
+ type: string
+ description: The node that the volume is currently attaching to
+ jsonPath: .status.currentNodeID
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: EngineImage
+ name: engineimages.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: EngineImage
+ listKind: EngineImageList
+ plural: engineimages
+ shortNames:
+ - lhei
+ singular: engineimage
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: State
+ type: string
+ description: State of the engine image
+ jsonPath: .status.state
+ - name: Image
+ type: string
+ description: The Longhorn engine image
+ jsonPath: .spec.image
+ - name: RefCount
+ type: integer
+ description: Number of volumes are using the engine image
+ jsonPath: .status.refCount
+ - name: BuildDate
+ type: date
+ description: The build date of the engine image
+ jsonPath: .status.buildDate
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: Node
+ name: nodes.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: Node
+ listKind: NodeList
+ plural: nodes
+ shortNames:
+ - lhn
+ singular: node
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: Ready
+ type: string
+ description: Indicate whether the node is ready
+ jsonPath: .status.conditions['Ready']['status']
+ - name: AllowScheduling
+ type: boolean
+ description: Indicate whether the user disabled/enabled replica scheduling for the node
+ jsonPath: .spec.allowScheduling
+ - name: Schedulable
+ type: string
+ description: Indicate whether Longhorn can schedule replicas on the node
+ jsonPath: .status.conditions['Schedulable']['status']
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: InstanceManager
+ name: instancemanagers.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: InstanceManager
+ listKind: InstanceManagerList
+ plural: instancemanagers
+ shortNames:
+ - lhim
+ singular: instancemanager
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: State
+ type: string
+ description: The state of the instance manager
+ jsonPath: .status.currentState
+ - name: Type
+ type: string
+ description: The type of the instance manager (engine or replica)
+ jsonPath: .spec.type
+ - name: Node
+ type: string
+ description: The node that the instance manager is running on
+ jsonPath: .spec.nodeID
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: ShareManager
+ name: sharemanagers.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: ShareManager
+ listKind: ShareManagerList
+ plural: sharemanagers
+ shortNames:
+ - lhsm
+ singular: sharemanager
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: State
+ type: string
+ description: The state of the share manager
+ jsonPath: .status.state
+ - name: Node
+ type: string
+ description: The node that the share manager is owned by
+ jsonPath: .status.ownerID
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: BackingImage
+ name: backingimages.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: BackingImage
+ listKind: BackingImageList
+ plural: backingimages
+ shortNames:
+ - lhbi
+ singular: backingimage
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: Image
+ type: string
+ description: The backing image name
+ jsonPath: .spec.image
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ labels:
+ app.kubernetes.io/name: longhorn
+ helm.sh/chart: longhorn-1.1.2
+ app.kubernetes.io/managed-by: Helm
+ app.kubernetes.io/instance: longhorn
+ app.kubernetes.io/version: v1.1.2
+ longhorn-manager: BackingImageManager
+ name: backingimagemanagers.longhorn.io
+spec:
+ group: longhorn.io
+ names:
+ kind: BackingImageManager
+ listKind: BackingImageManagerList
+ plural: backingimagemanagers
+ shortNames:
+ - lhbim
+ singular: backingimagemanager
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ served: true
+ storage: true
+ schema:
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ x-kubernetes-preserve-unknown-fields: true
+ status:
+ x-kubernetes-preserve-unknown-fields: true
+ subresources:
+ status: {}
+ additionalPrinterColumns:
+ - name: State
+ type: string
+ description: The current state of the manager
+ jsonPath: .status.currentState
+ - name: Image
+ type: string
+ description: The image the manager pod will use
+ jsonPath: .spec.image
+ - name: Node
+ type: string
+ description: The node the manager is on
+ jsonPath: .spec.nodeID
+ - name: DiskUUID
+ type: string
+ description: The disk the manager is responsible for
+ jsonPath: .spec.diskUUID
+ - name: DiskPath
+ type: string
+ description: The disk path the manager is using
+ jsonPath: .spec.diskPath
+ - name: Age
+ type: date
+ jsonPath: .metadata.creationTimestamp
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/.helmignore b/charts/longhorn/longhorn/100.0.0+up1.1.2/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/Chart.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/Chart.yaml
new file mode 100644
index 000000000..84f5e763c
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/Chart.yaml
@@ -0,0 +1,39 @@
+annotations:
+ catalog.cattle.io/auto-install: longhorn-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Longhorn
+ catalog.cattle.io/namespace: longhorn-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: longhorn.io/v1beta1
+ catalog.cattle.io/release-name: longhorn
+ catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/ui-component: longhorn
+apiVersion: v1
+appVersion: v1.1.2
+description: Longhorn is a distributed block storage system for Kubernetes.
+home: https://github.com/longhorn/longhorn
+icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png
+keywords:
+- longhorn
+- storage
+- distributed
+- block
+- device
+- iscsi
+- nfs
+kubeVersion: '>=v1.16.0-r0'
+maintainers:
+- email: maintainers@longhorn.io
+ name: Longhorn maintainers
+name: longhorn
+sources:
+- https://github.com/longhorn/longhorn
+- https://github.com/longhorn/longhorn-engine
+- https://github.com/longhorn/longhorn-instance-manager
+- https://github.com/longhorn/longhorn-share-manager
+- https://github.com/longhorn/backing-image-manager
+- https://github.com/longhorn/longhorn-manager
+- https://github.com/longhorn/longhorn-ui
+- https://github.com/longhorn/longhorn-tests
+- https://github.com/longhorn/backing-image-manager
+version: 100.0.0+up1.1.2
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/README.md b/charts/longhorn/longhorn/100.0.0+up1.1.2/README.md
new file mode 100644
index 000000000..765694619
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/README.md
@@ -0,0 +1,33 @@
+# Longhorn Chart
+
+> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only.
+
+> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+## Source Code
+
+Longhorn is 100% open source software. Project source code is spread across a number of repos:
+
+1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine
+2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager
+3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager
+4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager
+5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager
+6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui
+
+## Prerequisites
+
+1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.)
+2. Kubernetes v1.16+
+3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster.
+4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already.
+
+## Uninstallation
+
+To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc).
+
+From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab.
+
+
+---
+Please see [link](https://github.com/longhorn/longhorn) for more information.
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/app-readme.md b/charts/longhorn/longhorn/100.0.0+up1.1.2/app-readme.md
new file mode 100644
index 000000000..cb23135ca
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/app-readme.md
@@ -0,0 +1,11 @@
+# Longhorn
+
+Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn.
+
+Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups!
+
+**Important**: Please install Longhorn chart in `longhorn-system` namespace only.
+
+**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version.
+
+[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md)
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/questions.yml b/charts/longhorn/longhorn/100.0.0+up1.1.2/questions.yml
new file mode 100644
index 000000000..fd9326551
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/questions.yml
@@ -0,0 +1,532 @@
+categories:
+- storage
+namespace: longhorn-system
+questions:
+- variable: image.defaultImage
+ default: "true"
+ description: "Use default Longhorn images"
+ label: Use Default Images
+ type: boolean
+ show_subquestion_if: false
+ group: "Longhorn Images"
+ subquestions:
+ - variable: image.longhorn.manager.repository
+ default: rancher/mirrored-longhornio-longhorn-manager
+ description: "Specify Longhorn Manager Image Repository"
+ type: string
+ label: Longhorn Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.manager.tag
+ default: v1.1.2
+ description: "Specify Longhorn Manager Image Tag"
+ type: string
+ label: Longhorn Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.engine.repository
+ default: rancher/mirrored-longhornio-longhorn-engine
+ description: "Specify Longhorn Engine Image Repository"
+ type: string
+ label: Longhorn Engine Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.engine.tag
+ default: v1.1.2
+ description: "Specify Longhorn Engine Image Tag"
+ type: string
+ label: Longhorn Engine Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.ui.repository
+ default: rancher/mirrored-longhornio-longhorn-ui
+ description: "Specify Longhorn UI Image Repository"
+ type: string
+ label: Longhorn UI Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.ui.tag
+ default: v1.1.2
+ description: "Specify Longhorn UI Image Tag"
+ type: string
+ label: Longhorn UI Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.instanceManager.repository
+ default: rancher/mirrored-longhornio-longhorn-instance-manager
+ description: "Specify Longhorn Instance Manager Image Repository"
+ type: string
+ label: Longhorn Instance Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.instanceManager.tag
+ default: v1_20210621
+ description: "Specify Longhorn Instance Manager Image Tag"
+ type: string
+ label: Longhorn Instance Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.shareManager.repository
+ default: rancher/mirrored-longhornio-longhorn-share-manager
+ description: "Specify Longhorn Share Manager Image Repository"
+ type: string
+ label: Longhorn Share Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.shareManager.tag
+ default: v1_20210416
+ description: "Specify Longhorn Share Manager Image Tag"
+ type: string
+ label: Longhorn Share Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.backingImageManager.repository
+ default: rancher/mirrored-longhornio-backing-image-manager
+ description: "Specify Longhorn Backing Image Manager Image Repository"
+ type: string
+ label: Longhorn Backing Image Manager Image Repository
+ group: "Longhorn Images Settings"
+ - variable: image.longhorn.backingImageManager.tag
+ default: v1_20210422
+ description: "Specify Longhorn Backing Image Manager Image Tag"
+ type: string
+ label: Longhorn Backing Image Manager Image Tag
+ group: "Longhorn Images Settings"
+ - variable: image.csi.attacher.repository
+ default: rancher/mirrored-longhornio-csi-attacher
+ description: "Specify CSI attacher image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Attacher Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.attacher.tag
+ default: v2.2.1-lh2
+ description: "Specify CSI attacher image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Attacher Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.provisioner.repository
+ default: rancher/mirrored-longhornio-csi-provisioner
+ description: "Specify CSI provisioner image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Provisioner Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.provisioner.tag
+ default: v1.6.0-lh2
+ description: "Specify CSI provisioner image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Provisioner Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.nodeDriverRegistrar.repository
+ default: rancher/mirrored-longhornio-csi-node-driver-registrar
+ description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Node Driver Registrar Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.nodeDriverRegistrar.tag
+ default: v1.2.0-lh1
+ description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Node Driver Registrar Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.resizer.repository
+ default: rancher/mirrored-longhornio-csi-resizer
+ description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Resizer Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.resizer.tag
+ default: v0.5.1-lh2
+ description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Resizer Image Tag
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.snapshotter.repository
+ default: rancher/mirrored-longhornio-csi-snapshotter
+ description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Snapshotter Image Repository
+ group: "Longhorn CSI Driver Images"
+ - variable: image.csi.snapshotter.tag
+ default: v2.1.1-lh2
+ description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect."
+ type: string
+ label: Longhorn CSI Driver Snapshotter Image Tag
+ group: "Longhorn CSI Driver Images"
+- variable: privateRegistry.registryUrl
+ label: Private registry URL
+ description: "URL of private registry. Leave blank to apply system default registry."
+ group: "Private Registry Settings"
+ type: string
+ default: ""
+- variable: privateRegistry.registryUser
+ label: Private registry user
+ description: "User used to authenticate to private registry"
+ group: "Private Registry Settings"
+ type: string
+ default: ""
+- variable: privateRegistry.registryPasswd
+ label: Private registry password
+ description: "Password used to authenticate to private registry"
+ group: "Private Registry Settings"
+ type: password
+ default: ""
+- variable: privateRegistry.registrySecret
+ label: Private registry secret name
+ description: "Longhorn will automatically generate a Kubernetes secret with this name and use it to pull images from your private registry."
+ group: "Private Registry Settings"
+ type: string
+ default: ""
+- variable: longhorn.default_setting
+ default: "false"
+ description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn."
+ label: "Customize Default Settings"
+ type: boolean
+ show_subquestion_if: true
+ group: "Longhorn Default Settings"
+ subquestions:
+ - variable: csi.kubeletRootDir
+ default:
+ description: "Specify kubelet root-dir. Leave blank to autodetect."
+ type: string
+ label: Kubelet Root Directory
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.attacherReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Attacher. By default 3."
+ label: Longhorn CSI Attacher replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.provisionerReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Provisioner. By default 3."
+ label: Longhorn CSI Provisioner replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.resizerReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Resizer. By default 3."
+ label: Longhorn CSI Resizer replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: csi.snapshotterReplicaCount
+ type: int
+ default: 3
+ min: 1
+ max: 10
+ description: "Specify replica count of CSI Snapshotter. By default 3."
+ label: Longhorn CSI Snapshotter replica count
+ group: "Longhorn CSI Driver Settings"
+ - variable: defaultSettings.backupTarget
+ label: Backup Target
+ description: "The endpoint used to access the backupstore. NFS and S3 are supported."
+ group: "Longhorn Default Settings"
+ type: string
+ default:
+ - variable: defaultSettings.backupTargetCredentialSecret
+ label: Backup Target Credential Secret
+ description: "The name of the Kubernetes secret associated with the backup target."
+ group: "Longhorn Default Settings"
+ type: string
+ default:
+ - variable: defaultSettings.allowRecurringJobWhileVolumeDetached
+ label: Allow Recurring Job While Volume Is Detached
+ description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup.
+Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.createDefaultDiskLabeledNodes
+ label: Create Default Disk on Labeled Nodes
+ description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.defaultDataPath
+ label: Default Data Path
+ description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"'
+ group: "Longhorn Default Settings"
+ type: string
+ default: "/var/lib/longhorn/"
+ - variable: defaultSettings.defaultDataLocality
+ label: Default Data Locality
+ description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume.
+This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass
+The available modes are:
+- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload)
+- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.'
+ group: "Longhorn Default Settings"
+ type: enum
+ options:
+ - "disabled"
+ - "best-effort"
+ default: "disabled"
+ - variable: defaultSettings.replicaSoftAntiAffinity
+ label: Replica Node Level Soft Anti-Affinity
+ description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.storageOverProvisioningPercentage
+ label: Storage Over Provisioning Percentage
+ description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 200
+ - variable: defaultSettings.storageMinimalAvailablePercentage
+ label: Storage Minimal Available Percentage
+ description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ max: 100
+ default: 25
+ - variable: defaultSettings.upgradeChecker
+ label: Enable Upgrade Checker
+ description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.defaultReplicaCount
+ label: Default Replica Count
+ description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 1
+ max: 20
+ default: 3
+ - variable: defaultSettings.defaultLonghornStaticStorageClass
+ label: Default Longhorn Static StorageClass Name
+ description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'."
+ group: "Longhorn Default Settings"
+ type: string
+ default: "longhorn-static"
+ - variable: defaultSettings.backupstorePollInterval
+ label: Backupstore Poll Interval
+ description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 300
+ - variable: defaultSettings.autoSalvage
+ label: Automatic salvage
+ description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly
+ label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly
+ description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount.
+If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume.
+**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.'
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.disableSchedulingOnCordonedNode
+ label: Disable Scheduling On Cordoned Node
+ description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.replicaZoneSoftAntiAffinity
+ label: Replica Zone Level Soft Anti-Affinity
+ description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. By default true."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.nodeDownPodDeletionPolicy
+ label: Pod Deletion Policy When Node is Down
+ description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down.
+- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down.
+- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods.
+- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods."
+ group: "Longhorn Default Settings"
+ type: enum
+ options:
+ - "do-nothing"
+ - "delete-statefulset-pod"
+ - "delete-deployment-pod"
+ - "delete-both-statefulset-and-deployment-pod"
+ default: "do-nothing"
+ - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica
+ label: Allow Node Drain with the Last Healthy Replica
+ description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume.
+If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.mkfsExt4Parameters
+ label: Custom mkfs.ext4 parameters
+ description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`."
+ group: "Longhorn Default Settings"
+ type: string
+ - variable: defaultSettings.disableReplicaRebuild
+ label: Disable Replica Rebuild
+ description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.replicaReplenishmentWaitInterval
+ label: Replica Replenishment Wait Interval
+ description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume.
+Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 600
+ - variable: defaultSettings.disableRevisionCounter
+ label: Disable Revision Counter
+ description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the repica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "false"
+ - variable: defaultSettings.systemManagedPodsImagePullPolicy
+ label: System Managed Pod Image Pull Policy
+ description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart."
+ group: "Longhorn Default Settings"
+ type: enum
+ options:
+ - "if-not-present"
+ - "always"
+ - "never"
+ default: "if-not-present"
+ - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability
+ label: Allow Volume Creation with Degraded Availability
+ description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot
+ label: Automatically Cleanup System Generated Snapshot
+ description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done."
+ group: "Longhorn Default Settings"
+ type: boolean
+ default: "true"
+ - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit
+ label: Concurrent Automatic Engine Upgrade Per Node Limit
+ description: "This setting controls how Longhorn automatically upgrades volumes' engines to the new default engine image after upgrading Longhorn manager. The value of this setting specifies the maximum number of engines per node that are allowed to upgrade to the default engine image at the same time. If the value is 0, Longhorn will not automatically upgrade volumes' engines to default version."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 0
+ - variable: defaultSettings.backingImageCleanupWaitInterval
+ label: Backing Image Cleanup Wait Interval
+ description: "This interval in minutes determines how long Longhorn will wait before cleaning up the backing image file when there is no replica in the disk using it."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ default: 60
+ - variable: defaultSettings.guaranteedEngineManagerCPU
+ label: Guaranteed Engine Manager CPU
+ description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each engine manager Pod. For example, 10 means 10% of the total CPU on a node will be allocated to each engine manager pod on this node. This will help maintain engine stability during high node workload.
+ In order to prevent unexpected volume engine crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+ Guaranteed Engine Manager CPU = The estimated max Longhorn volume engine count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+ The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+ If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+ WARNING:
+ - Value 0 means unsetting CPU requests for engine manager pods.
+ - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Engine Manager CPU' should not be greater than 40.
+ - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+ - This global setting will be ignored for a node if the field \"EngineManagerCPURequest\" on the node is set.
+ - After this setting is changed, all engine manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ max: 40
+ default: 12
+ - variable: defaultSettings.guaranteedReplicaManagerCPU
+ label: Guaranteed Replica Manager CPU
+ description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each replica manager Pod. 10 means 10% of the total CPU on a node will be allocated to each replica manager pod on this node. This will help maintain replica stability during high node workload.
+ In order to prevent unexpected volume replica crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting:
+ Guaranteed Replica Manager CPU = The estimated max Longhorn volume replica count on a node * 0.1 / The total allocatable CPUs on the node * 100.
+ The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting.
+ If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes.
+ WARNING:
+ - Value 0 means unsetting CPU requests for replica manager pods.
+ - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Replica Manager CPU' should not be greater than 40.
+ - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then.
+ - This global setting will be ignored for a node if the field \"ReplicaManagerCPURequest\" on the node is set.
+ - After this setting is changed, all replica manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES."
+ group: "Longhorn Default Settings"
+ type: int
+ min: 0
+ max: 40
+ default: 12
+- variable: persistence.defaultClass
+ default: "true"
+ description: "Set as default StorageClass for Longhorn"
+ label: Default Storage Class
+ group: "Longhorn Storage Class Settings"
+ required: true
+ type: boolean
+- variable: persistence.reclaimPolicy
+ label: Storage Class Retain Policy
+ description: "Define reclaim policy (Retain or Delete)"
+ group: "Longhorn Storage Class Settings"
+ required: true
+ type: enum
+ options:
+ - "Delete"
+ - "Retain"
+ default: "Delete"
+- variable: persistence.defaultClassReplicaCount
+ description: "Set replica count for Longhorn StorageClass"
+ label: Default Storage Class Replica Count
+ group: "Longhorn Storage Class Settings"
+ type: int
+ min: 1
+ max: 10
+ default: 3
+- variable: persistence.recurringJobs.enable
+ description: "Enable recurring job for Longhorn StorageClass"
+ group: "Longhorn Storage Class Settings"
+ label: Enable Storage Class Recurring Job
+ type: boolean
+ default: false
+ show_subquestion_if: true
+ subquestions:
+ - variable: persistence.recurringJobs.jobList
+ description: 'Recurring job list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "task":"backup", "cron":"*/2 * * * *", "retain":1,"labels": {"interval":"2m"}}]'
+ label: Storage Class Recurring Job List
+ group: "Longhorn Storage Class Settings"
+ type: string
+ default:
+- variable: ingress.enabled
+ default: "false"
+ description: "Expose app using Layer 7 Load Balancer - ingress"
+ type: boolean
+ group: "Services and Load Balancing"
+ label: Expose app using Layer 7 Load Balancer
+ show_subquestion_if: true
+ subquestions:
+ - variable: ingress.host
+ default: "xip.io"
+ description: "layer 7 Load Balancer hostname"
+ type: hostname
+ required: true
+ label: Layer 7 Load Balancer Hostname
+- variable: service.ui.type
+ default: "Rancher-Proxy"
+ description: "Define Longhorn UI service type"
+ type: enum
+ options:
+ - "ClusterIP"
+ - "NodePort"
+ - "LoadBalancer"
+ - "Rancher-Proxy"
+ label: Longhorn UI Service
+ show_if: "ingress.enabled=false"
+ group: "Services and Load Balancing"
+ show_subquestion_if: "NodePort"
+ subquestions:
+ - variable: service.ui.nodePort
+ default: ""
+ description: "NodePort port number(to set explicitly, choose port between 30000-32767)"
+ type: int
+ min: 30000
+ max: 32767
+ show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer"
+ label: UI Service NodePort number
+- variable: enablePSP
+ default: "true"
+ description: "Setup a pod security policy for Longhorn workloads."
+ label: Pod Security Policy
+ type: boolean
+ group: "Other Settings"
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/NOTES.txt b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/NOTES.txt
new file mode 100644
index 000000000..cca7cd77b
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/NOTES.txt
@@ -0,0 +1,5 @@
+Longhorn is now installed on the cluster!
+
+Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized.
+
+Visit our documentation at https://longhorn.io/docs/
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl
new file mode 100644
index 000000000..3fbc2ac02
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/_helpers.tpl
@@ -0,0 +1,66 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "longhorn.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "longhorn.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "longhorn.managerIP" -}}
+{{- $fullname := (include "longhorn.fullname" .) -}}
+{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+
+{{- define "secret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }}
+{{- end }}
+
+{{- /*
+longhorn.labels generates the standard Helm labels.
+*/ -}}
+{{- define "longhorn.labels" -}}
+app.kubernetes.io/name: {{ template "longhorn.name" . }}
+helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/version: {{ .Chart.AppVersion }}
+{{- end -}}
+
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "registry_url" -}}
+{{- if .Values.privateRegistry.registryUrl -}}
+{{- printf "%s/" .Values.privateRegistry.registryUrl -}}
+{{- else -}}
+{{ include "system_default_registry" . }}
+{{- end -}}
+{{- end -}}
+
+{{- /*
+ define the longhorn release namespace
+*/ -}}
+{{- define "release_namespace" -}}
+{{- if .Values.namespaceOverride -}}
+{{- .Values.namespaceOverride -}}
+{{- else -}}
+{{- .Release.Namespace -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml
new file mode 100644
index 000000000..cd5aafb50
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrole.yaml
@@ -0,0 +1,47 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: longhorn-role
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+rules:
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - "*"
+- apiGroups: [""]
+ resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps"]
+ verbs: ["*"]
+- apiGroups: [""]
+ resources: ["namespaces"]
+ verbs: ["get", "list"]
+- apiGroups: ["apps"]
+ resources: ["daemonsets", "statefulsets", "deployments"]
+ verbs: ["*"]
+- apiGroups: ["batch"]
+ resources: ["jobs", "cronjobs"]
+ verbs: ["*"]
+- apiGroups: ["policy"]
+ resources: ["poddisruptionbudgets"]
+ verbs: ["*"]
+- apiGroups: ["scheduling.k8s.io"]
+ resources: ["priorityclasses"]
+ verbs: ["watch", "list"]
+- apiGroups: ["storage.k8s.io"]
+ resources: ["storageclasses", "volumeattachments", "csinodes", "csidrivers"]
+ verbs: ["*"]
+- apiGroups: ["snapshot.storage.k8s.io"]
+ resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"]
+ verbs: ["*"]
+- apiGroups: ["longhorn.io"]
+ resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+ "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+ "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+ verbs: ["*"]
+- apiGroups: ["coordination.k8s.io"]
+ resources: ["leases"]
+ verbs: ["*"]
+- apiGroups: ["metrics.k8s.io"]
+ resources: ["pods", "nodes"]
+ verbs: ["get", "list"]
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..66ac62f9b
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: longhorn-bind
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: longhorn-role
+subjects:
+- kind: ServiceAccount
+ name: longhorn-service-account
+ namespace: {{ include "release_namespace" . }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml
new file mode 100644
index 000000000..636a4c0c2
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/daemonset-sa.yaml
@@ -0,0 +1,125 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-manager
+ name: longhorn-manager
+ namespace: {{ include "release_namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ app: longhorn-manager
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-manager
+ {{- with .Values.annotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ spec:
+ containers:
+ - name: longhorn-manager
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ privileged: true
+ command:
+ - longhorn-manager
+ - -d
+ - daemon
+ - --engine-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}"
+ - --instance-manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}"
+ - --share-manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}"
+ - --backing-image-manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}"
+ - --manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+ - --service-account
+ - longhorn-service-account
+ ports:
+ - containerPort: 9500
+ name: manager
+ readinessProbe:
+ tcpSocket:
+ port: 9500
+ volumeMounts:
+ - name: dev
+ mountPath: /host/dev/
+ - name: proc
+ mountPath: /host/proc/
+ - name: longhorn
+ mountPath: /var/lib/longhorn/
+ mountPropagation: Bidirectional
+ - name: longhorn-default-setting
+ mountPath: /var/lib/longhorn-setting/
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: POD_IP
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: DEFAULT_SETTING_PATH
+ value: /var/lib/longhorn-setting/default-setting.yaml
+ volumes:
+ - name: dev
+ hostPath:
+ path: /dev/
+ - name: proc
+ hostPath:
+ path: /proc/
+ - name: longhorn
+ hostPath:
+ path: /var/lib/longhorn/
+ - name: longhorn-default-setting
+ configMap:
+ name: longhorn-default-setting
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornManager.priorityClass }}
+ priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ {{- if .Values.longhornManager.tolerations }}
+ tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornManager.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+ {{- end }}
+ updateStrategy:
+ rollingUpdate:
+ maxUnavailable: "100%"
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-manager
+ name: longhorn-backend
+ namespace: {{ include "release_namespace" . }}
+spec:
+ type: {{ .Values.service.manager.type }}
+ sessionAffinity: ClientIP
+ selector:
+ app: longhorn-manager
+ ports:
+ - name: manager
+ port: 9500
+ targetPort: manager
+ {{- if .Values.service.manager.nodePort }}
+ nodePort: {{ .Values.service.manager.nodePort }}
+ {{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml
new file mode 100644
index 000000000..7c1861a78
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/default-setting.yaml
@@ -0,0 +1,41 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: longhorn-default-setting
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+ default-setting.yaml: |-
+ backup-target: {{ .Values.defaultSettings.backupTarget }}
+ backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }}
+ allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }}
+ create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }}
+ default-data-path: {{ .Values.defaultSettings.defaultDataPath }}
+ replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }}
+ storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }}
+ storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }}
+ upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }}
+ default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }}
+ default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }}
+ default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }}
+ backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }}
+ taint-toleration: {{ .Values.defaultSettings.taintToleration }}
+ system-managed-components-node-selector: {{ .Values.defaultSettings.systemManagedComponentsNodeSelector }}
+ priority-class: {{ .Values.defaultSettings.priorityClass }}
+ auto-salvage: {{ .Values.defaultSettings.autoSalvage }}
+ auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }}
+ disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }}
+ replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }}
+ node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }}
+ allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }}
+ mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }}
+ disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }}
+ replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }}
+ disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }}
+ system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }}
+ allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }}
+ auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }}
+ concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }}
+ backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }}
+ guaranteed-engine-manager-cpu: {{ .Values.defaultSettings.guaranteedEngineManagerCPU }}
+ guaranteed-replica-manager-cpu: {{ .Values.defaultSettings.guaranteedReplicaManagerCPU }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml
new file mode 100644
index 000000000..fb0390a6b
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-driver.yaml
@@ -0,0 +1,104 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: longhorn-driver-deployer
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: longhorn-driver-deployer
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-driver-deployer
+ spec:
+ initContainers:
+ - name: wait-longhorn-manager
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done']
+ containers:
+ - name: longhorn-driver-deployer
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: IfNotPresent
+ command:
+ - longhorn-manager
+ - -d
+ - deploy-driver
+ - --manager-image
+ - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}"
+ - --manager-url
+ - http://longhorn-backend:9500/v1
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ - name: NODE_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.nodeName
+ - name: SERVICE_ACCOUNT
+ valueFrom:
+ fieldRef:
+ fieldPath: spec.serviceAccountName
+ {{- if .Values.csi.kubeletRootDir }}
+ - name: KUBELET_ROOT_DIR
+ value: {{ .Values.csi.kubeletRootDir }}
+ {{- end }}
+ {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }}
+ - name: CSI_ATTACHER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }}
+ - name: CSI_PROVISIONER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }}
+ - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }}
+ - name: CSI_RESIZER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}"
+ {{- end }}
+ {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }}
+ - name: CSI_SNAPSHOTTER_IMAGE
+ value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}"
+ {{- end }}
+ {{- if .Values.csi.attacherReplicaCount }}
+ - name: CSI_ATTACHER_REPLICA_COUNT
+ value: {{ .Values.csi.attacherReplicaCount | quote }}
+ {{- end }}
+ {{- if .Values.csi.provisionerReplicaCount }}
+ - name: CSI_PROVISIONER_REPLICA_COUNT
+ value: {{ .Values.csi.provisionerReplicaCount | quote }}
+ {{- end }}
+ {{- if .Values.csi.resizerReplicaCount }}
+ - name: CSI_RESIZER_REPLICA_COUNT
+ value: {{ .Values.csi.resizerReplicaCount | quote }}
+ {{- end }}
+ {{- if .Values.csi.snapshotterReplicaCount }}
+ - name: CSI_SNAPSHOTTER_REPLICA_COUNT
+ value: {{ .Values.csi.snapshotterReplicaCount | quote }}
+ {{- end }}
+
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornDriver.priorityClass }}
+ priorityClassName: {{ .Values.longhornDriver.priorityClass | quote}}
+ {{- end }}
+ {{- if .Values.longhornDriver.tolerations }}
+ tolerations:
+{{ toYaml .Values.longhornDriver.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornDriver.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.longhornDriver.nodeSelector | indent 8 }}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ securityContext:
+ runAsUser: 0
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml
new file mode 100644
index 000000000..e46a84213
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/deployment-ui.yaml
@@ -0,0 +1,72 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-ui
+ name: longhorn-ui
+ namespace: {{ include "release_namespace" . }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: longhorn-ui
+ template:
+ metadata:
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ app: longhorn-ui
+ spec:
+ containers:
+ - name: longhorn-ui
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }}
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ runAsUser: 0
+ ports:
+ - containerPort: 8000
+ name: http
+ env:
+ - name: LONGHORN_MANAGER_IP
+ value: "http://longhorn-backend:9500"
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornUI.priorityClass }}
+ priorityClassName: {{ .Values.longhornUI.priorityClass | quote}}
+ {{- end }}
+ {{- if .Values.longhornUI.tolerations }}
+ tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornUI.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+ {{- end }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-ui
+ {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+ kubernetes.io/cluster-service: "true"
+ {{- end }}
+ name: longhorn-frontend
+ namespace: {{ include "release_namespace" . }}
+spec:
+ {{- if eq .Values.service.ui.type "Rancher-Proxy" }}
+ type: ClusterIP
+ {{- else }}
+ type: {{ .Values.service.ui.type }}
+ {{- end }}
+ selector:
+ app: longhorn-ui
+ ports:
+ - name: http
+ port: 80
+ targetPort: http
+ {{- if .Values.service.ui.nodePort }}
+ nodePort: {{ .Values.service.ui.nodePort }}
+ {{- else }}
+ nodePort: null
+ {{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/ingress.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/ingress.yaml
new file mode 100644
index 000000000..13555f814
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/ingress.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.ingress.enabled }}
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+ name: longhorn-ingress
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ app: longhorn-ingress
+ annotations:
+ {{- if .Values.ingress.tls }}
+ ingress.kubernetes.io/secure-backends: "true"
+ {{- end }}
+ {{- range $key, $value := .Values.ingress.annotations }}
+ {{ $key }}: {{ $value | quote }}
+ {{- end }}
+spec:
+ {{- if .Values.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.ingress.ingressClassName }}
+ {{- end }}
+ rules:
+ - host: {{ .Values.ingress.host }}
+ http:
+ paths:
+ - path: {{ default "" .Values.ingress.path }}
+ backend:
+ serviceName: longhorn-frontend
+ servicePort: 80
+{{- if .Values.ingress.tls }}
+ tls:
+ - hosts:
+ - {{ .Values.ingress.host }}
+ secretName: {{ .Values.ingress.tlsSecret }}
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml
new file mode 100644
index 000000000..4af75e236
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/postupgrade-job.yaml
@@ -0,0 +1,48 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ "helm.sh/hook": post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+ name: longhorn-post-upgrade
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ activeDeadlineSeconds: 900
+ backoffLimit: 1
+ template:
+ metadata:
+ name: longhorn-post-upgrade
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ spec:
+ containers:
+ - name: longhorn-post-upgrade
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ privileged: true
+ command:
+ - longhorn-manager
+ - post-upgrade
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ restartPolicy: OnFailure
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornManager.priorityClass }}
+ priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ {{- if .Values.longhornManager.tolerations }}
+ tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornManager.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+ {{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/psp.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/psp.yaml
new file mode 100644
index 000000000..a2dfc05be
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/psp.yaml
@@ -0,0 +1,66 @@
+{{- if .Values.enablePSP }}
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: longhorn-psp
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ privileged: true
+ allowPrivilegeEscalation: true
+ requiredDropCapabilities:
+ - NET_RAW
+ allowedCapabilities:
+ - SYS_ADMIN
+ hostNetwork: false
+ hostIPC: false
+ hostPID: true
+ runAsUser:
+ rule: RunAsAny
+ seLinux:
+ rule: RunAsAny
+ fsGroup:
+ rule: RunAsAny
+ supplementalGroups:
+ rule: RunAsAny
+ volumes:
+ - configMap
+ - downwardAPI
+ - emptyDir
+ - secret
+ - projected
+ - hostPath
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: longhorn-psp-role
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ namespace: {{ include "release_namespace" . }}
+rules:
+- apiGroups:
+ - policy
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+ resourceNames:
+ - longhorn-psp
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: longhorn-psp-binding
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+ namespace: {{ include "release_namespace" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: longhorn-psp-role
+subjects:
+- kind: ServiceAccount
+ name: longhorn-service-account
+ namespace: {{ include "release_namespace" . }}
+- kind: ServiceAccount
+ name: default
+ namespace: {{ include "release_namespace" . }}
+{{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml
new file mode 100644
index 000000000..1c7565fea
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/registry-secret.yml
@@ -0,0 +1,11 @@
+{{- if .Values.privateRegistry.registrySecret }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .Values.privateRegistry.registrySecret }}
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "secret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ad576c353
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/serviceaccount.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: longhorn-service-account
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml
new file mode 100644
index 000000000..dea6aafd4
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/storageclass.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: longhorn-storageclass
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+data:
+ storageclass.yaml: |
+ kind: StorageClass
+ apiVersion: storage.k8s.io/v1
+ metadata:
+ name: longhorn
+ annotations:
+ storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }}
+ provisioner: driver.longhorn.io
+ allowVolumeExpansion: true
+ reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}"
+ volumeBindingMode: Immediate
+ parameters:
+ numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}"
+ staleReplicaTimeout: "30"
+ fromBackup: ""
+ baseImage: ""
+ {{- if .Values.persistence.recurringJobs.enable }}
+ recurringJobs: '{{ .Values.persistence.recurringJobs.jobList }}'
+ {{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml
new file mode 100644
index 000000000..74c43426d
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/tls-secrets.yaml
@@ -0,0 +1,16 @@
+{{- if .Values.ingress.enabled }}
+{{- range .Values.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ .name }}
+ namespace: {{ include "release_namespace" $ }}
+ labels: {{- include "longhorn.labels" $ | nindent 4 }}
+ app: longhorn
+type: kubernetes.io/tls
+data:
+ tls.crt: {{ .certificate | b64enc }}
+ tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml
new file mode 100644
index 000000000..5f21b1024
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/uninstall-job.yaml
@@ -0,0 +1,49 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded
+ name: longhorn-uninstall
+ namespace: {{ include "release_namespace" . }}
+ labels: {{- include "longhorn.labels" . | nindent 4 }}
+spec:
+ activeDeadlineSeconds: 900
+ backoffLimit: 1
+ template:
+ metadata:
+ name: longhorn-uninstall
+ labels: {{- include "longhorn.labels" . | nindent 8 }}
+ spec:
+ containers:
+ - name: longhorn-uninstall
+ image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}
+ imagePullPolicy: IfNotPresent
+ securityContext:
+ privileged: true
+ command:
+ - longhorn-manager
+ - uninstall
+ - --force
+ env:
+ - name: LONGHORN_NAMESPACE
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.namespace
+ restartPolicy: OnFailure
+ {{- if .Values.privateRegistry.registrySecret }}
+ imagePullSecrets:
+ - name: {{ .Values.privateRegistry.registrySecret }}
+ {{- end }}
+ {{- if .Values.longhornManager.priorityClass }}
+ priorityClassName: {{ .Values.longhornManager.priorityClass | quote}}
+ {{- end }}
+ serviceAccountName: longhorn-service-account
+ {{- if .Values.longhornManager.tolerations }}
+ tolerations:
+{{ toYaml .Values.longhornManager.tolerations | indent 6 }}
+ {{- end }}
+ {{- if .Values.longhornManager.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }}
+ {{- end }}
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/userroles.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/userroles.yaml
new file mode 100644
index 000000000..00dda116a
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/userroles.yaml
@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "longhorn-admin"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups: [ "longhorn.io" ]
+ resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+ "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+ "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+ verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "longhorn-edit"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+rules:
+ - apiGroups: [ "longhorn.io" ]
+ resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+ "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+ "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+ verbs: [ "*" ]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: "longhorn-view"
+ labels:
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+rules:
+ - apiGroups: [ "longhorn.io" ]
+ resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings",
+ "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status",
+ "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", "backingimagemanagers", "backingimagemanagers/status"]
+ verbs: [ "get", "list", "watch" ]
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..f93413640
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/templates/validate-install-crd.yaml
@@ -0,0 +1,23 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "longhorn.io/v1beta1/Engine" false -}}
+# {{- set $found "longhorn.io/v1beta1/Replica" false -}}
+# {{- set $found "longhorn.io/v1beta1/Setting" false -}}
+# {{- set $found "longhorn.io/v1beta1/Volume" false -}}
+# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}}
+# {{- set $found "longhorn.io/v1beta1/Node" false -}}
+# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}}
+# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackingImage" false -}}
+# {{- set $found "longhorn.io/v1beta1/BackingImageManager" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# {{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/longhorn/longhorn/100.0.0+up1.1.2/values.yaml b/charts/longhorn/longhorn/100.0.0+up1.1.2/values.yaml
new file mode 100644
index 000000000..1d2e75890
--- /dev/null
+++ b/charts/longhorn/longhorn/100.0.0+up1.1.2/values.yaml
@@ -0,0 +1,218 @@
+# Default values for longhorn.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+image:
+ longhorn:
+ engine:
+ repository: rancher/mirrored-longhornio-longhorn-engine
+ tag: v1.1.2
+ manager:
+ repository: rancher/mirrored-longhornio-longhorn-manager
+ tag: v1.1.2
+ ui:
+ repository: rancher/mirrored-longhornio-longhorn-ui
+ tag: v1.1.2
+ instanceManager:
+ repository: rancher/mirrored-longhornio-longhorn-instance-manager
+ tag: v1_20210621
+ shareManager:
+ repository: rancher/mirrored-longhornio-longhorn-share-manager
+ tag: v1_20210416
+ backingImageManager:
+ repository: rancher/mirrored-longhornio-backing-image-manager
+ tag: v1_20210422
+ csi:
+ attacher:
+ repository: rancher/mirrored-longhornio-csi-attacher
+ tag: v2.2.1-lh2
+ provisioner:
+ repository: rancher/mirrored-longhornio-csi-provisioner
+ tag: v1.6.0-lh2
+ nodeDriverRegistrar:
+ repository: rancher/mirrored-longhornio-csi-node-driver-registrar
+ tag: v1.2.0-lh1
+ resizer:
+ repository: rancher/mirrored-longhornio-csi-resizer
+ tag: v0.5.1-lh2
+ snapshotter:
+ repository: rancher/mirrored-longhornio-csi-snapshotter
+ tag: v2.1.1-lh2
+ pullPolicy: IfNotPresent
+
+service:
+ ui:
+ type: ClusterIP
+ nodePort: null
+ manager:
+ type: ClusterIP
+ nodePort: ""
+
+persistence:
+ defaultClass: true
+ defaultClassReplicaCount: 3
+ reclaimPolicy: Delete
+ recurringJobs:
+ enable: false
+ jobList: []
+
+csi:
+ kubeletRootDir: ~
+ attacherReplicaCount: ~
+ provisionerReplicaCount: ~
+ resizerReplicaCount: ~
+ snapshotterReplicaCount: ~
+
+defaultSettings:
+ backupTarget: ~
+ backupTargetCredentialSecret: ~
+ allowRecurringJobWhileVolumeDetached: ~
+ createDefaultDiskLabeledNodes: ~
+ defaultDataPath: ~
+ defaultDataLocality: ~
+ replicaSoftAntiAffinity: ~
+ storageOverProvisioningPercentage: ~
+ storageMinimalAvailablePercentage: ~
+ upgradeChecker: ~
+ defaultReplicaCount: ~
+ defaultLonghornStaticStorageClass: ~
+ backupstorePollInterval: ~
+ taintToleration: ~
+ systemManagedComponentsNodeSelector: ~
+ priorityClass: ~
+ autoSalvage: ~
+ autoDeletePodWhenVolumeDetachedUnexpectedly: ~
+ disableSchedulingOnCordonedNode: ~
+ replicaZoneSoftAntiAffinity: ~
+ nodeDownPodDeletionPolicy: ~
+ allowNodeDrainWithLastHealthyReplica: ~
+ mkfsExt4Parameters: ~
+ disableReplicaRebuild: ~
+ replicaReplenishmentWaitInterval: ~
+ disableRevisionCounter: ~
+ systemManagedPodsImagePullPolicy: ~
+ allowVolumeCreationWithDegradedAvailability: ~
+ autoCleanupSystemGeneratedSnapshot: ~
+ concurrentAutomaticEngineUpgradePerNodeLimit: ~
+ backingImageCleanupWaitInterval: ~
+ guaranteedEngineManagerCPU: ~
+ guaranteedReplicaManagerCPU: ~
+privateRegistry:
+ registryUrl: ~
+ registryUser: ~
+ registryPasswd: ~
+ registrySecret: ~
+
+longhornManager:
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+longhornDriver:
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+longhornUI:
+ priorityClass: ~
+ tolerations: []
+ ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above
+ ## and uncomment this example block
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+ # effect: "NoSchedule"
+ nodeSelector: {}
+ ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above
+ ## and uncomment this example block
+ # label-key1: "label-value1"
+ # label-key2: "label-value2"
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+ #
+
+ingress:
+ ## Set to true to enable ingress record generation
+ enabled: false
+
+ ## Add ingressClassName to the Ingress
+ ## Can replace the kubernetes.io/ingress.class annotation on v1.18+
+ ingressClassName: ~
+
+ host: xip.io
+
+ ## Set this to true in order to enable TLS on the ingress record
+ ## A side effect of this will be that the backend service will be connected at port 443
+ tls: false
+
+ ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS
+ tlsSecret: longhorn.local-tls
+
+ ## Ingress annotations done as key:value pairs
+ ## If you're using kube-lego, you will want to add:
+ ## kubernetes.io/tls-acme: true
+ ##
+ ## For a full list of possible ingress annotations, please see
+ ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md
+ ##
+ ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set
+ annotations:
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: true
+
+ secrets:
+ ## If you're providing your own certificates, please use this to add the certificates as secrets
+ ## key and certificate should start with -----BEGIN CERTIFICATE----- or
+ ## -----BEGIN RSA PRIVATE KEY-----
+ ##
+ ## name should line up with a tlsSecret set further up
+ ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set
+ ##
+ ## It is also possible to create and manage the certificates outside of this helm chart
+ ## Please see README.md for more information
+ # - name: longhorn.local-tls
+ # key:
+ # certificate:
+
+# Configure a pod security policy in the Longhorn namespace to allow privileged pods
+enablePSP: true
+
+## Specify override namespace, specifically this is useful for using longhorn as sub-chart
+## and its release namespace is not the `longhorn-system`
+namespaceOverride: ""
+
+# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional.
+annotations: {}
diff --git a/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/Chart.yaml b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/Chart.yaml
new file mode 100644
index 000000000..cd6dc177d
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: rancher-aks-operator-crd
+apiVersion: v2
+appVersion: 1.0.1
+description: AKS Operator CustomResourceDefinitions
+name: rancher-aks-operator-crd
+version: 100.0.0+up1.0.1
diff --git a/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/templates/crds.yaml b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/templates/crds.yaml
new file mode 100644
index 000000000..002a459bd
--- /dev/null
+++ b/charts/rancher-aks-operator-crd/rancher-aks-operator-crd/100.0.0+up1.0.1/templates/crds.yaml
@@ -0,0 +1,178 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ helm.sh/resource-policy: keep
+ name: aksclusterconfigs.aks.cattle.io
+spec:
+ group: aks.cattle.io
+ names:
+ kind: AKSClusterConfig
+ plural: aksclusterconfigs
+ shortNames:
+ - akscc
+ singular: aksclusterconfig
+ preserveUnknownFields: false
+ scope: Namespaced
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ authBaseUrl:
+ nullable: true
+ type: string
+ authorizedIpRanges:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ azureCredentialSecret:
+ nullable: true
+ type: string
+ baseUrl:
+ nullable: true
+ type: string
+ clusterName:
+ nullable: true
+ type: string
+ dnsPrefix:
+ nullable: true
+ type: string
+ dnsServiceIp:
+ nullable: true
+ type: string
+ dockerBridgeCidr:
+ nullable: true
+ type: string
+ httpApplicationRouting:
+ nullable: true
+ type: boolean
+ imported:
+ type: boolean
+ kubernetesVersion:
+ nullable: true
+ type: string
+ linuxAdminUsername:
+ nullable: true
+ type: string
+ loadBalancerSku:
+ nullable: true
+ type: string
+ logAnalyticsWorkspaceGroup:
+ nullable: true
+ type: string
+ logAnalyticsWorkspaceName:
+ nullable: true
+ type: string
+ monitoring:
+ nullable: true
+ type: boolean
+ networkPlugin:
+ nullable: true
+ type: string
+ networkPolicy:
+ nullable: true
+ type: string
+ nodePools:
+ items:
+ properties:
+ availabilityZones:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ count:
+ nullable: true
+ type: integer
+ enableAutoScaling:
+ nullable: true
+ type: boolean
+ maxCount:
+ nullable: true
+ type: integer
+ maxPods:
+ nullable: true
+ type: integer
+ minCount:
+ nullable: true
+ type: integer
+ mode:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ orchestratorVersion:
+ nullable: true
+ type: string
+ osDiskSizeGB:
+ nullable: true
+ type: integer
+ osDiskType:
+ nullable: true
+ type: string
+ osType:
+ nullable: true
+ type: string
+ vmSize:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ podCidr:
+ nullable: true
+ type: string
+ privateCluster:
+ nullable: true
+ type: boolean
+ resourceGroup:
+ nullable: true
+ type: string
+ resourceLocation:
+ nullable: true
+ type: string
+ serviceCidr:
+ nullable: true
+ type: string
+ sshPublicKey:
+ nullable: true
+ type: string
+ subnet:
+ nullable: true
+ type: string
+ tags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ virtualNetwork:
+ nullable: true
+ type: string
+ virtualNetworkResourceGroup:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ failureMessage:
+ nullable: true
+ type: string
+ phase:
+ nullable: true
+ type: string
+ rbacEnabled:
+ nullable: true
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/Chart.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/Chart.yaml
new file mode 100644
index 000000000..d5b77f9cf
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-aks-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: aksclusterconfigs.aks.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
+ catalog.cattle.io/release-name: rancher-aks-operator
+ catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.0.1
+description: A Helm chart for provisioning AKS clusters
+home: https://github.com/rancher/aks-operator
+name: rancher-aks-operator
+sources:
+- https://github.com/rancher/aks-operator
+version: 100.0.0+up1.0.1
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/NOTES.txt b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/NOTES.txt
new file mode 100644
index 000000000..5ba05b482
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher AKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions AKS clusters
+from AKSClusterConfig CRs.
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/_helpers.tpl b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/_helpers.tpl
new file mode 100644
index 000000000..be11b4a66
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/_helpers.tpl
@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrole.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrole.yaml
new file mode 100644
index 000000000..5e2ce9756
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: aks-operator
+ namespace: cattle-system
+rules:
+ - apiGroups: ['']
+ resources: ['secrets']
+ verbs: ['get', 'list', 'create', 'watch', 'update']
+ - apiGroups: ['aks.cattle.io']
+ resources: ['aksclusterconfigs']
+ verbs: ['get', 'list', 'update', 'watch']
+ - apiGroups: ['aks.cattle.io']
+ resources: ['aksclusterconfigs/status']
+ verbs: ['update']
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrolebinding.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..7aa7e785a
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: aks-operator
+ namespace: cattle-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: aks-operator
+subjects:
+- kind: ServiceAccount
+ name: aks-operator
+ namespace: cattle-system
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/deployment.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/deployment.yaml
new file mode 100644
index 000000000..9e3dcd21c
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: aks-config-operator
+ namespace: cattle-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ ke.cattle.io/operator: aks
+ template:
+ metadata:
+ labels:
+ ke.cattle.io/operator: aks
+ spec:
+ serviceAccountName: aks-operator
+ securityContext:
+ fsGroup: 1007
+ runAsUser: 1007
+ containers:
+ - name: aks-operator
+ image: {{ template "system_default_registry" . }}{{ .Values.aksOperator.image.repository }}:{{ .Values.aksOperator.image.tag }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: HTTP_PROXY
+ value: {{ .Values.httpProxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.httpsProxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+ # aks-operator mounts the additional CAs in two places:
+ volumeMounts:
+ # This directory is owned by the aks-operator user so c_rehash works here.
+ - mountPath: /etc/rancher/ssl/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ # This directory is root-owned so c_rehash doesn't work here,
+ # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+ - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ volumes:
+ - name: tls-ca-additional-volume
+ secret:
+ defaultMode: 0400
+ secretName: tls-ca-additional
+ {{- end }}
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/serviceaccount.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..9c40a152f
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: cattle-system
+ name: aks-operator
diff --git a/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/values.yaml b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/values.yaml
new file mode 100644
index 000000000..fe4edec80
--- /dev/null
+++ b/charts/rancher-aks-operator/rancher-aks-operator/100.0.0+up1.0.1/values.yaml
@@ -0,0 +1,12 @@
+global:
+ systemDefaultRegistry: ""
+
+aksOperator:
+ image:
+ repository: rancher/aks-operator
+ tag: v1.0.1
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/Chart.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/Chart.yaml
new file mode 100644
index 000000000..89d24da21
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/Chart.yaml
@@ -0,0 +1,23 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Alerting Drivers
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: rancher-alerting-drivers
+ catalog.cattle.io/type: cluster-tool
+apiVersion: v2
+appVersion: 1.16.0
+dependencies:
+- condition: prom2teams.enabled
+ name: prom2teams
+ repository: file://./charts/prom2teams
+- condition: sachet.enabled
+ name: sachet
+ repository: file://./charts/sachet
+description: The manager for third-party webhook receivers used in Prometheus Alertmanager
+icon: https://charts.rancher.io/assets/logos/alerting-drivers.svg
+keywords:
+- monitoring
+- alertmanger
+- webhook
+name: rancher-alerting-drivers
+version: 100.0.0
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/README.md b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/README.md
new file mode 100644
index 000000000..ea3f11801
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/README.md
@@ -0,0 +1,11 @@
+# Rancher Alerting Drivers
+
+This chart installs one or more [Alertmanager Webhook Receiver Integrations](https://prometheus.io/docs/operating/integrations/#alertmanager-webhook-receiver) (i.e. Drivers).
+
+Those Drivers can be targeted by an existing deployment of Alertmanager to send alerts to notification mechanisms that are not natively supported.
+
+Currently, this chart supports the following Drivers:
+- Microsoft Teams, based on [prom2teams](https://github.com/idealista/prom2teams)
+- SMS, based on [Sachet](https://github.com/messagebird/sachet)
+
+After installing rancher-alerting-drivers, please refer to the upstream documentation for each Driver for configuration options.
\ No newline at end of file
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/app-readme.md b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/app-readme.md
new file mode 100644
index 000000000..ea3f11801
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/app-readme.md
@@ -0,0 +1,11 @@
+# Rancher Alerting Drivers
+
+This chart installs one or more [Alertmanager Webhook Receiver Integrations](https://prometheus.io/docs/operating/integrations/#alertmanager-webhook-receiver) (i.e. Drivers).
+
+Those Drivers can be targeted by an existing deployment of Alertmanager to send alerts to notification mechanisms that are not natively supported.
+
+Currently, this chart supports the following Drivers:
+- Microsoft Teams, based on [prom2teams](https://github.com/idealista/prom2teams)
+- SMS, based on [Sachet](https://github.com/messagebird/sachet)
+
+After installing rancher-alerting-drivers, please refer to the upstream documentation for each Driver for configuration options.
\ No newline at end of file
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/.helmignore b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/.helmignore
new file mode 100644
index 000000000..50af03172
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/.helmignore
@@ -0,0 +1,22 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/Chart.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/Chart.yaml
new file mode 100644
index 000000000..696e9e3dd
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: rancher-prom2teams
+apiVersion: v1
+appVersion: 3.2.2
+description: A Helm chart for Prom2Teams based on the upstream https://github.com/idealista/prom2teams
+name: prom2teams
+version: 0.2.0
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/files/teams.j2 b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/files/teams.j2
new file mode 100644
index 000000000..f1cf61d4e
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/files/teams.j2
@@ -0,0 +1,44 @@
+{%- set
+ theme_colors = {
+ 'resolved' : '2DC72D',
+ 'critical' : '8C1A1A',
+ 'severe' : '8C1A1A',
+ 'warning' : 'FF9A0B',
+ 'unknown' : 'CCCCCC'
+ }
+-%}
+
+{
+ "@type": "MessageCard",
+ "@context": "http://schema.org/extensions",
+ "themeColor": "{% if status=='resolved' %} {{ theme_colors.resolved }} {% else %} {{ theme_colors[msg_text.severity] }} {% endif %}",
+ "summary": "{% if status=='resolved' %}(Resolved) {% endif %}{{ msg_text.summary }}",
+ "title": "Prometheus alert {% if status=='resolved' %}(Resolved) {% elif status=='unknown' %} (status unknown) {% endif %}",
+ "sections": [{
+ "activityTitle": "{{ msg_text.summary }}",
+ "facts": [{% if msg_text.name %}{
+ "name": "Alert",
+ "value": "{{ msg_text.name }}"
+ },{% endif %}{% if msg_text.instance %}{
+ "name": "In host",
+ "value": "{{ msg_text.instance }}"
+ },{% endif %}{% if msg_text.severity %}{
+ "name": "Severity",
+ "value": "{{ msg_text.severity }}"
+ },{% endif %}{% if msg_text.description %}{
+ "name": "Description",
+ "value": "{{ msg_text.description }}"
+ },{% endif %}{
+ "name": "Status",
+ "value": "{{ msg_text.status }}"
+ }{% if msg_text.extra_labels %}{% for key in msg_text.extra_labels %},{
+ "name": "{{ key }}",
+ "value": "{{ msg_text.extra_labels[key] }}"
+ }{% endfor %}{% endif %}
+ {% if msg_text.extra_annotations %}{% for key in msg_text.extra_annotations %},{
+ "name": "{{ key }}",
+ "value": "{{ msg_text.extra_annotations[key] }}"
+ }{% endfor %}{% endif %}],
+ "markdown": true
+ }]
+}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/NOTES.txt b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/NOTES.txt
new file mode 100644
index 000000000..a94c4132b
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/NOTES.txt
@@ -0,0 +1,2 @@
+Prom2Teams has been installed. Check its status by running:
+ kubectl --namespace {{ .Release.Namespace }} get pods -l "app.kubernetes.io/instance={{ .Release.Name }}"
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/_helpers.tpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/_helpers.tpl
new file mode 100644
index 000000000..ffc0fa356
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/_helpers.tpl
@@ -0,0 +1,73 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: linux
+{{- else -}}
+kubernetes.io/os: linux
+{{- end -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "prom2teams.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "prom2teams.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "prom2teams.namespace" -}}
+{{ default .Release.Namespace .Values.global.namespaceOverride }}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "prom2teams.labels" -}}
+app.kubernetes.io/name: {{ include "prom2teams.name" . }}
+helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+release: {{ .Release.Name }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end -}}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/configmap.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/configmap.yaml
new file mode 100644
index 000000000..ccf38953e
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/configmap.yaml
@@ -0,0 +1,39 @@
+{{- $valid := list "DEBUG" "INFO" "WARNING" "ERROR" "CRITICAL" -}}
+{{- if not (has .Values.prom2teams.loglevel $valid) -}}
+{{- fail "Invalid log level"}}
+{{- end -}}
+{{- if and .Values.prom2teams.connector (hasKey .Values.prom2teams.connectors "Connector") -}}
+{{- fail "Invalid configuration: prom2teams.connectors can't have a connector named Connector when prom2teams.connector is set"}}
+{{- end -}}
+{{/* Create the configmap when the operation is helm install and the target configmap does not exist. */}}
+{{- if not (lookup "v1" "ConfigMap" (include "prom2teams.namespace" . ) (include "prom2teams.fullname" .)) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ include "prom2teams.namespace" . }}
+ name: {{ include "prom2teams.fullname" . }}
+ labels: {{ include "prom2teams.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-install, pre-upgrade
+ "helm.sh/hook-weight": "3"
+ "helm.sh/resource-policy": keep
+data:
+ config.ini: |-
+ [HTTP Server]
+ Host: {{ .Values.prom2teams.host }}
+ Port: {{ .Values.prom2teams.port }}
+ [Microsoft Teams]
+ {{- with .Values.prom2teams.connector }}
+ Connector: {{ . }}
+ {{- end }}
+ {{- range $key, $val := .Values.prom2teams.connectors }}
+ {{ $key }}: {{ $val }}
+ {{- end }}
+ [Group Alerts]
+ Field: {{ .Values.prom2teams.group_alerts_by }}
+ [Log]
+ Level: {{ .Values.prom2teams.loglevel }}
+ [Template]
+ Path: {{ .Values.prom2teams.templatepath }}
+ teams.j2: {{ .Files.Get "files/teams.j2" | quote }}
+ {{- end -}}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/deployment.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/deployment.yaml
new file mode 100644
index 000000000..c7149b9da
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/deployment.yaml
@@ -0,0 +1,77 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "prom2teams.fullname" . }}
+ namespace: {{ include "prom2teams.namespace" . }}
+ labels: {{ include "prom2teams.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/name: {{ include "prom2teams.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ template:
+ metadata:
+ labels:
+ app.kubernetes.io/name: {{ include "prom2teams.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
+ spec:
+ serviceAccountName: {{ include "prom2teams.fullname" . }}
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml . | nindent 8 }}
+ {{- end }}
+ volumes:
+ - name: config
+ configMap:
+ name: {{ include "prom2teams.fullname" . }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: 8089
+ protocol: TCP
+ volumeMounts:
+ - name: config
+ mountPath: /opt/prom2teams/helmconfig/
+ env:
+ - name: APP_CONFIG_FILE
+ value: {{ .Values.prom2teams.config | quote }}
+ - name: PROM2TEAMS_PORT
+ value: {{ .Values.prom2teams.port | quote }}
+ - name: PROM2TEAMS_HOST
+ value: {{ .Values.prom2teams.ip | quote }}
+ - name: PROM2TEAMS_CONNECTOR
+ value: {{ .Values.prom2teams.connector | quote }}
+ - name: PROM2TEAMS_GROUP_ALERTS_BY
+ value: {{ .Values.prom2teams.group_alerts_by | quote }}
+ resources: {{ toYaml .Values.resources | nindent 12 }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ privileged: false
+ readOnlyRootFilesystem: false
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - ALL
+ {{- end }}
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ {{- if .Values.nodeSelector }}
+ {{- toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity: {{ toYaml . | nindent 8 }}
+ {{- end }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ {{- if .Values.tolerations }}
+ {{- toYaml .Values.tolerations | nindent 8 }}
+ {{- end }}
+ {{- if .Values.securityContext.enabled }}
+ securityContext:
+ runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }}
+ runAsUser: {{ .Values.securityContext.runAsUser }}
+ runAsGroup: {{ .Values.securityContext.runAsGroup }}
+ fsGroup: {{ .Values.securityContext.fsGroup }}
+ {{- end }}
+
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/psp.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/psp.yaml
new file mode 100644
index 000000000..d1578a430
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/psp.yaml
@@ -0,0 +1,29 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "prom2teams.fullname" . }}-psp
+ labels: {{ include "prom2teams.labels" . | nindent 4 }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ volumes:
+ - 'configMap'
+ - 'secret'
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/role.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/role.yaml
new file mode 100644
index 000000000..25391d588
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/role.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "prom2teams.fullname" . }}-psp
+ namespace: {{ include "prom2teams.namespace" . }}
+ labels: {{ include "prom2teams.labels" . | nindent 4 }}
+rules:
+ - apiGroups:
+ - policy
+ resourceNames:
+ - {{ include "prom2teams.fullname" . }}-psp
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/rolebinding.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/rolebinding.yaml
new file mode 100644
index 000000000..3ca8bc252
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "prom2teams.fullname" . }}-psp
+ namespace: {{ include "prom2teams.namespace" . }}
+ labels: {{ include "prom2teams.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "prom2teams.fullname" . }}-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "prom2teams.fullname" . }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service-account.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service-account.yaml
new file mode 100644
index 000000000..a9572c5cd
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service-account.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "prom2teams.fullname" . }}
+ namespace: {{ include "prom2teams.namespace" . }}
+ labels: {{ include "prom2teams.labels" . | nindent 4 }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service.yaml
new file mode 100644
index 000000000..cc95cad35
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/templates/service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "prom2teams.fullname" . }}
+ namespace: {{ include "prom2teams.namespace" . }}
+ labels:
+{{ include "prom2teams.labels" . | indent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: 8089
+ protocol: TCP
+ name: http
+ selector:
+ app.kubernetes.io/name: {{ include "prom2teams.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/values.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/values.yaml
new file mode 100644
index 000000000..f98e8f2f4
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/prom2teams/values.yaml
@@ -0,0 +1,62 @@
+# Default values for prom2teams.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ namespaceOverride: ""
+
+nameOverride: "prom2teams"
+fullnameOverride: ""
+
+replicaCount: 1
+
+image:
+ repository: rancher/mirrored-idealista-prom2teams
+ tag: 3.2.2
+ pullPolicy: IfNotPresent
+
+resources:
+ requests:
+ cpu: 100m
+ memory: 128Mi
+ limits:
+ cpu: 200m
+ memory: 200Mi
+
+service:
+ type: ClusterIP
+ port: 8089
+
+prom2teams:
+ host: 0.0.0.0
+ port: 8089
+ connector: the-connector-url
+ connectors: {}
+ # group_alerts_by can be one of
+ # ("name" | "description" | "instance" | "severity" | "status" | "summary" | "fingerprint" | "runbook_url")
+ group_alerts_by:
+ # loglevel can be one of (DEBUG | INFO | WARNING | ERROR | CRITICAL)
+ loglevel: INFO
+ templatepath: /opt/prom2teams/helmconfig/teams.j2
+ config: /opt/prom2teams/helmconfig/config.ini
+
+# Security Context properties
+securityContext:
+ # enabled is a flag to enable Security Context
+ enabled: true
+ # runAsUser is the user ID used to run the container
+ runAsUser: 65534
+ # runAsGroup is the primary group ID used to run all processes within any container of the pod
+ runAsGroup: 65534
+ # fsGroup is the group ID associated with the container
+ fsGroup: 65534
+ # readOnlyRootFilesystem is a flag to enable readOnlyRootFilesystem for the Hazelcast security context
+ readOnlyRootFilesystem: true
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/.helmignore b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/.helmignore
new file mode 100644
index 000000000..0e8a0eb36
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/Chart.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/Chart.yaml
new file mode 100644
index 000000000..493bd9d9e
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: rancher-sachet
+apiVersion: v2
+appVersion: 0.2.3
+description: A Helm chart for Sachet based on the upstream https://github.com/messagebird/sachet
+name: sachet
+type: application
+version: 1.0.1
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/files/template.tmpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/files/template.tmpl
new file mode 100644
index 000000000..08f24e138
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/files/template.tmpl
@@ -0,0 +1 @@
+# reference: https://github.com/messagebird/sachet/blob/master/examples/telegram.tmpl
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/NOTES.txt b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/NOTES.txt
new file mode 100644
index 000000000..247a91fc1
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/NOTES.txt
@@ -0,0 +1,3 @@
+rancher-sachet is now installed on the cluster!
+Please refer to the upstream documentation for configuration options:
+https://github.com/messagebird/sachet
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/_helpers.tpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/_helpers.tpl
new file mode 100644
index 000000000..eaa61fee5
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/_helpers.tpl
@@ -0,0 +1,79 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: linux
+{{- else -}}
+kubernetes.io/os: linux
+{{- end -}}
+{{- end -}}
+
+{{/*
+Allow the release namespace to be overridden for multi-namespace deployments in combined charts
+*/}}
+{{- define "sachet.namespace" -}}
+{{ default .Release.Namespace .Values.global.namespaceOverride }}
+{{- end }}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "sachet.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sachet.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Common labels
+*/}}
+{{- define "sachet.labels" -}}
+helm.sh/chart: {{ printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{ include "sachet.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sachet.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sachet.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/configmap-pre-install.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/configmap-pre-install.yaml
new file mode 100644
index 000000000..e8c63ac03
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/configmap-pre-install.yaml
@@ -0,0 +1,34 @@
+{{/*This file is applied when the operation is helm install and the target confimap does not exist. */}}
+{{- if not (lookup "v1" "ConfigMap" (include "sachet.namespace" . ) (include "sachet.fullname" .)) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ namespace: {{ include "sachet.namespace" . }}
+ name: {{ include "sachet.fullname" . }}
+ labels: {{ include "sachet.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": pre-install, pre-upgrade
+ "helm.sh/hook-weight": "3"
+ "helm.sh/resource-policy": keep
+data:
+ config.yaml: |-
+ {{- if and (not .Values.sachet.providers) (not .Values.sachet.receivers) }}
+ # please refer to the upstream documentation for configuration options:
+ # https://github.com/messagebird/sachet
+ #
+ # providers:
+ # aliyun:
+ # region_id:
+ # ...
+ # receivers:
+ # - name: 'team-sms'
+ # provider: 'aliyu'
+ # ...
+ {{- end }}
+ {{- with .Values.sachet.providers }}
+ providers: {{ toYaml . | nindent 6 }}
+ {{- end }}
+ {{- with .Values.sachet.receivers }}
+ receivers: {{ toYaml . | nindent 6 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/deployment.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/deployment.yaml
new file mode 100644
index 000000000..17215eebd
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/deployment.yaml
@@ -0,0 +1,75 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "sachet.fullname" . }}
+ namespace: {{ include "sachet.namespace" . }}
+ labels: {{ include "sachet.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels: {{ include "sachet.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations: {{ toYaml . | nindent 8 }}
+ {{- end }}
+ labels: {{ include "sachet.selectorLabels" . | nindent 8 }}
+ spec:
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ {{- if .Values.nodeSelector }}
+ {{- toYaml .Values.nodeSelector | nindent 8 }}
+ {{- end }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ {{- if .Values.tolerations }}
+ {{- toYaml .Values.tolerations | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity: {{ toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets: {{ toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "sachet.fullname" . }}
+ {{- with .Values.podSecurityContext }}
+ securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
+ image: {{ include "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: 9876
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /-/live
+ port: http
+ readinessProbe:
+ httpGet:
+ path: /-/ready
+ port: http
+ volumeMounts:
+ - mountPath: /etc/sachet/
+ name: config-volume
+ {{- with .Values.resources }}
+ resources: {{ toYaml .Values.resources | nindent 12 }}
+ {{- end }}
+ - name: config-reloader
+ securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
+ image: {{ include "system_default_registry" . }}{{ .Values.configReloader.repository }}:{{ .Values.configReloader.tag }}
+ imagePullPolicy: {{ .Values.configReloader.pullPolicy }}
+ args:
+ - -volume-dir=/watch-config
+ - -webhook-method=POST
+ - -webhook-status-code=200
+ - -webhook-url=http://127.0.0.1:{{ .Values.service.port }}/-/reload
+ volumeMounts:
+ - mountPath: /watch-config
+ name: config-volume
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ include "sachet.fullname" . }}
+ defaultMode: 0777
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/psp.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/psp.yaml
new file mode 100644
index 000000000..3469d3fcc
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/psp.yaml
@@ -0,0 +1,29 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "sachet.fullname" . }}-psp
+ labels: {{ include "sachet.labels" . | nindent 4 }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ volumes:
+ - 'configMap'
+ - 'secret'
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/role.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/role.yaml
new file mode 100644
index 000000000..05d4410e3
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/role.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: {{ include "sachet.fullname" . }}-psp
+ namespace: {{ include "sachet.namespace" . }}
+ labels: {{ include "sachet.labels" . | nindent 4 }}
+rules:
+ - apiGroups:
+ - policy
+ resourceNames:
+ - {{ include "sachet.fullname" . }}-psp
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/rolebinding.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/rolebinding.yaml
new file mode 100644
index 000000000..174f0d9e8
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/rolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: {{ include "sachet.fullname" . }}-psp
+ namespace: {{ include "sachet.namespace" . }}
+ labels: {{ include "sachet.labels" . | nindent 4 }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: {{ include "sachet.fullname" . }}-psp
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "sachet.fullname" . }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service-account.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service-account.yaml
new file mode 100644
index 000000000..8833f1b3b
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service-account.yaml
@@ -0,0 +1,6 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "sachet.fullname" . }}
+ namespace: {{ include "sachet.namespace" . }}
+ labels: {{ include "sachet.labels" . | nindent 4 }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service.yaml
new file mode 100644
index 000000000..216e8322c
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/templates/service.yaml
@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "sachet.fullname" . }}
+ namespace: {{ include "sachet.namespace" . }}
+ labels: {{ include "sachet.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ {{- if contains "NodePort" .Values.service.type }}
+ nodePort: {{ .Values.service.nodePort }}
+ {{- end }}
+ selector: {{ include "sachet.selectorLabels" . | nindent 4 }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/values.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/values.yaml
new file mode 100644
index 000000000..b00cf0b18
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/charts/sachet/values.yaml
@@ -0,0 +1,63 @@
+# Default values for sachet.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ namespaceOverride: ""
+
+nameOverride: "sachet"
+fullnameOverride: ""
+
+configReloader:
+ repository: rancher/mirrored-jimmidyson-configmap-reload
+ pullPolicy: IfNotPresent
+ tag: v0.4.0
+
+sachet:
+ # reference: https://github.com/messagebird/sachet/blob/master/examples/config.yaml
+ providers: {}
+
+ receivers: []
+
+replicaCount: 1
+
+image:
+ repository: rancher/mirrored-messagebird-sachet
+ pullPolicy: IfNotPresent
+ tag: 0.2.3
+
+imagePullSecrets: []
+
+podAnnotations: {}
+
+podSecurityContext:
+
+securityContext:
+ runAsUser: 1000
+ runAsNonRoot: true
+ runAsGroup: 1000
+
+service:
+ type: ClusterIP
+ port: 9876
+ nodePort: 30001
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/questions.yml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/questions.yml
new file mode 100644
index 000000000..741808c23
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/questions.yml
@@ -0,0 +1,14 @@
+categories:
+ - monitoring
+namespace: cattle-monitoring-system
+questions:
+ - variable: prom2teams.enabled
+ default: false
+ label: Enable Microsoft Teams
+ type: boolean
+ group: "General"
+ - variable: sachet.enabled
+ default: false
+ label: Enable SMS
+ type: boolean
+ group: "General"
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/NOTES.txt b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/NOTES.txt
new file mode 100644
index 000000000..59c1415e0
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/NOTES.txt
@@ -0,0 +1,2 @@
+rancher-alerting-drivers is now installed on the cluster!
+Please refer to the upstream documentation for each Driver for configuration options.
\ No newline at end of file
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/_helpers.tpl b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/_helpers.tpl
new file mode 100644
index 000000000..e1dbe3370
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/_helpers.tpl
@@ -0,0 +1,117 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: linux
+{{- else -}}
+kubernetes.io/os: linux
+{{- end -}}
+{{- end -}}
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "drivers.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "drivers.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "drivers.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "drivers.labels" -}}
+helm.sh/chart: {{ include "drivers.chart" . }}
+{{ include "drivers.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "drivers.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "drivers.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "drivers.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "drivers.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+https://github.com/helm/helm/issues/4535#issuecomment-477778391
+Usage: {{ include "call-nested" (list . "SUBCHART_NAME" "TEMPLATE") }}
+e.g. {{ include "call-nested" (list . "grafana" "grafana.fullname") }}
+*/}}
+{{- define "call-nested" }}
+{{- $dot := index . 0 }}
+{{- $subchart := index . 1 | splitList "." }}
+{{- $template := index . 2 }}
+{{- $values := $dot.Values }}
+{{- range $subchart }}
+{{- $values = index $values . }}
+{{- end }}
+{{- include $template (dict "Chart" (dict "Name" (last $subchart)) "Values" $values "Release" $dot.Release "Capabilities" $dot.Capabilities) }}
+{{- end }}
+
+
+{{/*
+Get the list of configMaps to be managed
+*/}}
+{{- define "drivers.configmapList" -}}
+{{- if .Values.sachet.enabled -}}
+- {{ include "call-nested" (list . "sachet" "sachet.fullname") }}
+{{- end }}
+{{- if .Values.prom2teams.enabled -}}
+- {{ include "call-nested" (list . "prom2teams" "prom2teams.fullname") }}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/cluster-role.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/cluster-role.yaml
new file mode 100644
index 000000000..e3022a7ca
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/cluster-role.yaml
@@ -0,0 +1,50 @@
+{{- if and (not .Values.sachet.enabled) (not .Values.prom2teams.enabled) -}}
+{{- fail "At least one Driver must be enabled to install the chart. " }}
+{{- end -}}
+
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "drivers.fullname" . }}-admin
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ resourceNames: {{ include "drivers.configmapList" . | nindent 6 }}
+ verbs:
+ - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "drivers.fullname" . }}-edit
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ rbac.authorization.k8s.io/aggregate-to-edit: "true"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ resourceNames: {{ include "drivers.configmapList" . | nindent 6 }}
+ verbs:
+ - "*"
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "drivers.fullname" . }}-view
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ rbac.authorization.k8s.io/aggregate-to-view: "true"
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ resourceNames: {{ include "drivers.configmapList" . | nindent 6 }}
+ verbs:
+ - 'get'
+ - 'list'
+ - 'watch'
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/hardened.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/hardened.yaml
new file mode 100644
index 000000000..eaaa70187
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/templates/hardened.yaml
@@ -0,0 +1,116 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "drivers.fullname" . }}-patch-sa
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+ backoffLimit: 1
+ template:
+ spec:
+ serviceAccountName: {{ include "drivers.fullname" . }}-patch-sa
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 1000
+ restartPolicy: Never
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ containers:
+ - name: {{ include "drivers.fullname" . }}-patch-sa
+ image: "{{ include "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+ imagePullPolicy: IfNotPresent
+ command: ["kubectl", "-n", {{ .Release.Namespace | quote }}, "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "drivers.fullname" . }}-patch-sa
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "drivers.fullname" . }}-patch-sa
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+rules:
+ - apiGroups: [""]
+ resources: ["serviceaccounts"]
+ verbs: ["get", "patch"]
+ - apiGroups: ["policy"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
+ resourceNames:
+ - {{ include "drivers.fullname" . }}-patch-sa
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "drivers.fullname" . }}-patch-sa
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "drivers.fullname" . }}-patch-sa
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "drivers.fullname" . }}-patch-sa
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "drivers.fullname" . }}-patch-sa
+ labels: {{ include "drivers.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+ privileged: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ volumes:
+ - 'secret'
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "drivers.fullname" . }}-default-allow-all
+ namespace: {{ .Release.Namespace }}
+spec:
+ podSelector: {}
+ ingress:
+ - {}
+ egress:
+ - {}
+ policyTypes:
+ - Ingress
+ - Egress
diff --git a/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/values.yaml b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/values.yaml
new file mode 100644
index 000000000..00ae3bc62
--- /dev/null
+++ b/charts/rancher-alerting-drivers/rancher-alerting-drivers/100.0.0/values.yaml
@@ -0,0 +1,20 @@
+# Default values for rancher-alerting-driver.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ cattle:
+ # the registry where all images will be pulled from
+ systemDefaultRegistry: ""
+ kubectl:
+ repository: rancher/kubectl
+ tag: v1.20.2
+ # set this value if you want the sub-charts to be installed into
+ # a namespace rather than where this chart is installed
+ namespaceOverride: ""
+
+prom2teams:
+ enabled: false
+
+sachet:
+ enabled: false
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/Chart.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/Chart.yaml
new file mode 100644
index 000000000..d6571abee
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-resources-system
+ catalog.cattle.io/release-name: rancher-backup-crd
+apiVersion: v2
+appVersion: 2.0.0
+description: Installs the CRDs for rancher-backup.
+name: rancher-backup-crd
+type: application
+version: 2.0.0
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/README.md b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/README.md
new file mode 100644
index 000000000..046410962
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/README.md
@@ -0,0 +1,3 @@
+# Rancher Backup CRD
+
+A Rancher chart that installs the CRDs used by `rancher-backup`.
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/backup.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/backup.yaml
new file mode 100644
index 000000000..a4b9471c0
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/backup.yaml
@@ -0,0 +1,119 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: backups.resources.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.storageLocation
+ name: Location
+ type: string
+ - JSONPath: .status.backupType
+ name: Type
+ type: string
+ - JSONPath: .status.filename
+ name: Latest-Backup
+ type: string
+ - JSONPath: .spec.resourceSetName
+ name: ResourceSet
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ group: resources.cattle.io
+ names:
+ kind: Backup
+ plural: backups
+ scope: Cluster
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ encryptionConfigSecretName:
+ description: Name of the Secret containing the encryption config
+ type: string
+ resourceSetName:
+ description: Name of the ResourceSet CR to use for backup
+ type: string
+ retentionCount:
+ minimum: 1
+ type: integer
+ schedule:
+ description: Cron schedule for recurring backups
+ example:
+ Descriptors: '@midnight'
+ Standard crontab specs: 0 0 * * *
+ type: string
+ storageLocation:
+ nullable: true
+ properties:
+ s3:
+ nullable: true
+ properties:
+ bucketName:
+ type: string
+ credentialSecretName:
+ type: string
+ credentialSecretNamespace:
+ type: string
+ endpoint:
+ type: string
+ endpointCA:
+ type: string
+ folder:
+ type: string
+ insecureTLSSkipVerify:
+ type: boolean
+ region:
+ type: string
+ type: object
+ type: object
+ required:
+ - resourceSetName
+ type: object
+ status:
+ properties:
+ backupType:
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ type: string
+ lastUpdateTime:
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ type: object
+ nullable: true
+ type: array
+ filename:
+ type: string
+ lastSnapshotTs:
+ type: string
+ nextSnapshotAt:
+ type: string
+ observedGeneration:
+ type: integer
+ storageLocation:
+ type: string
+ summary:
+ type: string
+ type: object
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/resourceset.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/resourceset.yaml
new file mode 100644
index 000000000..d97fbae48
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/resourceset.yaml
@@ -0,0 +1,99 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: resourcesets.resources.cattle.io
+spec:
+ group: resources.cattle.io
+ names:
+ kind: ResourceSet
+ plural: resourcesets
+ scope: Cluster
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ controllerReferences:
+ items:
+ properties:
+ apiVersion:
+ type: string
+ name:
+ type: string
+ namespace:
+ type: string
+ replicas:
+ type: integer
+ resource:
+ type: string
+ type: object
+ nullable: true
+ type: array
+ resourceSelectors:
+ items:
+ properties:
+ apiVersion:
+ type: string
+ excludeKinds:
+ items:
+ type: string
+ nullable: true
+ type: array
+ kinds:
+ items:
+ type: string
+ nullable: true
+ type: array
+ kindsRegexp:
+ type: string
+ labelSelectors:
+ nullable: true
+ properties:
+ matchExpressions:
+ items:
+ properties:
+ key:
+ type: string
+ operator:
+ type: string
+ values:
+ items:
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ nullable: true
+ type: object
+ type: object
+ namespaceRegexp:
+ type: string
+ namespaces:
+ items:
+ type: string
+ nullable: true
+ type: array
+ resourceNameRegexp:
+ type: string
+ resourceNames:
+ items:
+ type: string
+ nullable: true
+ type: array
+ type: object
+ nullable: true
+ required:
+ - apiVersion
+ type: array
+ required:
+ - resourceSelectors
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
diff --git a/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/restore.yaml b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/restore.yaml
new file mode 100644
index 000000000..1ad7d1721
--- /dev/null
+++ b/charts/rancher-backup-crd/rancher-backup-crd/2.0.0/templates/restore.yaml
@@ -0,0 +1,102 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: restores.resources.cattle.io
+spec:
+ additionalPrinterColumns:
+ - JSONPath: .status.backupSource
+ name: Backup-Source
+ type: string
+ - JSONPath: .spec.backupFilename
+ name: Backup-File
+ type: string
+ - JSONPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ - JSONPath: .status.conditions[?(@.type=="Ready")].message
+ name: Status
+ type: string
+ group: resources.cattle.io
+ names:
+ kind: Restore
+ plural: restores
+ scope: Cluster
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ backupFilename:
+ type: string
+ deleteTimeoutSeconds:
+ maximum: 10
+ type: integer
+ encryptionConfigSecretName:
+ type: string
+ prune:
+ nullable: true
+ type: boolean
+ storageLocation:
+ nullable: true
+ properties:
+ s3:
+ nullable: true
+ properties:
+ bucketName:
+ type: string
+ credentialSecretName:
+ type: string
+ credentialSecretNamespace:
+ type: string
+ endpoint:
+ type: string
+ endpointCA:
+ type: string
+ folder:
+ type: string
+ insecureTLSSkipVerify:
+ type: boolean
+ region:
+ type: string
+ type: object
+ type: object
+ required:
+ - backupFilename
+ type: object
+ status:
+ properties:
+ backupSource:
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ type: string
+ lastUpdateTime:
+ type: string
+ message:
+ type: string
+ reason:
+ type: string
+ status:
+ type: string
+ type:
+ type: string
+ type: object
+ nullable: true
+ type: array
+ observedGeneration:
+ type: integer
+ restoreCompletionTs:
+ type: string
+ summary:
+ type: string
+ type: object
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/Chart.yaml b/charts/rancher-backup/rancher-backup/2.0.0/Chart.yaml
new file mode 100644
index 000000000..e1b0eb24c
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/Chart.yaml
@@ -0,0 +1,21 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-backup-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: Rancher Backups
+ catalog.cattle.io/namespace: cattle-resources-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: resources.cattle.io.resourceset/v1
+ catalog.cattle.io/release-name: rancher-backup
+ catalog.cattle.io/scope: management
+ catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/ui-component: rancher-backup
+apiVersion: v2
+appVersion: 2.0.0
+description: Provides ability to back up and restore the Rancher application running
+ on any Kubernetes cluster
+icon: https://charts.rancher.io/assets/logos/backup-restore.svg
+keywords:
+- applications
+- infrastructure
+name: rancher-backup
+version: 2.0.0
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/README.md b/charts/rancher-backup/rancher-backup/2.0.0/README.md
new file mode 100644
index 000000000..8d645b479
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/README.md
@@ -0,0 +1,70 @@
+# Rancher Backup
+
+This chart provides ability to back up and restore the Rancher application running on any Kubernetes cluster.
+
+Refer [this](https://github.com/rancher/backup-restore-operator) repository for implementation details.
+
+-----
+
+### Get Repo Info
+```bash
+helm repo add rancher-chart https://charts.rancher.io
+helm repo update
+```
+
+-----
+
+### Install Chart
+```bash
+helm install rancher-backup-crd rancher-chart/rancher-backup-crd -n cattle-resources-system --create-namespace
+helm install rancher-backup rancher-chart/rancher-backup -n cattle-resources-system
+```
+
+-----
+
+### Configuration
+The following table lists the configurable parameters of the rancher-backup chart and their default values:
+
+| Parameter | Description | Default |
+|----------|---------------|-------|
+| image.repository | Container image repository | rancher/backup-restore-operator |
+| image.tag | Container image tag | v0.1.0-rc1 |
+| s3.enabled | Configure S3 compatible default storage location. Current version supports S3 and MinIO | false |
+| s3.credentialSecretName | Name of the Secret containing S3 credentials. This is an optional field. Skip this field in order to use IAM Role authentication. The Secret must contain following two keys, `accessKey` and `secretKey` | "" |
+| s3.credentialSecretNamespace | Namespace of the Secret containing S3 credentials. This can be any namespace. | "" |
+| s3.region | Region of the S3 Bucket (Required for S3, not valid for MinIO) | "" |
+| s3.bucketName | Name of the Bucket | "" |
+| s3.folder | Base folder within the Bucket (optional) | "" |
+| s3.endpoint | Endpoint for the S3 storage provider | "" |
+| s3.endpointCA | Base64 encoded CA cert for the S3 storage provider (optional) | "" |
+| s3.insecureTLSSkipVerify | Skip SSL verification | false |
+| persistence.enabled | Configure a Persistent Volume as the default storage location. It accepts either a StorageClass name to create a PVC, or directly accepts the PV to use. The Persistent Volume is mounted at `/var/lib/backups` in the operator pod | false |
+| persistence.storageClass | StorageClass to use for dynamically provisioning the Persistent Volume, which will be used for storing backups | "" |
+| persistence.volumeName | Persistent Volume to use for storing backups | "" |
+| persistence.size | Requested size of the Persistent Volume (Applicable when using dynamic provisioning) | "" |
+| nodeSelector | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | {} |
+| tolerations | https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration | [] |
+| affinity | https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity | {} |
+| serviceAccount.annotations | Annotations to apply to created service account | {} |
+
+-----
+
+### CRDs
+
+Refer [this](https://github.com/rancher/backup-restore-operator#crds) section for information on CRDs that this chart installs. Also refer [this](https://github.com/rancher/backup-restore-operator/tree/master/examples) folder containing sample manifests for the CRDs.
+
+-----
+### Upgrading Chart
+```bash
+helm upgrade rancher-backup-crd -n cattle-resources-system
+helm upgrade rancher-backup -n cattle-resources-system
+```
+
+-----
+### Uninstall Chart
+
+```bash
+helm uninstall rancher-backup -n cattle-resources-system
+helm uninstall rancher-backup-crd -n cattle-resources-system
+```
+
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/app-readme.md b/charts/rancher-backup/rancher-backup/2.0.0/app-readme.md
new file mode 100644
index 000000000..15a021cdb
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher Backup
+
+This chart enables ability to capture backups of the Rancher application and restore from these backups. This chart can be used to migrate Rancher from one Kubernetes cluster to a different Kubernetes cluster.
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/backups/v2.5/).
+
+This chart installs the following components:
+
+- [backup-restore-operator](https://github.com/rancher/backup-restore-operator)
+ - The operator handles backing up all Kubernetes resources and CRDs that Rancher creates and manages from the local cluster. It gathers these resources by querying the Kubernetes API server, packages all the resources to create a tarball file and saves it in the configured backup storage location.
+ - The operator can be configured to store backups in S3-compatible object stores such as AWS S3 and MinIO, and in persistent volumes. During deployment, you can create a default storage location, but there is always the option to override the default storage location with each backup, but will be limited to using an S3-compatible object store.
+ - It preserves the ownerReferences on all resources, hence maintaining dependencies between objects.
+ - This operator provides encryption support, to encrypt user specified resources before saving them in the backup file. It uses the same encryption configuration that is used to enable [Kubernetes Encryption at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/).
+- Backup - A backup is a CRD (`Backup`) that defines when to take backups, where to store the backup and what encryption to use (optional). Backups can be taken ad hoc or scheduled to be taken in intervals.
+- Restore - A restore is a CRD (`Restore`) that defines which backup to use to restore the Rancher application to.
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/aks.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/aks.yaml
new file mode 100644
index 000000000..de8ec1b8a
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/aks.yaml
@@ -0,0 +1,25 @@
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+ kindsRegexp: "."
+ resourceNameRegexp: "aks.cattle.io$"
+- apiVersion: "aks.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "apps/v1"
+ kindsRegexp: "^deployments$"
+ namespaces:
+ - "cattle-system"
+ resourceNames:
+ - "aks-config-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterroles$"
+ resourceNames:
+ - "aks-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterrolebindings$"
+ resourceNames:
+ - "aks-operator"
+- apiVersion: "v1"
+ kindsRegexp: "^serviceaccounts$"
+ namespaces:
+ - "cattle-system"
+ resourceNames:
+ - "aks-operator"
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/eks.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/eks.yaml
new file mode 100644
index 000000000..59f47ce47
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/eks.yaml
@@ -0,0 +1,17 @@
+- apiVersion: "eks.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "apps/v1"
+ kindsRegexp: "^deployments$"
+ resourceNames:
+ - "eks-config-operator"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+ kindsRegexp: "."
+ resourceNameRegexp: "eks.cattle.io$"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterroles$"
+ resourceNames:
+ - "eks-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterrolebindings$"
+ resourceNames:
+ - "eks-operator"
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/fleet.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/fleet.yaml
new file mode 100644
index 000000000..68b0dfadb
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/fleet.yaml
@@ -0,0 +1,49 @@
+- apiVersion: "v1"
+ kindsRegexp: "^namespaces$"
+ resourceNameRegexp: "^fleet-|^cluster-fleet-"
+- apiVersion: "v1"
+ kindsRegexp: "^secrets$"
+ namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+ labelSelectors:
+ matchExpressions:
+ - key: "owner"
+ operator: "NotIn"
+ values: ["helm"]
+ - key: "fleet.cattle.io/managed"
+ operator: "In"
+ values: ["true"]
+- apiVersion: "v1"
+ kindsRegexp: "^serviceaccounts$"
+ namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+- apiVersion: "v1"
+ kindsRegexp: "^configmaps$"
+ namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^roles$|^rolebindings$"
+ namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterrolebindings$"
+ resourceNameRegexp: "^fleet-|^gitjob-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterroles$"
+ resourceNameRegexp: "^fleet-"
+ resourceNames:
+ - "gitjob"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+ kindsRegexp: "."
+ resourceNameRegexp: "fleet.cattle.io$|gitjob.cattle.io$"
+- apiVersion: "fleet.cattle.io/v1alpha1"
+ kindsRegexp: "."
+- apiVersion: "gitjob.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "apps/v1"
+ kindsRegexp: "^deployments$"
+ namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+ resourceNameRegexp: "^fleet-"
+ resourceNames:
+ - "gitjob"
+- apiVersion: "apps/v1"
+ kindsRegexp: "^services$"
+ namespaceRegexp: "^cattle-fleet-|^fleet-|^cluster-fleet-"
+ resourceNames:
+ - "gitjob"
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/gke.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/gke.yaml
new file mode 100644
index 000000000..a77019235
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/gke.yaml
@@ -0,0 +1,17 @@
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+ kindsRegexp: "."
+ resourceNameRegexp: "gke.cattle.io$"
+- apiVersion: "gke.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "apps/v1"
+ kindsRegexp: "^deployments$"
+ resourceNames:
+ - "gke-config-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterroles$"
+ resourceNames:
+ - "gke-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterrolebindings$"
+ resourceNames:
+ - "gke-operator"
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/provisioningv2.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/provisioningv2.yaml
new file mode 100644
index 000000000..a881eb381
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/provisioningv2.yaml
@@ -0,0 +1,18 @@
+- apiVersion: "apiextensions.k8s.io/v1"
+ kindsRegexp: "."
+ resourceNameRegexp: "provisioning.cattle.io$|rke-machine-config.cattle.io$|rke-machine.cattle.io$|rke.cattle.io$|cluster.x-k8s.io$"
+- apiVersion: "provisioning.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "rke-machine-config.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "rke-machine.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "rke.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "cluster.x-k8s.io/v1alpha4"
+ kindsRegexp: "."
+- apiVersion: "v1"
+ kindsRegexp: "^secrets$"
+ resourceNameRegexp: "machine-plan$|rke-state$|machine-state$|machine-driver-secret$|machine-provision$"
+ namespaces:
+ - "fleet-default"
\ No newline at end of file
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher-operator.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher-operator.yaml
new file mode 100644
index 000000000..3518fb5b7
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher-operator.yaml
@@ -0,0 +1,27 @@
+- apiVersion: "rancher.cattle.io/v1"
+ kindsRegexp: "."
+- apiVersion: "apps/v1"
+ kindsRegexp: "^deployments$"
+ resourceNames:
+ - "rancher-operator"
+ namespaces:
+ - "rancher-operator-system"
+- apiVersion: "v1"
+ kindsRegexp: "^serviceaccounts$"
+ namespaces:
+ - "rancher-operator-system"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterrolebindings$"
+ resourceNames:
+ - "rancher-operator"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterroles$"
+ resourceNames:
+ - "rancher-operator"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+ kindsRegexp: "."
+ resourceNameRegexp: "rancher.cattle.io$"
+- apiVersion: "v1"
+ kindsRegexp: "^namespaces$"
+ resourceNames:
+ - "rancher-operator-system"
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher.yaml b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher.yaml
new file mode 100644
index 000000000..521ff8473
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/files/default-resourceset-contents/rancher.yaml
@@ -0,0 +1,49 @@
+- apiVersion: "v1"
+ kindsRegexp: "^namespaces$"
+ resourceNameRegexp: "^cattle-|^p-|^c-|^user-|^u-"
+ resourceNames:
+ - "local"
+- apiVersion: "v1"
+ kindsRegexp: "^secrets$"
+ namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
+ labelSelectors:
+ matchExpressions:
+ - key: "owner"
+ operator: "NotIn"
+ values: ["helm"]
+- apiVersion: "v1"
+ kindsRegexp: "^serviceaccounts$"
+ namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
+- apiVersion: "v1"
+ kindsRegexp: "^configmaps$"
+ namespaces:
+ - "cattle-system"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^roles$|^rolebindings$"
+ namespaceRegexp: "^cattle-|^p-|^c-|^local$|^user-|^u-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterrolebindings$"
+ resourceNameRegexp: "^cattle-|^clusterrolebinding-|^globaladmin-user-|^grb-u-|^crb-"
+- apiVersion: "rbac.authorization.k8s.io/v1"
+ kindsRegexp: "^clusterroles$"
+ resourceNameRegexp: "^cattle-|^p-|^c-|^local-|^user-|^u-|^project-|^create-ns$"
+- apiVersion: "apiextensions.k8s.io/v1beta1"
+ kindsRegexp: "."
+ resourceNameRegexp: "management.cattle.io$|project.cattle.io$|catalog.cattle.io$|resources.cattle.io$"
+- apiVersion: "management.cattle.io/v3"
+ kindsRegexp: "."
+ excludeKinds:
+ - "tokens"
+- apiVersion: "management.cattle.io/v3"
+ kindsRegexp: "^tokens$"
+ labelSelectors:
+ matchExpressions:
+ - key: "authn.management.cattle.io/kind"
+ operator: "NotIn"
+ values: [ "provisioning" ]
+- apiVersion: "project.cattle.io/v3"
+ kindsRegexp: "."
+- apiVersion: "catalog.cattle.io/v1"
+ kindsRegexp: "^clusterrepos$"
+- apiVersion: "resources.cattle.io/v1"
+ kindsRegexp: "^ResourceSet$"
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/_helpers.tpl b/charts/rancher-backup/rancher-backup/2.0.0/templates/_helpers.tpl
new file mode 100644
index 000000000..0f2218ab5
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/_helpers.tpl
@@ -0,0 +1,83 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+beta.kubernetes.io/os: linux
+{{- else -}}
+kubernetes.io/os: linux
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "backupRestore.fullname" -}}
+{{- .Chart.Name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "backupRestore.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "backupRestore.labels" -}}
+helm.sh/chart: {{ include "backupRestore.chart" . }}
+{{ include "backupRestore.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "backupRestore.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "backupRestore.fullname" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+resources.cattle.io/operator: backup-restore
+{{- end }}
+
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "backupRestore.serviceAccountName" -}}
+{{ include "backupRestore.fullname" . }}
+{{- end }}
+
+
+{{- define "backupRestore.s3SecretName" -}}
+{{- printf "%s-%s" .Chart.Name "s3" | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create PVC name using release and revision number.
+*/}}
+{{- define "backupRestore.pvcName" -}}
+{{- printf "%s-%d" .Release.Name .Release.Revision }}
+{{- end }}
+
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/clusterrolebinding.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..cf4abf670
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/clusterrolebinding.yaml
@@ -0,0 +1,14 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: {{ include "backupRestore.fullname" . }}
+ labels:
+ {{- include "backupRestore.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "backupRestore.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: cluster-admin
+ apiGroup: rbac.authorization.k8s.io
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/deployment.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/deployment.yaml
new file mode 100644
index 000000000..a9127f6ec
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/deployment.yaml
@@ -0,0 +1,62 @@
+{{- if and .Values.s3.enabled .Values.persistence.enabled }}
+{{- fail "\n\nCannot configure both s3 and PV for storing backups" }}
+{{- end }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "backupRestore.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "backupRestore.labels" . | nindent 4 }}
+spec:
+ selector:
+ matchLabels:
+ {{- include "backupRestore.selectorLabels" . | nindent 6 }}
+ template:
+ metadata:
+ labels:
+ {{- include "backupRestore.selectorLabels" . | nindent 8 }}
+ annotations:
+ checksum/s3: {{ include (print $.Template.BasePath "/s3-secret.yaml") . | sha256sum }}
+ checksum/pvc: {{ include (print $.Template.BasePath "/pvc.yaml") . | sha256sum }}
+ spec:
+ serviceAccountName: {{ include "backupRestore.serviceAccountName" . }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName }}
+ {{- end }}
+ containers:
+ - name: {{ .Chart.Name }}
+ image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: Always
+ env:
+ - name: CHART_NAMESPACE
+ value: {{ .Release.Namespace }}
+ {{- if .Values.s3.enabled }}
+ - name: DEFAULT_S3_BACKUP_STORAGE_LOCATION
+ value: {{ include "backupRestore.s3SecretName" . }}
+ {{- end }}
+ {{- if .Values.persistence.enabled }}
+ - name: DEFAULT_PERSISTENCE_ENABLED
+ value: "persistence-enabled"
+ volumeMounts:
+ - mountPath: "/var/lib/backups"
+ name: pv-storage
+ volumes:
+ - name: pv-storage
+ persistentVolumeClaim:
+ claimName: {{ include "backupRestore.pvcName" . }}
+ {{- end }}
+ nodeSelector:
+ kubernetes.io/os: linux
+ {{- with .Values.nodeSelector }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ tolerations:
+ {{- include "linux-node-tolerations" . | nindent 8}}
+ {{- with .Values.tolerations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/hardened.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/hardened.yaml
new file mode 100644
index 000000000..97fca2be0
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/hardened.yaml
@@ -0,0 +1,114 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ include "backupRestore.fullname" . }}-patch-sa
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "backupRestore.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+ backoffLimit: 1
+ template:
+ spec:
+ serviceAccountName: {{ include "backupRestore.fullname" . }}-patch-sa
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 1000
+ restartPolicy: Never
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+ containers:
+ - name: {{ include "backupRestore.fullname" . }}-patch-sa
+ image: {{ include "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}
+ imagePullPolicy: IfNotPresent
+ command: ["kubectl", "-n", {{ .Release.Namespace | quote }}, "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "backupRestore.fullname" . }}-patch-sa
+ namespace: {{ .Release.Namespace }}
+ labels: {{ include "backupRestore.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ include "backupRestore.fullname" . }}-patch-sa
+ labels: {{ include "backupRestore.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+rules:
+ - apiGroups: [""]
+ resources: ["serviceaccounts"]
+ verbs: ["get", "patch"]
+ - apiGroups: ["policy"]
+ resources: ["podsecuritypolicies"]
+ verbs: ["use"]
+ resourceNames:
+ - {{ include "backupRestore.fullname" . }}-patch-sa
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ include "backupRestore.fullname" . }}-patch-sa
+ labels: {{ include "backupRestore.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ include "backupRestore.fullname" . }}-patch-sa
+subjects:
+ - kind: ServiceAccount
+ name: {{ include "backupRestore.fullname" . }}-patch-sa
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "backupRestore.fullname" . }}-patch-sa
+ labels: {{ include "backupRestore.labels" . | nindent 4 }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+ privileged: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ volumes:
+ - 'secret'
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: {{ include "backupRestore.fullname" . }}-default-allow-all
+ namespace: {{ .Release.Namespace }}
+spec:
+ podSelector: {}
+ egress:
+ - {}
+ policyTypes:
+ - Ingress
+ - Egress
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/psp.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/psp.yaml
new file mode 100644
index 000000000..a756eef2d
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/psp.yaml
@@ -0,0 +1,29 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ include "backupRestore.fullname" . }}-psp
+ labels: {{ include "backupRestore.labels" . | nindent 4 }}
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ volumes:
+ - 'persistentVolumeClaim'
+ - 'secret'
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/pvc.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/pvc.yaml
new file mode 100644
index 000000000..ff57e4dab
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/pvc.yaml
@@ -0,0 +1,27 @@
+{{- if and .Values.persistence.enabled -}}
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+ name: {{ include "backupRestore.pvcName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "backupRestore.labels" . | nindent 4 }}
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ {{- with .Values.persistence }}
+ requests:
+ storage: {{ .size | quote }}
+{{- if .storageClass }}
+{{- if (eq "-" .storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: {{ .storageClass | quote }}
+{{- end }}
+{{- end }}
+{{- if .volumeName }}
+ volumeName: {{ .volumeName | quote }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/rancher-resourceset.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/rancher-resourceset.yaml
new file mode 100644
index 000000000..05add8824
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/rancher-resourceset.yaml
@@ -0,0 +1,13 @@
+apiVersion: resources.cattle.io/v1
+kind: ResourceSet
+metadata:
+ name: rancher-resource-set
+controllerReferences:
+ - apiVersion: "apps/v1"
+ resource: "deployments"
+ name: "rancher"
+ namespace: "cattle-system"
+resourceSelectors:
+{{- range $path, $_ := .Files.Glob "files/default-resourceset-contents/*.yaml" -}}
+ {{- $.Files.Get $path | nindent 2 -}}
+{{- end -}}
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/s3-secret.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/s3-secret.yaml
new file mode 100644
index 000000000..726509730
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/s3-secret.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.s3.enabled -}}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "backupRestore.s3SecretName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "backupRestore.labels" . | nindent 4 }}
+type: Opaque
+stringData:
+ {{- with .Values.s3 }}
+ {{- if .credentialSecretName }}
+ credentialSecretName: {{ .credentialSecretName }}
+ credentialSecretNamespace: {{ required "When providing a Secret containing S3 credentials, a valid .Values.credentialSecretNamespace must be provided" .credentialSecretNamespace }}
+ {{- end }}
+ {{- if .region }}
+ region: {{ .region | quote }}
+ {{- end }}
+ bucketName: {{ required "A valid .Values.bucketName is required for configuring S3 compatible storage as the default backup storage location" .bucketName | quote }}
+ {{- if .folder }}
+ folder: {{ .folder | quote }}
+ {{- end }}
+ endpoint: {{ required "A valid .Values.endpoint is required for configuring S3 compatible storage as the default backup storage location" .endpoint | quote }}
+ {{- if .endpointCA }}
+ endpointCA: {{ .endpointCA }}
+ {{- end }}
+ {{- if .insecureTLSSkipVerify }}
+ insecureTLSSkipVerify: {{ .insecureTLSSkipVerify | quote }}
+ {{- end }}
+ {{- end }}
+{{ end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/serviceaccount.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/serviceaccount.yaml
new file mode 100644
index 000000000..754e1fe89
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "backupRestore.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "backupRestore.labels" . | nindent 4 }}
+{{- if .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
+{{- end }}
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/templates/validate-install-crd.yaml b/charts/rancher-backup/rancher-backup/2.0.0/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..f63fd2e2e
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/templates/validate-install-crd.yaml
@@ -0,0 +1,16 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "resources.cattle.io/v1/Backup" false -}}
+# {{- set $found "resources.cattle.io/v1/ResourceSet" false -}}
+# {{- set $found "resources.cattle.io/v1/Restore" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# {{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-backup/rancher-backup/2.0.0/values.yaml b/charts/rancher-backup/rancher-backup/2.0.0/values.yaml
new file mode 100644
index 000000000..782140e1c
--- /dev/null
+++ b/charts/rancher-backup/rancher-backup/2.0.0/values.yaml
@@ -0,0 +1,57 @@
+image:
+ repository: rancher/backup-restore-operator
+ tag: v2.0.0
+
+## Default s3 bucket for storing all backup files created by the backup-restore-operator
+s3:
+ enabled: false
+ ## credentialSecretName if set, should be the name of the Secret containing AWS credentials.
+ ## To use IAM Role, don't set this field
+ credentialSecretName: ""
+ credentialSecretNamespace: ""
+ region: ""
+ bucketName: ""
+ folder: ""
+ endpoint: ""
+ endpointCA: ""
+ insecureTLSSkipVerify: false
+
+## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
+## If persistence is enabled, operator will create a PVC with mountPath /var/lib/backups
+persistence:
+ enabled: false
+
+ ## If defined, storageClassName:
+ ## If set to "-", storageClassName: "", which disables dynamic provisioning
+ ## If undefined (the default) or set to null, no storageClassName spec is
+ ## set, choosing the default provisioner. (gp2 on AWS, standard on
+ ## GKE, AWS & OpenStack).
+ ## Refer https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1
+ ##
+ storageClass: "-"
+
+ ## If you want to disable dynamic provisioning by setting storageClass to "-" above,
+ ## and want to target a particular PV, provide name of the target volume
+ volumeName: ""
+
+ ## Only certain StorageClasses allow resizing PVs; Refer https://kubernetes.io/blog/2018/07/12/resizing-persistent-volumes-using-kubernetes/
+ size: 2Gi
+
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ kubectl:
+ repository: rancher/kubectl
+ tag: v1.20.2
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+serviceAccount:
+ annotations: {}
+
+priorityClassName: ""
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/Chart.yaml
new file mode 100644
index 000000000..1fbd801ef
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cis-operator-system
+ catalog.cattle.io/release-name: rancher-cis-benchmark-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-cis-benchmark.
+name: rancher-cis-benchmark-crd
+type: application
+version: 2.0.0
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/README.md
new file mode 100644
index 000000000..f6d9ef621
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/README.md
@@ -0,0 +1,2 @@
+# rancher-cis-benchmark-crd
+A Rancher chart that installs the CRDs used by rancher-cis-benchmark.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscan.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscan.yaml
new file mode 100644
index 000000000..3cbb0ffcd
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscan.yaml
@@ -0,0 +1,148 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterscans.cis.cattle.io
+spec:
+ group: cis.cattle.io
+ names:
+ kind: ClusterScan
+ plural: clusterscans
+ scope: Cluster
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ additionalPrinterColumns:
+ - jsonPath: .status.lastRunScanProfileName
+ name: ClusterScanProfile
+ type: string
+ - jsonPath: .status.summary.total
+ name: Total
+ type: string
+ - jsonPath: .status.summary.pass
+ name: Pass
+ type: string
+ - jsonPath: .status.summary.fail
+ name: Fail
+ type: string
+ - jsonPath: .status.summary.skip
+ name: Skip
+ type: string
+ - jsonPath: .status.summary.warn
+ name: Warn
+ type: string
+ - jsonPath: .status.summary.notApplicable
+ name: Not Applicable
+ type: string
+ - jsonPath: .status.lastRunTimestamp
+ name: LastRunTimestamp
+ type: string
+ - jsonPath: .spec.scheduledScanConfig.cronSchedule
+ name: CronSchedule
+ type: string
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ scanProfileName:
+ nullable: true
+ type: string
+ scheduledScanConfig:
+ nullable: true
+ properties:
+ cronSchedule:
+ nullable: true
+ type: string
+ retentionCount:
+ type: integer
+ scanAlertRule:
+ nullable: true
+ properties:
+ alertOnComplete:
+ type: boolean
+ alertOnFailure:
+ type: boolean
+ type: object
+ type: object
+ scoreWarning:
+ enum:
+ - pass
+ - fail
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ NextScanAt:
+ nullable: true
+ type: string
+ ScanAlertingRuleName:
+ nullable: true
+ type: string
+ conditions:
+ items:
+ properties:
+ lastTransitionTime:
+ nullable: true
+ type: string
+ lastUpdateTime:
+ nullable: true
+ type: string
+ message:
+ nullable: true
+ type: string
+ reason:
+ nullable: true
+ type: string
+ status:
+ nullable: true
+ type: string
+ type:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ display:
+ nullable: true
+ properties:
+ error:
+ type: boolean
+ message:
+ nullable: true
+ type: string
+ state:
+ nullable: true
+ type: string
+ transitioning:
+ type: boolean
+ type: object
+ lastRunScanProfileName:
+ nullable: true
+ type: string
+ lastRunTimestamp:
+ nullable: true
+ type: string
+ observedGeneration:
+ type: integer
+ summary:
+ nullable: true
+ properties:
+ fail:
+ type: integer
+ notApplicable:
+ type: integer
+ pass:
+ type: integer
+ skip:
+ type: integer
+ total:
+ type: integer
+ warn:
+ type: integer
+ type: object
+ type: object
+ type: object
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanbenchmark.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanbenchmark.yaml
new file mode 100644
index 000000000..fd291f8c3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanbenchmark.yaml
@@ -0,0 +1,54 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterscanbenchmarks.cis.cattle.io
+spec:
+ group: cis.cattle.io
+ names:
+ kind: ClusterScanBenchmark
+ plural: clusterscanbenchmarks
+ scope: Cluster
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ additionalPrinterColumns:
+ - jsonPath: .spec.clusterProvider
+ name: ClusterProvider
+ type: string
+ - jsonPath: .spec.minKubernetesVersion
+ name: MinKubernetesVersion
+ type: string
+ - jsonPath: .spec.maxKubernetesVersion
+ name: MaxKubernetesVersion
+ type: string
+ - jsonPath: .spec.customBenchmarkConfigMapName
+ name: customBenchmarkConfigMapName
+ type: string
+ - jsonPath: .spec.customBenchmarkConfigMapNamespace
+ name: customBenchmarkConfigMapNamespace
+ type: string
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ clusterProvider:
+ nullable: true
+ type: string
+ customBenchmarkConfigMapName:
+ nullable: true
+ type: string
+ customBenchmarkConfigMapNamespace:
+ nullable: true
+ type: string
+ maxKubernetesVersion:
+ nullable: true
+ type: string
+ minKubernetesVersion:
+ nullable: true
+ type: string
+ type: object
+ type: object
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanprofile.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanprofile.yaml
new file mode 100644
index 000000000..1e75501b7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanprofile.yaml
@@ -0,0 +1,36 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterscanprofiles.cis.cattle.io
+spec:
+ group: cis.cattle.io
+ names:
+ kind: ClusterScanProfile
+ plural: clusterscanprofiles
+ scope: Cluster
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ benchmarkVersion:
+ nullable: true
+ type: string
+ skipTests:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ type: object
+ type: object
+ additionalPrinterColumns:
+ - jsonPath: .spec.benchmarkVersion
+ name: BenchmarkVersion
+ type: string
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanreport.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanreport.yaml
new file mode 100644
index 000000000..6e8c0b7de
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark-crd/2.0.0/templates/clusterscanreport.yaml
@@ -0,0 +1,39 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ name: clusterscanreports.cis.cattle.io
+spec:
+ group: cis.cattle.io
+ names:
+ kind: ClusterScanReport
+ plural: clusterscanreports
+ scope: Cluster
+ versions:
+ - name: v1
+ served: true
+ storage: true
+ additionalPrinterColumns:
+ - jsonPath: .spec.lastRunTimestamp
+ name: LastRunTimestamp
+ type: string
+ - jsonPath: .spec.benchmarkVersion
+ name: BenchmarkVersion
+ type: string
+ subresources:
+ status: {}
+ schema:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ benchmarkVersion:
+ nullable: true
+ type: string
+ lastRunTimestamp:
+ nullable: true
+ type: string
+ reportJSON:
+ nullable: true
+ type: string
+ type: object
+ type: object
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/Chart.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/Chart.yaml
new file mode 100644
index 000000000..45dcb49d5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/Chart.yaml
@@ -0,0 +1,19 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: CIS Benchmark
+ catalog.cattle.io/namespace: cis-operator-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: cis.cattle.io.clusterscans/v1
+ catalog.cattle.io/release-name: rancher-cis-benchmark
+ catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/ui-component: rancher-cis-benchmark
+apiVersion: v1
+appVersion: v1.0.5
+description: The cis-operator enables running CIS benchmark security scans on a kubernetes
+ cluster
+icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
+keywords:
+- security
+name: rancher-cis-benchmark
+version: 2.0.0
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/README.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/README.md
new file mode 100644
index 000000000..50beab58b
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/README.md
@@ -0,0 +1,9 @@
+# Rancher CIS Benchmark Chart
+
+The cis-operator enables running CIS benchmark security scans on a kubernetes cluster and generate compliance reports that can be downloaded.
+
+# Installation
+
+```
+helm install rancher-cis-benchmark ./ --create-namespace -n cis-operator-system
+```
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/app-readme.md b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/app-readme.md
new file mode 100644
index 000000000..5e495d605
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/app-readme.md
@@ -0,0 +1,15 @@
+# Rancher CIS Benchmarks
+
+This chart enables security scanning of the cluster using [CIS (Center for Internet Security) benchmarks](https://www.cisecurity.org/benchmark/kubernetes/).
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/cis-scans/v2.5/).
+
+This chart installs the following components:
+
+- [cis-operator](https://github.com/rancher/cis-operator) - The cis-operator handles launching the [kube-bench](https://github.com/aquasecurity/kube-bench) tool that runs a suite of CIS tests on the nodes of your Kubernetes cluster. After scans finish, the cis-operator generates a compliance report that can be downloaded.
+- Scans - A scan is a CRD (`ClusterScan`) that defines when to trigger CIS scans on the cluster based on the defined profile. A report is created after the scan is completed.
+- Profiles - A profile is a CRD (`ClusterScanProfile`) that defines the configuration for the CIS scan, which is the benchmark versions to use and any specific tests to skip in that benchmark. This chart installs a few default `ClusterScanProfile` custom resources with no skipped tests, which can immediately be used to launch CIS scans.
+- Benchmark Versions - A benchmark version is a CRD (`ClusterScanBenchmark`) that defines the CIS benchmark version to run using kube-bench as well as the valid configuration parameters for that benchmark. This chart installs a few default `ClusterScanBenchmark` custom resources.
+- Alerting Resources - Rancher's CIS Benchmark application lets you run a cluster scan on a schedule, and send alerts when scans finish.
+ - If you want to enable alerts to be delivered when a cluster scan completes, you need to ensure that [Rancher's Monitoring and Alerting](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/) application is pre-installed and the [Receivers and Routes](https://rancher.com/docs/rancher/v2.x/en/monitoring-alerting/v2.5/configuration/#alertmanager-config) are configured to send out alerts.
+ - Additionally, you need to set `alerts: true` in the Values YAML while installing or upgrading this chart.
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/_helpers.tpl b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/_helpers.tpl
new file mode 100644
index 000000000..67f4ce116
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/_helpers.tpl
@@ -0,0 +1,23 @@
+{{/* Ensure namespace is set the same everywhere */}}
+{{- define "cis.namespace" -}}
+ {{- .Release.Namespace | default "cis-operator-system" -}}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux_node_tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/alertingrule.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/alertingrule.yaml
new file mode 100644
index 000000000..1787c88a0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/alertingrule.yaml
@@ -0,0 +1,14 @@
+{{- if .Values.alerts.enabled -}}
+---
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ name: rancher-cis-pod-monitor
+ namespace: {{ template "cis.namespace" . }}
+spec:
+ selector:
+ matchLabels:
+ cis.cattle.io/operator: cis-operator
+ podMetricsEndpoints:
+ - port: cismetrics
+{{- end }}
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.5.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.5.yaml
new file mode 100644
index 000000000..39e8b834a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.5.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: cis-1.5
+spec:
+ clusterProvider: ""
+ minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.6.yaml
new file mode 100644
index 000000000..93ba064f4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-cis-1.6.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: cis-1.6
+spec:
+ clusterProvider: ""
+ minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-eks-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-eks-1.0.yaml
new file mode 100644
index 000000000..bd2e32cd3
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-eks-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: eks-1.0
+spec:
+ clusterProvider: eks
+ minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-gke-1.0.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-gke-1.0.yaml
new file mode 100644
index 000000000..72122e8c5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-gke-1.0.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: gke-1.0
+spec:
+ clusterProvider: gke
+ minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3ca9b6009
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: k3s-cis-1.6-hardened
+spec:
+ clusterProvider: k3s
+ minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..6d4253c6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-k3s-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: k3s-cis-1.6-permissive
+spec:
+ clusterProvider: k3s
+ minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..b5627f966
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke-cis-1.5-hardened
+spec:
+ clusterProvider: rke
+ minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..95f80c0f0
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke-cis-1.5-permissive
+spec:
+ clusterProvider: rke
+ minKubernetesVersion: "1.15.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..d75de8154
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke-cis-1.6-hardened
+spec:
+ clusterProvider: rke
+ minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..52428f4a7
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke-cis-1.6-permissive
+spec:
+ clusterProvider: rke
+ minKubernetesVersion: "1.16.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-hardened.yaml
new file mode 100644
index 000000000..3d83e9bd8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke2-cis-1.5-hardened
+spec:
+ clusterProvider: rke2
+ minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-permissive.yaml
new file mode 100644
index 000000000..f66aa8f6e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.5-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke2-cis-1.5-permissive
+spec:
+ clusterProvider: rke2
+ minKubernetesVersion: "1.18.0"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-hardened.yaml
new file mode 100644
index 000000000..3593bf371
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-hardened.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke2-cis-1.6-hardened
+spec:
+ clusterProvider: rke2
+ minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-permissive.yaml
new file mode 100644
index 000000000..522f846ae
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/benchmark-rke2-cis-1.6-permissive.yaml
@@ -0,0 +1,8 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanBenchmark
+metadata:
+ name: rke2-cis-1.6-permissive
+spec:
+ clusterProvider: rke2
+ minKubernetesVersion: "1.20.5"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/cis-roles.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/cis-roles.yaml
new file mode 100644
index 000000000..23c93dc65
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/cis-roles.yaml
@@ -0,0 +1,49 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cis-admin
+rules:
+ - apiGroups:
+ - cis.cattle.io
+ resources:
+ - clusterscanbenchmarks
+ - clusterscanprofiles
+ - clusterscans
+ - clusterscanreports
+ verbs: ["create", "update", "delete", "patch","get", "watch", "list"]
+ - apiGroups:
+ - catalog.cattle.io
+ resources: ["apps"]
+ resourceNames: ["rancher-cis-benchmark"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: cis-view
+rules:
+ - apiGroups:
+ - cis.cattle.io
+ resources:
+ - clusterscanbenchmarks
+ - clusterscanprofiles
+ - clusterscans
+ - clusterscanreports
+ verbs: ["get", "watch", "list"]
+ - apiGroups:
+ - catalog.cattle.io
+ resources: ["apps"]
+ resourceNames: ["rancher-cis-benchmark"]
+ verbs: ["get", "watch", "list"]
+ - apiGroups:
+ - ""
+ resources:
+ - configmaps
+ verbs: ["get", "watch", "list"]
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/configmap.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/configmap.yaml
new file mode 100644
index 000000000..6cbc23db4
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/configmap.yaml
@@ -0,0 +1,17 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: default-clusterscanprofiles
+ namespace: {{ template "cis.namespace" . }}
+data:
+ # Default ClusterScanProfiles per cluster provider type
+ rke: |-
+ <1.16.0: rke-profile-permissive-1.5
+ >=1.16.0: rke-profile-permissive-1.6
+ rke2: |-
+ <1.20.5: rke2-cis-1.5-profile-permissive
+ >=1.20.5: rke2-cis-1.6-profile-permissive
+ eks: "eks-profile"
+ gke: "gke-profile"
+ k3s: "k3s-cis-1.6-profile-permissive"
+ default: "cis-1.6-profile"
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/deployment.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/deployment.yaml
new file mode 100644
index 000000000..0d3c75e39
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/deployment.yaml
@@ -0,0 +1,57 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: cis-operator
+ namespace: {{ template "cis.namespace" . }}
+ labels:
+ cis.cattle.io/operator: cis-operator
+spec:
+ selector:
+ matchLabels:
+ cis.cattle.io/operator: cis-operator
+ template:
+ metadata:
+ labels:
+ cis.cattle.io/operator: cis-operator
+ spec:
+ serviceAccountName: cis-operator-serviceaccount
+ containers:
+ - name: cis-operator
+ image: '{{ template "system_default_registry" . }}{{ .Values.image.cisoperator.repository }}:{{ .Values.image.cisoperator.tag }}'
+ imagePullPolicy: Always
+ ports:
+ - name: cismetrics
+ containerPort: {{ .Values.alerts.metricsPort }}
+ env:
+ - name: SECURITY_SCAN_IMAGE
+ value: {{ template "system_default_registry" . }}{{ .Values.image.securityScan.repository }}
+ - name: SECURITY_SCAN_IMAGE_TAG
+ value: {{ .Values.image.securityScan.tag }}
+ - name: SONOBUOY_IMAGE
+ value: {{ template "system_default_registry" . }}{{ .Values.image.sonobuoy.repository }}
+ - name: SONOBUOY_IMAGE_TAG
+ value: {{ .Values.image.sonobuoy.tag }}
+ - name: CIS_ALERTS_METRICS_PORT
+ value: '{{ .Values.alerts.metricsPort }}'
+ - name: CIS_ALERTS_SEVERITY
+ value: {{ .Values.alerts.severity }}
+ - name: CIS_ALERTS_ENABLED
+ value: {{ .Values.alerts.enabled | default "false" | quote }}
+ - name: CLUSTER_NAME
+ value: {{ .Values.global.cattle.clusterName }}
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ nodeSelector:
+ kubernetes.io/os: linux
+ {{- with .Values.nodeSelector }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ tolerations:
+ {{- include "linux_node_tolerations" . | nindent 8}}
+ {{- with .Values.tolerations }}
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/network_policy_allow_all.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/network_policy_allow_all.yaml
new file mode 100644
index 000000000..6ed5d645e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/network_policy_allow_all.yaml
@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+ name: default-allow-all
+ namespace: {{ template "cis.namespace" . }}
+spec:
+ podSelector: {}
+ ingress:
+ - {}
+ egress:
+ - {}
+ policyTypes:
+ - Ingress
+ - Egress
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/patch_default_serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/patch_default_serviceaccount.yaml
new file mode 100644
index 000000000..1efa3ed1c
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/patch_default_serviceaccount.yaml
@@ -0,0 +1,20 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: patch-sa
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade
+ "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+ template:
+ spec:
+ serviceAccountName: cis-operator-serviceaccount
+ restartPolicy: Never
+ containers:
+ - name: sa
+ image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+ imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+ command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+ args: ["-n", {{ template "cis.namespace" . }}]
+ backoffLimit: 1
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/rbac.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/rbac.yaml
new file mode 100644
index 000000000..4ff88ea5f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/rbac.yaml
@@ -0,0 +1,43 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ labels:
+ app.kubernetes.io/name: rancher-cis-benchmark
+ app.kubernetes.io/instance: release-name
+ name: cis-operator-role
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app.kubernetes.io/name: rancher-cis-benchmark
+ app.kubernetes.io/instance: release-name
+ name: cis-operator-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: cis-operator-role
+subjects:
+- kind: ServiceAccount
+ name: cis-serviceaccount
+ namespace: {{ template "cis.namespace" . }}
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: cis-operator-installer
+subjects:
+- kind: ServiceAccount
+ name: cis-operator-serviceaccount
+ namespace: {{ template "cis.namespace" . }}
+roleRef:
+ kind: ClusterRole
+ name: cluster-admin
+ apiGroup: rbac.authorization.k8s.io
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.5.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.5.yml
new file mode 100644
index 000000000..d69ae9dd5
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.5.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: cis-1.5-profile
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: cis-1.5
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.6.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.6.yaml
new file mode 100644
index 000000000..8a8d8bf88
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-cis-1.6.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: cis-1.6-profile
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: cis-1.6
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-hardened.yml
new file mode 100644
index 000000000..095e977ab
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: k3s-cis-1.6-profile-hardened
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: k3s-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-permissive.yml
new file mode 100644
index 000000000..3b22a80c8
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-k3s-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: k3s-cis-1.6-profile-permissive
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: k3s-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-hardened.yml
new file mode 100644
index 000000000..4eabe158a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke-profile-hardened-1.5
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke-cis-1.5-hardened
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-permissive.yml
new file mode 100644
index 000000000..1f78751d1
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke-profile-permissive-1.5
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-hardened.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-hardened.yaml
new file mode 100644
index 000000000..d38febd80
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-hardened.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke-profile-hardened-1.6
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-permissive.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-permissive.yaml
new file mode 100644
index 000000000..d31b5b0d2
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke-1.6-permissive.yaml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke-profile-permissive-1.6
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-hardened.yml
new file mode 100644
index 000000000..83eb3131e
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke2-cis-1.5-profile-hardened
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke2-cis-1.5-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-permissive.yml
new file mode 100644
index 000000000..40dc44bdf
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.5-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke2-cis-1.5-profile-permissive
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke2-cis-1.5-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-hardened.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-hardened.yml
new file mode 100644
index 000000000..c7ac7f949
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-hardened.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke2-cis-1.6-profile-hardened
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke2-cis-1.6-hardened
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-permissive.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-permissive.yml
new file mode 100644
index 000000000..96ca1345a
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofile-rke2-cis-1.6-permissive.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: rke2-cis-1.6-profile-permissive
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: rke2-cis-1.6-permissive
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofileeks.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofileeks.yml
new file mode 100644
index 000000000..49c7e0246
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofileeks.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: eks-profile
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: eks-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofilegke.yml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofilegke.yml
new file mode 100644
index 000000000..2ddd0686f
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/scanprofilegke.yml
@@ -0,0 +1,9 @@
+---
+apiVersion: cis.cattle.io/v1
+kind: ClusterScanProfile
+metadata:
+ name: gke-profile
+ annotations:
+ clusterscanprofile.cis.cattle.io/builtin: "true"
+spec:
+ benchmarkVersion: gke-1.0
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/serviceaccount.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ec48ec622
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/serviceaccount.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: {{ template "cis.namespace" . }}
+ name: cis-operator-serviceaccount
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: {{ template "cis.namespace" . }}
+ labels:
+ app.kubernetes.io/name: rancher-cis-benchmark
+ app.kubernetes.io/instance: release-name
+ name: cis-serviceaccount
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/validate-install-crd.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..562295791
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/templates/validate-install-crd.yaml
@@ -0,0 +1,17 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScan" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanBenchmark" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanProfile" false -}}
+# {{- set $found "cis.cattle.io/v1/ClusterScanReport" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# {{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/values.yaml b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/values.yaml
new file mode 100644
index 000000000..ed39c8353
--- /dev/null
+++ b/charts/rancher-cis-benchmark/rancher-cis-benchmark/2.0.0/values.yaml
@@ -0,0 +1,45 @@
+# Default values for rancher-cis-benchmark.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+image:
+ cisoperator:
+ repository: rancher/cis-operator
+ tag: v1.0.5
+ securityScan:
+ repository: rancher/security-scan
+ tag: v0.2.3
+ sonobuoy:
+ repository: rancher/mirrored-sonobuoy-sonobuoy
+ tag: v0.16.3
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+nodeSelector: {}
+
+tolerations: []
+
+affinity: {}
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ clusterName: ""
+ kubectl:
+ repository: rancher/kubectl
+ tag: v1.20.2
+
+alerts:
+ enabled: false
+ severity: warning
+ metricsPort: 8080
diff --git a/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/Chart.yaml
new file mode 100644
index 000000000..6cfcc2d33
--- /dev/null
+++ b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: rancher-eks-operator-crd
+apiVersion: v2
+appVersion: 1.1.1
+description: EKS Operator CustomResourceDefinitions
+name: rancher-eks-operator-crd
+version: 100.0.0+up1.1.1
diff --git a/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/templates/crds.yaml b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/templates/crds.yaml
new file mode 100644
index 000000000..9a4634d81
--- /dev/null
+++ b/charts/rancher-eks-operator-crd/rancher-eks-operator-crd/100.0.0+up1.1.1/templates/crds.yaml
@@ -0,0 +1,216 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ helm.sh/resource-policy: keep
+ name: eksclusterconfigs.eks.cattle.io
+spec:
+ group: eks.cattle.io
+ names:
+ kind: EKSClusterConfig
+ plural: eksclusterconfigs
+ shortNames:
+ - ekscc
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ amazonCredentialSecret:
+ nullable: true
+ type: string
+ displayName:
+ nullable: true
+ type: string
+ imported:
+ type: boolean
+ kmsKey:
+ nullable: true
+ type: string
+ kubernetesVersion:
+ nullable: true
+ type: string
+ loggingTypes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ nodeGroups:
+ items:
+ properties:
+ desiredSize:
+ nullable: true
+ type: integer
+ diskSize:
+ nullable: true
+ type: integer
+ ec2SshKey:
+ nullable: true
+ type: string
+ gpu:
+ nullable: true
+ type: boolean
+ imageId:
+ nullable: true
+ type: string
+ instanceType:
+ nullable: true
+ type: string
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ launchTemplate:
+ nullable: true
+ properties:
+ id:
+ nullable: true
+ type: string
+ name:
+ nullable: true
+ type: string
+ version:
+ nullable: true
+ type: integer
+ type: object
+ maxSize:
+ nullable: true
+ type: integer
+ minSize:
+ nullable: true
+ type: integer
+ nodegroupName:
+ nullable: true
+ type: string
+ requestSpotInstances:
+ nullable: true
+ type: boolean
+ resourceTags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ spotInstanceTypes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ subnets:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ tags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ userData:
+ nullable: true
+ type: string
+ version:
+ nullable: true
+ type: string
+ required:
+ - nodegroupName
+ type: object
+ nullable: true
+ type: array
+ privateAccess:
+ nullable: true
+ type: boolean
+ publicAccess:
+ nullable: true
+ type: boolean
+ publicAccessSources:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ region:
+ nullable: true
+ type: string
+ secretsEncryption:
+ nullable: true
+ type: boolean
+ securityGroups:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ serviceRole:
+ nullable: true
+ type: string
+ subnets:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ tags:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ type: object
+ status:
+ properties:
+ failureMessage:
+ nullable: true
+ type: string
+ managedLaunchTemplateID:
+ nullable: true
+ type: string
+ managedLaunchTemplateVersions:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ networkFieldsSource:
+ nullable: true
+ type: string
+ phase:
+ nullable: true
+ type: string
+ securityGroups:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ subnets:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ templateVersionsToDelete:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ virtualNetwork:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/Chart.yaml
new file mode 100644
index 000000000..a26b3f506
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-eks-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
+ catalog.cattle.io/release-name: rancher-eks-operator
+ catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.1.1
+description: A Helm chart for provisioning EKS clusters
+home: https://github.com/rancher/eks-operator
+name: rancher-eks-operator
+sources:
+- https://github.com/rancher/eks-operator
+version: 100.0.0+up1.1.1
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/NOTES.txt b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/NOTES.txt
new file mode 100644
index 000000000..23a1b4a8b
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher EKS operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions EKS clusters
+from EKSClusterConfig CRs.
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/_helpers.tpl b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/_helpers.tpl
new file mode 100644
index 000000000..be11b4a66
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/_helpers.tpl
@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrole.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrole.yaml
new file mode 100644
index 000000000..d0d561b6e
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: eks-operator
+ namespace: cattle-system
+rules:
+ - apiGroups: ['']
+ resources: ['secrets']
+ verbs: ['get', 'list', 'create', 'watch']
+ - apiGroups: ['eks.cattle.io']
+ resources: ['eksclusterconfigs']
+ verbs: ['get', 'list', 'update', 'watch']
+ - apiGroups: ['eks.cattle.io']
+ resources: ['eksclusterconfigs/status']
+ verbs: ['update']
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..2b1846353
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: eks-operator
+ namespace: cattle-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: eks-operator
+subjects:
+- kind: ServiceAccount
+ name: eks-operator
+ namespace: cattle-system
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/deployment.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/deployment.yaml
new file mode 100644
index 000000000..b0717cb79
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: eks-config-operator
+ namespace: cattle-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ ke.cattle.io/operator: eks
+ template:
+ metadata:
+ labels:
+ ke.cattle.io/operator: eks
+ spec:
+ serviceAccountName: eks-operator
+ securityContext:
+ fsGroup: 1007
+ runAsUser: 1007
+ containers:
+ - name: eks-operator
+ image: {{ template "system_default_registry" . }}{{ .Values.eksOperator.image.repository }}:{{ .Values.eksOperator.image.tag }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: HTTP_PROXY
+ value: {{ .Values.httpProxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.httpsProxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+ # eks-operator mounts the additional CAs in two places:
+ volumeMounts:
+ # This directory is owned by the eks-operator user so c_rehash works here.
+ - mountPath: /etc/rancher/ssl/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ # This directory is root-owned so c_rehash doesn't work here,
+ # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+ - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ volumes:
+ - name: tls-ca-additional-volume
+ secret:
+ defaultMode: 0400
+ secretName: tls-ca-additional
+ {{- end }}
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..934de07e0
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: cattle-system
+ name: eks-operator
diff --git a/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/values.yaml b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/values.yaml
new file mode 100644
index 000000000..a369f1f9f
--- /dev/null
+++ b/charts/rancher-eks-operator/rancher-eks-operator/100.0.0+up1.1.1/values.yaml
@@ -0,0 +1,12 @@
+global:
+ systemDefaultRegistry: ""
+
+eksOperator:
+ image:
+ repository: rancher/eks-operator
+ tag: v1.1.1
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/.helmignore b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
new file mode 100644
index 000000000..f4bb5e767
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/Chart.yaml
@@ -0,0 +1,24 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: External IP Webhook
+ catalog.cattle.io/namespace: cattle-externalip-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: rancher-external-ip-webhook
+ catalog.cattle.io/ui-component: rancher-external-ip-webhook
+apiVersion: v1
+appVersion: v1.0.0
+description: |
+ Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554
+home: https://github.com/rancher/externalip-webhook
+keywords:
+- cve
+- externalip
+- webhook
+- security
+maintainers:
+- email: raul@rancher.com
+ name: rawmind0
+name: rancher-external-ip-webhook
+sources:
+- https://github.com/rancher/externalip-webhook
+version: 100.0.0+up1.0.0
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/README.md b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/README.md
new file mode 100644
index 000000000..4890065a7
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/README.md
@@ -0,0 +1,69 @@
+# externalip-webhook
+
+## Chart Details
+
+This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554.
+
+## Installing the Chart
+
+To install the chart with the release name `rancher-external-ip-webhook`:
+
+```bash
+$ helm repo add rancher-chart https://charts.rancher.io
+$ helm repo update
+$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the externalip-webhook chart and their default values.
+
+
+| Parameter | Description | Default |
+| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
+| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` |
+| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` |
+| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` |
+| `certificates.certManager.version` | Cert manager version to use | `""` |
+| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` |
+| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` |
+| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` |
+| `image.pullSecrets` | Webhook server docker pull secret | `""` |
+| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` |
+| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` |
+| `metrics.enabled` | Enable metrics endpoint | `false` |
+| `metrics.port` | Webhook metrics pod port | `8443` |
+| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` |
+| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` |
+| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` |
+| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` |
+| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` |
+| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` |
+| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` |
+| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` |
+| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` |
+| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` |
+| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` |
+| `nodeSelector` | Node labels for pod assignment | `{}` |
+| `rbac.apiVersion` | Rbac API version to use | `"v1"` |
+| `resources.limits.cpu` | Resource cpu limit | `"100m"` |
+| `resources.limits.memory` | Resource memory limit | `"30Mi"` |
+| `resources.requests.cpu` | Resource cpu reservation | `"100m"` |
+| `resources.requests.memory` | Resource memory reservation | `"20Mi"` |
+| `service.metricsPort` | Webhook metrics service port | `8443` |
+| `service.webhookPort` | Webhook server service port | `443` |
+| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` |
+| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` |
+| `webhookPort` | Webhook server pod port | `9443` |
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+$ helm repo add rancher-chart https://charts.rancher.io
+$ helm repo update
+$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml
+```
+
+> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml)
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/app-README.md b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/app-README.md
new file mode 100644
index 000000000..bd8acd382
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/app-README.md
@@ -0,0 +1,12 @@
+# externalip-webhook
+
+This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/)
+
+External IP Webhook is a validating k8s webhook which prevents services from using random external IPs.
+Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator.
+
+External IP Webhook certificates are required. They can be generated in 2 ways:
+* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster
+* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at `Certificates` section.
+
+For more information, review the Helm README of this chart.
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/questions.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/questions.yaml
new file mode 100644
index 000000000..3ea9edd93
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/questions.yaml
@@ -0,0 +1,26 @@
+questions:
+# allowedExternalIPCidrs
+- variable: allowedExternalIPCidrs
+ label: Allowed external IP cidrs
+ description: Set allowed external IP CIDRs separated by a comma
+ type: string
+ group: Configuration
+- variable: certificates.certManager.enabled
+ default: true
+ description: Enable cert manager integration. Cert manager should be already installed
+ label: Enable Cert Manager integration
+ type: boolean
+ group: "Certificates"
+ show_subquestion_if: false
+ subquestions:
+ - variable: certificates.secretName
+ default: webhook-server-cert
+ description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key)
+ label: Secret name
+ type: string
+ required: true
+ - variable: certificates.caBundle
+ description: Use self signed CA Bundle. It should be provided in base64 format
+ label: CA Bundle
+ type: string
+ required: true
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/NOTES.txt b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/NOTES.txt
new file mode 100644
index 000000000..74271bdd5
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/NOTES.txt
@@ -0,0 +1,3 @@
+To verify that externalip-webhook has started, run:
+
+ kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}"
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/_helpers.tpl b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/_helpers.tpl
new file mode 100644
index 000000000..cc8a9a0d3
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/_helpers.tpl
@@ -0,0 +1,50 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "externalip-webhook.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "externalip-webhook.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if ne $name .Release.Name -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/* Generate basic labels */}}
+{{- define "externalip-webhook.labels" }}
+app: {{ template "externalip-webhook.name" . }}
+heritage: {{.Release.Service }}
+release: {{.Release.Name }}
+{{- end }}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/admissionregistration.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/admissionregistration.yaml
new file mode 100644
index 000000000..d8152faa5
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/admissionregistration.yaml
@@ -0,0 +1,30 @@
+apiVersion: admissionregistration.k8s.io/v1beta1
+kind: ValidatingWebhookConfiguration
+metadata:
+{{- if .Values.certificates.certManager.enabled }}
+ annotations:
+ cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert
+{{- end }}
+ creationTimestamp: null
+ name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration
+webhooks:
+- clientConfig:
+{{- if not (.Values.certificates.certManager.enabled) }}
+ caBundle: {{ .Values.certificates.caBundle }}
+{{- end }}
+ service:
+ name: {{ template "externalip-webhook.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+ path: /validate-service
+ failurePolicy: Ignore
+ name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - v1
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - services
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrole.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrole.yaml
new file mode 100644
index 000000000..46e18bf00
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrole.yaml
@@ -0,0 +1,33 @@
+{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}}
+apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
+kind: ClusterRole
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-proxy-role
+rules:
+- apiGroups:
+ - authentication.k8s.io
+ resources:
+ - tokenreviews
+ verbs:
+ - create
+- apiGroups:
+ - authorization.k8s.io
+ resources:
+ - subjectaccessreviews
+ verbs:
+ - create
+---
+apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
+kind: ClusterRole
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-metrics-reader
+rules:
+- nonResourceURLs:
+ - /metrics
+ verbs:
+ - get
+{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrolebinding.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..2fa40817f
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/clusterrolebinding.yaml
@@ -0,0 +1,31 @@
+apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
+kind: ClusterRoleBinding
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-cluster-view
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: view
+subjects:
+- kind: ServiceAccount
+ name: {{ template "externalip-webhook.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }}
+---
+apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }}
+kind: ClusterRoleBinding
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "externalip-webhook.fullname" . }}-proxy-role
+subjects:
+- kind: ServiceAccount
+ name: {{ template "externalip-webhook.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/deployment.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/deployment.yaml
new file mode 100644
index 000000000..c82754deb
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/deployment.yaml
@@ -0,0 +1,107 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ annotations:
+ seccomp.security.alpha.kubernetes.io/pod: runtime/default
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ replicas: {{ .Values.replicas }}
+ selector:
+ matchLabels:
+ app: {{ template "externalip-webhook.name" . }}
+ template:
+ metadata:
+ annotations:
+ seccomp.security.alpha.kubernetes.io/pod: runtime/default
+ labels: {{ include "externalip-webhook.labels" . | indent 8 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ spec:
+ containers:
+ {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }}
+ - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy
+ args:
+ - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }}
+ - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/
+ - --logtostderr=true
+ - --v=10
+ image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }}
+ imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}"
+ ports:
+ - containerPort: {{ .Values.metrics.port }}
+ name: webhook-metrics
+ protocol: TCP
+ resources:
+{{ toYaml .Values.metrics.authProxy.resources | indent 10 }}
+ readinessProbe:
+ tcpSocket:
+ port: webhook-metrics
+ initialDelaySeconds: 5
+ periodSeconds: 10
+ livenessProbe:
+ tcpSocket:
+ port: webhook-metrics
+ initialDelaySeconds: 5
+ failureThreshold: 10
+ periodSeconds: 30
+ {{- end }}
+ - name: {{ template "externalip-webhook.fullname" . }}
+ image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }}
+ imagePullPolicy: "{{ .Values.image.pullPolicy }}"
+ command:
+ - /webhook
+ args:
+ - --webhook-port={{ .Values.webhookPort }}
+ {{- if .Values.allowedExternalIPCidrs }}
+ - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }}
+ {{- end }}
+ {{- if .Values.metrics.enabled }}
+ {{- if .Values.metrics.authProxy.enabled }}
+ - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }}
+ {{- else }}
+ - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.webhookPort }}
+ name: webhook-server
+ protocol: TCP
+ {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }}
+ - containerPort: {{ .Values.metrics.port }}
+ name: webhook-metrics
+ protocol: TCP
+ {{- end }}
+ volumeMounts:
+ - name: server-cert
+ mountPath: /tmp/k8s-webhook-server/serving-certs
+ readOnly: true
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ readinessProbe:
+ tcpSocket:
+ port: webhook-server
+ initialDelaySeconds: 5
+ failureThreshold: 10
+ periodSeconds: 30
+ livenessProbe:
+ tcpSocket:
+ port: webhook-server
+ initialDelaySeconds: 5
+ failureThreshold: 10
+ periodSeconds: 30
+ nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+ {{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ tolerations: {{ include "linux-node-tolerations" . | nindent 6}}
+ {{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 6 }}
+ {{- end }}
+ serviceAccountName: {{ template "externalip-webhook.fullname" . }}
+ volumes:
+ - name: server-cert
+ secret:
+ defaultMode: 420
+ secretName: {{ .Values.certificates.secretName }}
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/issuer.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/issuer.yaml
new file mode 100644
index 000000000..ff1c2de10
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/issuer.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.certificates.certManager.enabled -}}
+ {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}}
+ {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }}
+apiVersion: cert-manager.io/v1
+ {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }}
+apiVersion: cert-manager.io/v1beta1
+ {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }}
+apiVersion: cert-manager.io/v1alpha2
+ {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
+apiVersion: certmanager.k8s.io/v1alpha1
+ {{- else }}
+# Setting latest version as default
+apiVersion: cert-manager.io/v1
+ {{- end }}
+kind: Certificate
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-server-cert
+ namespace: {{ .Release.Namespace }}
+spec:
+ dnsNames:
+ - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc
+ - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+ issuerRef:
+ kind: Issuer
+ name: {{ template "externalip-webhook.fullname" . }}-issuer
+ secretName: {{ .Values.certificates.secretName }}
+---
+ {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }}
+apiVersion: cert-manager.io/v1
+ {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }}
+apiVersion: cert-manager.io/v1beta1
+ {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }}
+apiVersion: cert-manager.io/v1alpha2
+ {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }}
+apiVersion: certmanager.k8s.io/v1alpha1
+ {{- else }}
+# Setting latest version as default
+apiVersion: cert-manager.io/v1
+ {{- end }}
+kind: Issuer
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-issuer
+ namespace: {{ .Release.Namespace }}
+spec:
+ selfSigned: {}
+{{- end -}}
+
+
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/service.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/service.yaml
new file mode 100644
index 000000000..256add3e4
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/service.yaml
@@ -0,0 +1,35 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ ports:
+ - name: webhook-server
+ port: {{ .Values.service.webhookPort }}
+ protocol: TCP
+ targetPort: {{ .Values.webhookPort }}
+ selector:
+ app: {{ template "externalip-webhook.name" . }}
+ type: "ClusterIP"
+{{- if .Values.metrics.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-metrics-service
+ namespace: {{ .Release.Namespace }}
+spec:
+ ports:
+ - name: webhook-metrics
+ port: {{ .Values.service.metricsPort }}
+ protocol: TCP
+ targetPort: {{ .Values.metrics.port }}
+ selector:
+ app: {{ template "externalip-webhook.name" . }}
+ type: "ClusterIP"
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/serviceaccount.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/serviceaccount.yaml
new file mode 100644
index 000000000..895df4f5b
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/serviceaccount.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}
+ namespace: {{ .Release.Namespace }}
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/servicemonitor.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/servicemonitor.yaml
new file mode 100644
index 000000000..c481ea31d
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/templates/servicemonitor.yaml
@@ -0,0 +1,16 @@
+{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ labels: {{ include "externalip-webhook.labels" . | indent 4 }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ name: {{ template "externalip-webhook.fullname" . }}-monitor
+ namespace: {{ .Release.Namespace }}
+spec:
+ endpoints:
+ - path: /metrics
+ port: https
+ selector:
+ matchLabels:
+ app: {{ template "externalip-webhook.name" . }}
+{{- end }}
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/admissionregistration_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/admissionregistration_test.yaml
new file mode 100644
index 000000000..0660aa6e8
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/admissionregistration_test.yaml
@@ -0,0 +1,32 @@
+suite: Test Admission Registration
+templates:
+- admissionregistration.yaml
+tests:
+- it: should render Admission Registration
+ asserts:
+ - equal:
+ path: apiVersion
+ value: admissionregistration.k8s.io/v1beta1
+- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true
+ release:
+ name: rancher-externalip-webhook
+ namespace: test
+ set:
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: metadata.annotations
+ value:
+ cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert
+ - isNull:
+ path: webhooks[0].clientConfig.caBundle
+- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false
+ set:
+ certificates.caBundle: test
+ certificates.certManager.enabled: false
+ asserts:
+ - equal:
+ path: webhooks[0].clientConfig.caBundle
+ value: test
+ - isNull:
+ path: metadata.annotations
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrole_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrole_test.yaml
new file mode 100644
index 000000000..9e563807b
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrole_test.yaml
@@ -0,0 +1,37 @@
+suite: Test Cluster Roles
+templates:
+- clusterrole.yaml
+tests:
+- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false
+ set:
+ metrics.enabled: false
+ metrics.authProxy.enabled: false
+ asserts:
+ - hasDocuments:
+ count: 0
+ template: clusterrole.yaml
+- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true
+ set:
+ metrics.enabled: true
+ metrics.authProxy.enabled: true
+ asserts:
+ - hasDocuments:
+ count: 2
+ template: clusterrole.yaml
+- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true
+ set:
+ metrics.enabled: true
+ metrics.authProxy.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1
+- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true
+ set:
+ metrics.enabled: true
+ metrics.authProxy.enabled: true
+ rbac.apiVersion: v1beta
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1beta
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrolebinding_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrolebinding_test.yaml
new file mode 100644
index 000000000..2129573a3
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/clusterrolebinding_test.yaml
@@ -0,0 +1,42 @@
+suite: Test Cluster Role Bindings
+templates:
+- clusterrolebinding.yaml
+tests:
+- it: should render Cluster Role Bindings with default rbac api version
+ set:
+ rbac.apiVersion: v1
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1
+- it: should render Cluster Role Bindings with custom rbac api version
+ set:
+ rbac.apiVersion: v1beta
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1beta
+- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false
+ set:
+ metrics.enabled: false
+ metrics.authProxy.enabled: false
+ asserts:
+ - hasDocuments:
+ count: 1
+ template: clusterrolebinding.yaml
+- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true
+ set:
+ metrics.enabled: true
+ metrics.authProxy.enabled: true
+ asserts:
+ - hasDocuments:
+ count: 2
+ template: clusterrolebinding.yaml
+- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true
+ set:
+ metrics.enabled: true
+ metrics.authProxy.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: rbac.authorization.k8s.io/v1
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/deployment_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/deployment_test.yaml
new file mode 100644
index 000000000..50e3f9ec1
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/deployment_test.yaml
@@ -0,0 +1,202 @@
+suite: Test Deployments
+templates:
+- deployment.yaml
+tests:
+- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set
+ release:
+ name: rancher-externalip-webhook
+ set:
+ allowedExternalIPCidrs: "1,2"
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].args[1]
+ value: --allowed-external-ip-cidrs=1,2
+- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false
+ release:
+ name: rancher-externalip-webhook
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].name
+ value: rancher-externalip-webhook
+ - equal:
+ path: spec.template.spec.containers[0].ports[0]
+ value:
+ containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - equal:
+ path: spec.template.spec.tolerations[0]
+ value:
+ key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+ - equal:
+ path: spec.template.spec.nodeSelector
+ value:
+ kubernetes.io/os: linux
+- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false
+ release:
+ name: rancher-externalip-webhook
+ set:
+ tolerations:
+ - key: "cattle.io/test"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+ nodeSelector:
+ kubernetes.io/test: linux
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].name
+ value: rancher-externalip-webhook
+ - equal:
+ path: spec.template.spec.containers[0].ports[0]
+ value:
+ containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - equal:
+ path: spec.template.spec.tolerations[0]
+ value:
+ key: "cattle.io/os"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+ - equal:
+ path: spec.template.spec.tolerations[1]
+ value:
+ key: "cattle.io/test"
+ value: "linux"
+ effect: "NoSchedule"
+ operator: "Equal"
+ - equal:
+ path: spec.template.spec.nodeSelector
+ value:
+ kubernetes.io/os: linux
+ kubernetes.io/test: linux
+- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false
+ release:
+ name: rancher-externalip-webhook
+ set:
+ webhookPort: 9000
+ image.repository: test
+ image.tag: dev-test
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].name
+ value: rancher-externalip-webhook
+ - equal:
+ path: spec.template.spec.containers[0].image
+ value: test:dev-test
+ - equal:
+ path: spec.template.spec.containers[0].ports[0]
+ value:
+ containerPort: 9000
+ name: webhook-server
+ protocol: TCP
+- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false
+ release:
+ name: rancher-externalip-webhook
+ set:
+ metrics.enabled: true
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].name
+ value: rancher-externalip-webhook
+ - equal:
+ path: spec.template.spec.containers[0].ports[0]
+ value:
+ containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - equal:
+ path: spec.template.spec.containers[0].ports[1]
+ value:
+ containerPort: 8443
+ name: webhook-metrics
+ protocol: TCP
+- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false
+ release:
+ name: rancher-externalip-webhook
+ set:
+ metrics.enabled: true
+ metrics.port: 8000
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].name
+ value: rancher-externalip-webhook
+ - equal:
+ path: spec.template.spec.containers[0].ports[0]
+ value:
+ containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+ - equal:
+ path: spec.template.spec.containers[0].ports[1]
+ value:
+ containerPort: 8000
+ name: webhook-metrics
+ protocol: TCP
+- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true
+ release:
+ name: rancher-externalip-webhook
+ set:
+ metrics.enabled: true
+ metrics.authProxy.enabled: true
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].name
+ value: rancher-externalip-webhook-auth-proxy
+ - equal:
+ path: spec.template.spec.containers[0].ports[0]
+ value:
+ containerPort: 8443
+ name: webhook-metrics
+ protocol: TCP
+ - equal:
+ path: spec.template.spec.containers[1].name
+ value: rancher-externalip-webhook
+ - equal:
+ path: spec.template.spec.containers[1].ports[0]
+ value:
+ containerPort: 9443
+ name: webhook-server
+ protocol: TCP
+- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true
+ release:
+ name: rancher-externalip-webhook
+ set:
+ metrics.enabled: true
+ metrics.authProxy.enabled: true
+ metrics.port: 8000
+ webhookPort: 9000
+ image.repository: test
+ image.tag: dev-test
+ metrics.authProxy.image.repository: auth
+ metrics.authProxy.image.tag: auth-test
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].name
+ value: rancher-externalip-webhook-auth-proxy
+ - equal:
+ path: spec.template.spec.containers[0].image
+ value: auth:auth-test
+ - equal:
+ path: spec.template.spec.containers[0].ports[0]
+ value:
+ containerPort: 8000
+ name: webhook-metrics
+ protocol: TCP
+ - equal:
+ path: spec.template.spec.containers[1].name
+ value: rancher-externalip-webhook
+ - equal:
+ path: spec.template.spec.containers[1].image
+ value: test:dev-test
+ - equal:
+ path: spec.template.spec.containers[1].ports[0]
+ value:
+ containerPort: 9000
+ name: webhook-server
+ protocol: TCP
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/issuer_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/issuer_test.yaml
new file mode 100644
index 000000000..eeeb660b2
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/issuer_test.yaml
@@ -0,0 +1,106 @@
+suite: Test Issuers
+templates:
+- issuer.yaml
+tests:
+- it: should not render issuer if certificates.certManager.enabled = false
+ set:
+ certificates.certManager.enabled: false
+ asserts:
+ - hasDocuments:
+ count: 0
+ template: issuer.yaml
+- it: should render issuer if certificates.certManager.enabled = true
+ set:
+ certificates.certManager.enabled: true
+ asserts:
+ - hasDocuments:
+ count: 2
+ template: issuer.yaml
+- it: should set issuer apiVersion with default cert-manager
+ set:
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: cert-manager.io/v1
+ template: issuer.yaml
+- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities
+ capabilities:
+ apiversions:
+ - cert-manager.io/v1
+ set:
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: cert-manager.io/v1
+ template: issuer.yaml
+- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities
+ capabilities:
+ apiversions:
+ - cert-manager.io/v1beta1
+ set:
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: cert-manager.io/v1beta1
+ template: issuer.yaml
+- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities
+ capabilities:
+ apiversions:
+ - cert-manager.io/v1alpha2
+ set:
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: cert-manager.io/v1alpha2
+ template: issuer.yaml
+- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities
+ capabilities:
+ apiversions:
+ - certmanager.k8s.io/v1alpha1
+ set:
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: certmanager.k8s.io/v1alpha1
+ template: issuer.yaml
+- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter
+ set:
+ certificates.certManager.version: 1.0.0
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: cert-manager.io/v1
+ template: issuer.yaml
+- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter
+ set:
+ certificates.certManager.version: 0.16.0
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: cert-manager.io/v1beta1
+ template: issuer.yaml
+- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter
+ set:
+ certificates.certManager.version: 0.11.0
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: cert-manager.io/v1alpha2
+ template: issuer.yaml
+- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter
+ set:
+ certificates.certManager.version: 0.9.0
+ certificates.certManager.enabled: true
+ asserts:
+ - equal:
+ path: apiVersion
+ value: certmanager.k8s.io/v1alpha1
+ template: issuer.yaml
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/service_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/service_test.yaml
new file mode 100644
index 000000000..a0ba4d352
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/service_test.yaml
@@ -0,0 +1,69 @@
+suite: Test Services
+templates:
+- service.yaml
+tests:
+- it: should render webhook-server service with default webhookPort if metrics.enabled = false
+ set:
+ metrics.enabled: false
+ asserts:
+ - equal:
+ path: spec.ports[0]
+ value:
+ name: webhook-server
+ port: 443
+ protocol: TCP
+ targetPort: 9443
+- it: should render webhook-server service with custom webhookPort if metrics.enabled = false
+ set:
+ metrics.enabled: false
+ webhookPort: 9000
+ asserts:
+ - equal:
+ path: spec.ports[0]
+ value:
+ name: webhook-server
+ port: 443
+ protocol: TCP
+ targetPort: 9000
+- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true
+ set:
+ metrics.enabled: true
+ asserts:
+ - equal:
+ path: spec.ports[0]
+ value:
+ name: webhook-server
+ port: 443
+ protocol: TCP
+ targetPort: 9443
+ documentIndex: 0
+ - equal:
+ path: spec.ports[0]
+ value:
+ name: webhook-metrics
+ port: 8443
+ protocol: TCP
+ targetPort: 8443
+ documentIndex: 1
+- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true
+ set:
+ metrics.enabled: true
+ metrics.port: 8000
+ webhookPort: 9000
+ asserts:
+ - equal:
+ path: spec.ports[0]
+ value:
+ name: webhook-server
+ port: 443
+ protocol: TCP
+ targetPort: 9000
+ documentIndex: 0
+ - equal:
+ path: spec.ports[0]
+ value:
+ name: webhook-metrics
+ port: 8443
+ protocol: TCP
+ targetPort: 8000
+ documentIndex: 1
\ No newline at end of file
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/serviceaccount_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/serviceaccount_test.yaml
new file mode 100644
index 000000000..5aebbc74b
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/serviceaccount_test.yaml
@@ -0,0 +1,9 @@
+suite: Test Service Accounts
+templates:
+- serviceaccount.yaml
+tests:
+- it: should render Service Account
+ asserts:
+ - hasDocuments:
+ count: 1
+ template: serviceaccount.yaml
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/servicemonitor_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/servicemonitor_test.yaml
new file mode 100644
index 000000000..21989265e
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/tests/servicemonitor_test.yaml
@@ -0,0 +1,20 @@
+suite: Test Service Monitors
+templates:
+- servicemonitor.yaml
+tests:
+- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false
+ set:
+ metrics.enabled: false
+ metrics.prometheusExport: false
+ asserts:
+ - hasDocuments:
+ count: 0
+ template: servicemonitor.yaml
+- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true
+ set:
+ metrics.enabled: true
+ metrics.prometheusExport: true
+ asserts:
+ - hasDocuments:
+ count: 1
+ template: servicemonitor.yaml
diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/values.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/values.yaml
new file mode 100644
index 000000000..7a55b5809
--- /dev/null
+++ b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up1.0.0/values.yaml
@@ -0,0 +1,67 @@
+## Allowed external IP cidrs
+allowedExternalIPCidrs: ""
+## Certificates generation for webhook
+certificates:
+ certManager:
+ # Enable cert manager integration. Cert manager should be already installed at the k8s cluster
+ enabled: true
+ version: ""
+ # If cert-manager integration is disabled, add self signed ca.crt in base64 format
+ caBundle: ""
+ # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace
+ secretName: webhook-server-cert
+## Details about the image to be pulled.
+image:
+ pullPolicy: IfNotPresent
+ pullSecrets: []
+ repository: rancher/externalip-webhook
+ tag: v1.0.0
+## Enabling metrics endpoint
+# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation
+metrics:
+ enabled: false
+ port: 8443
+ # Enable webhook metrics export to Prometheus
+ prometheusExport: false
+ # Webhook metrics auth proxy. This option is just available for amd64 arch
+ authProxy:
+ enabled: false
+ port: 8080
+ image:
+ pullPolicy: IfNotPresent
+ pullSecrets: []
+ repository: rancher/mirrored-kube-rbac-proxy
+ tag: v0.5.0
+ resources:
+ limits:
+ memory: 30Mi
+ cpu: 100m
+ requests:
+ memory: 20Mi
+ cpu: 100m
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## RBAC
+rbac:
+ apiVersion: v1
+## CPU and Memory limit and request for externalip-webhook
+resources:
+ limits:
+ memory: 30Mi
+ cpu: 100m
+ requests:
+ memory: 20Mi
+ cpu: 100m
+service:
+ metricsPort: 8443
+ webhookPort: 443
+## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false
+serviceAccountName: default
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+## Webhook server pod port
+webhookPort: 9443
+global:
+ systemDefaultRegistry: ""
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/Chart.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/Chart.yaml
new file mode 100644
index 000000000..8ac23d612
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/Chart.yaml
@@ -0,0 +1,10 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-gatekeeper-system
+ catalog.cattle.io/release-name: rancher-gatekeeper-crd
+apiVersion: v1
+description: Installs the CRDs for rancher-gatekeeper.
+name: rancher-gatekeeper-crd
+type: application
+version: 100.0.0+up3.5.1
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/README.md b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/README.md
new file mode 100644
index 000000000..26079c833
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/README.md
@@ -0,0 +1,2 @@
+# rancher-gatekeeper-crd
+A Rancher chart that installs the CRDs used by rancher-gatekeeper.
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assign-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assign-customresourcedefinition.yaml
new file mode 100644
index 000000000..bf50fd1fb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assign-customresourcedefinition.yaml
@@ -0,0 +1,208 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ labels:
+ gatekeeper.sh/system: "yes"
+ name: assign.mutations.gatekeeper.sh
+spec:
+ group: mutations.gatekeeper.sh
+ names:
+ kind: Assign
+ listKind: AssignList
+ plural: assign
+ singular: assign
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Assign is the Schema for the assign API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AssignSpec defines the desired state of Assign
+ properties:
+ applyTo:
+ description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file'
+ items:
+ description: ApplyTo determines what GVKs items the mutation should apply to. Globs are not allowed.
+ properties:
+ groups:
+ items:
+ type: string
+ type: array
+ kinds:
+ items:
+ type: string
+ type: array
+ versions:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ location:
+ type: string
+ match:
+ description: Match selects objects to apply mutations to.
+ properties:
+ excludedNamespaces:
+ items:
+ type: string
+ type: array
+ kinds:
+ items:
+ description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+ properties:
+ apiGroups:
+ description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+ items:
+ type: string
+ type: array
+ kinds:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ labelSelector:
+ description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ scope:
+ description: ResourceScope is an enum defining the different scopes available to a custom resource
+ type: string
+ type: object
+ parameters:
+ properties:
+ assign:
+ description: Assign.value holds the value to be assigned
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ assignIf:
+ description: once https://github.com/kubernetes-sigs/controller-tools/pull/528 is merged, we can use an actual object
+ type: object
+ pathTests:
+ items:
+ description: "PathTest allows the user to customize how the mutation works if parent paths are missing. It traverses the list in order. All sub paths are tested against the provided condition, if the test fails, the mutation is not applied. All `subPath` entries must be a prefix of `location`. Any glob characters will take on the same value as was used to expand the matching glob in `location`. \n Available Tests: * MustExist - the path must exist or do not mutate * MustNotExist - the path must not exist or do not mutate"
+ properties:
+ condition:
+ description: Condition describes whether the path either MustExist or MustNotExist in the original object
+ enum:
+ - MustExist
+ - MustNotExist
+ type: string
+ subPath:
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: AssignStatus defines the observed state of Assign
+ properties:
+ byPod:
+ items:
+ description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus
+ properties:
+ enforced:
+ type: boolean
+ errors:
+ items:
+ description: MutatorError represents a single error caught while adding a mutator to a system
+ properties:
+ message:
+ type: string
+ required:
+ - message
+ type: object
+ type: array
+ id:
+ type: string
+ mutatorUID:
+ description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assignmetadata-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
new file mode 100644
index 000000000..84ea3cc8a
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/assignmetadata-customresourcedefinition.yaml
@@ -0,0 +1,173 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ labels:
+ gatekeeper.sh/system: "yes"
+ name: assignmetadata.mutations.gatekeeper.sh
+spec:
+ group: mutations.gatekeeper.sh
+ names:
+ kind: AssignMetadata
+ listKind: AssignMetadataList
+ plural: assignmetadata
+ singular: assignmetadata
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: AssignMetadata is the Schema for the assignmetadata API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: AssignMetadataSpec defines the desired state of AssignMetadata
+ properties:
+ location:
+ type: string
+ match:
+ description: Match selects objects to apply mutations to.
+ properties:
+ excludedNamespaces:
+ items:
+ type: string
+ type: array
+ kinds:
+ items:
+ description: Kinds accepts a list of objects with apiGroups and kinds fields that list the groups/kinds of objects to which the mutation will apply. If multiple groups/kinds objects are specified, only one match is needed for the resource to be in scope.
+ properties:
+ apiGroups:
+ description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required.
+ items:
+ type: string
+ type: array
+ kinds:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ labelSelector:
+ description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaceSelector:
+ description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ namespaces:
+ items:
+ type: string
+ type: array
+ scope:
+ description: ResourceScope is an enum defining the different scopes available to a custom resource
+ type: string
+ type: object
+ parameters:
+ properties:
+ assign:
+ description: Assign.value holds the value to be assigned
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ type: object
+ status:
+ description: AssignMetadataStatus defines the observed state of AssignMetadata
+ properties:
+ byPod:
+ description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
+ items:
+ description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus
+ properties:
+ enforced:
+ type: boolean
+ errors:
+ items:
+ description: MutatorError represents a single error caught while adding a mutator to a system
+ properties:
+ message:
+ type: string
+ required:
+ - message
+ type: object
+ type: array
+ id:
+ type: string
+ mutatorUID:
+ description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/config-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/config-customresourcedefinition.yaml
new file mode 100644
index 000000000..a6be27dc6
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/config-customresourcedefinition.yaml
@@ -0,0 +1,102 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ labels:
+ gatekeeper.sh/system: "yes"
+ name: configs.config.gatekeeper.sh
+spec:
+ group: config.gatekeeper.sh
+ names:
+ kind: Config
+ listKind: ConfigList
+ plural: configs
+ singular: config
+ scope: Namespaced
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: Config is the Schema for the configs API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ConfigSpec defines the desired state of Config
+ properties:
+ match:
+ description: Configuration for namespace exclusion
+ items:
+ properties:
+ excludedNamespaces:
+ items:
+ type: string
+ type: array
+ processes:
+ items:
+ type: string
+ type: array
+ type: object
+ type: array
+ readiness:
+ description: Configuration for readiness tracker
+ properties:
+ statsEnabled:
+ type: boolean
+ type: object
+ sync:
+ description: Configuration for syncing k8s objects
+ properties:
+ syncOnly:
+ description: If non-empty, only entries on this list will be replicated into OPA
+ items:
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ version:
+ type: string
+ type: object
+ type: array
+ type: object
+ validation:
+ description: Configuration for validation
+ properties:
+ traces:
+ description: List of requests to trace. Both "user" and "kinds" must be specified
+ items:
+ properties:
+ dump:
+ description: Also dump the state of OPA with the trace. Set to `All` to dump everything.
+ type: string
+ kind:
+ description: Only trace requests of the following GroupVersionKind
+ properties:
+ group:
+ type: string
+ kind:
+ type: string
+ version:
+ type: string
+ type: object
+ user:
+ description: Only trace requests from the specified user
+ type: string
+ type: object
+ type: array
+ type: object
+ type: object
+ status:
+ description: ConfigStatus defines the observed state of Config
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..4d538f9ee
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constraintpodstatus-customresourcedefinition.yaml
@@ -0,0 +1,66 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ labels:
+ gatekeeper.sh/system: "yes"
+ name: constraintpodstatuses.status.gatekeeper.sh
+spec:
+ group: status.gatekeeper.sh
+ names:
+ kind: ConstraintPodStatus
+ listKind: ConstraintPodStatusList
+ plural: constraintpodstatuses
+ singular: constraintpodstatus
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ConstraintPodStatus is the Schema for the constraintpodstatuses API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ description: ConstraintPodStatusStatus defines the observed state of ConstraintPodStatus
+ properties:
+ constraintUID:
+ description: Storing the constraint UID allows us to detect drift, such as when a constraint has been recreated after its CRD was deleted out from under it, interrupting the watch
+ type: string
+ enforced:
+ type: boolean
+ errors:
+ items:
+ description: Error represents a single error caught while adding a constraint to OPA
+ properties:
+ code:
+ type: string
+ location:
+ type: string
+ message:
+ type: string
+ required:
+ - code
+ - message
+ type: object
+ type: array
+ id:
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
new file mode 100644
index 000000000..a553521bf
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplate-customresourcedefinition.yaml
@@ -0,0 +1,197 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ labels:
+ gatekeeper.sh/system: "yes"
+ name: constrainttemplates.templates.gatekeeper.sh
+spec:
+ group: templates.gatekeeper.sh
+ names:
+ kind: ConstraintTemplate
+ listKind: ConstraintTemplateList
+ plural: constrainttemplates
+ singular: constrainttemplate
+ scope: Cluster
+ versions:
+ - name: v1alpha1
+ schema:
+ openAPIV3Schema:
+ description: ConstraintTemplate is the Schema for the constrainttemplates API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
+ properties:
+ crd:
+ properties:
+ spec:
+ properties:
+ names:
+ properties:
+ kind:
+ type: string
+ shortNames:
+ items:
+ type: string
+ type: array
+ type: object
+ validation:
+ properties:
+ openAPIV3Schema:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ type: object
+ type: object
+ targets:
+ items:
+ properties:
+ libs:
+ items:
+ type: string
+ type: array
+ rego:
+ type: string
+ target:
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
+ properties:
+ byPod:
+ items:
+ description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+ properties:
+ errors:
+ items:
+ description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+ properties:
+ code:
+ type: string
+ location:
+ type: string
+ message:
+ type: string
+ required:
+ - code
+ - message
+ type: object
+ type: array
+ id:
+ description: a unique identifier for the pod that wrote the status
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ created:
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ConstraintTemplate is the Schema for the constrainttemplates API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
+ properties:
+ crd:
+ properties:
+ spec:
+ properties:
+ names:
+ properties:
+ kind:
+ type: string
+ shortNames:
+ items:
+ type: string
+ type: array
+ type: object
+ validation:
+ properties:
+ openAPIV3Schema:
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: object
+ type: object
+ type: object
+ targets:
+ items:
+ properties:
+ libs:
+ items:
+ type: string
+ type: array
+ rego:
+ type: string
+ target:
+ type: string
+ type: object
+ type: array
+ type: object
+ status:
+ description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
+ properties:
+ byPod:
+ items:
+ description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
+ properties:
+ errors:
+ items:
+ description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+ properties:
+ code:
+ type: string
+ location:
+ type: string
+ message:
+ type: string
+ required:
+ - code
+ - message
+ type: object
+ type: array
+ id:
+ description: a unique identifier for the pod that wrote the status
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ type: object
+ x-kubernetes-preserve-unknown-fields: true
+ type: array
+ created:
+ type: boolean
+ type: object
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..ca06e5837
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/constrainttemplatepodstatus-customresourcedefinition.yaml
@@ -0,0 +1,65 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ labels:
+ gatekeeper.sh/system: "yes"
+ name: constrainttemplatepodstatuses.status.gatekeeper.sh
+spec:
+ group: status.gatekeeper.sh
+ names:
+ kind: ConstraintTemplatePodStatus
+ listKind: ConstraintTemplatePodStatusList
+ plural: constrainttemplatepodstatuses
+ singular: constrainttemplatepodstatus
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: ConstraintTemplatePodStatus is the Schema for the constrainttemplatepodstatuses API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ description: ConstraintTemplatePodStatusStatus defines the observed state of ConstraintTemplatePodStatus
+ properties:
+ errors:
+ items:
+ description: CreateCRDError represents a single error caught during parsing, compiling, etc.
+ properties:
+ code:
+ type: string
+ location:
+ type: string
+ message:
+ type: string
+ required:
+ - code
+ - message
+ type: object
+ type: array
+ id:
+ description: 'Important: Run "make" to regenerate code after modifying this file'
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ templateUID:
+ description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated.
+ type: string
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
new file mode 100644
index 000000000..91add7f39
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/crd-manifest/mutatorpodstatus-customresourcedefinition.yaml
@@ -0,0 +1,61 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.5.0
+ labels:
+ gatekeeper.sh/system: "yes"
+ name: mutatorpodstatuses.status.gatekeeper.sh
+spec:
+ group: status.gatekeeper.sh
+ names:
+ kind: MutatorPodStatus
+ listKind: MutatorPodStatusList
+ plural: mutatorpodstatuses
+ singular: mutatorpodstatus
+ scope: Namespaced
+ versions:
+ - name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: MutatorPodStatus is the Schema for the mutationpodstatuses API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ status:
+ description: MutatorPodStatusStatus defines the observed state of MutatorPodStatus
+ properties:
+ enforced:
+ type: boolean
+ errors:
+ items:
+ description: MutatorError represents a single error caught while adding a mutator to a system
+ properties:
+ message:
+ type: string
+ required:
+ - message
+ type: object
+ type: array
+ id:
+ type: string
+ mutatorUID:
+ description: Storing the mutator UID allows us to detect drift, such as when a mutator has been recreated after its CRD was deleted out from under it, interrupting the watch
+ type: string
+ observedGeneration:
+ format: int64
+ type: integer
+ operations:
+ items:
+ type: string
+ type: array
+ type: object
+ type: object
+ served: true
+ storage: true
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/_helpers.tpl b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/_helpers.tpl
new file mode 100644
index 000000000..39b26c195
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/_helpers.tpl
@@ -0,0 +1,7 @@
+# Rancher
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/jobs.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/jobs.yaml
new file mode 100644
index 000000000..709005fd9
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/jobs.yaml
@@ -0,0 +1,92 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Chart.Name }}-create
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ .Chart.Name }}
+ annotations:
+ "helm.sh/hook": post-install, post-upgrade, post-rollback
+ "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+ template:
+ metadata:
+ name: {{ .Chart.Name }}-create
+ labels:
+ app: {{ .Chart.Name }}
+ spec:
+ serviceAccountName: {{ .Chart.Name }}-manager
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 1000
+ containers:
+ - name: create-crds
+ image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/kubectl
+ - apply
+ - -f
+ - /etc/config/crd-manifest.yaml
+ volumeMounts:
+ - name: crd-manifest
+ readOnly: true
+ mountPath: /etc/config
+ restartPolicy: OnFailure
+ volumes:
+ - name: crd-manifest
+ configMap:
+ name: {{ .Chart.Name }}-manifest
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: {{ .Chart.Name }}-delete
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ .Chart.Name }}
+ annotations:
+ "helm.sh/hook": pre-delete
+ "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+ template:
+ metadata:
+ name: {{ .Chart.Name }}-delete
+ labels:
+ app: {{ .Chart.Name }}
+ spec:
+ serviceAccountName: {{ .Chart.Name }}-manager
+ securityContext:
+ runAsNonRoot: true
+ runAsUser: 1000
+ initContainers:
+ - name: remove-finalizers
+ image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/kubectl
+ - apply
+ - -f
+ - /etc/config/crd-manifest.yaml
+ volumeMounts:
+ - name: crd-manifest
+ readOnly: true
+ mountPath: /etc/config
+ containers:
+ - name: delete-crds
+ image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
+ imagePullPolicy: IfNotPresent
+ command:
+ - /bin/kubectl
+ - delete
+ - -f
+ - /etc/config/crd-manifest.yaml
+ volumeMounts:
+ - name: crd-manifest
+ readOnly: true
+ mountPath: /etc/config
+ restartPolicy: OnFailure
+ volumes:
+ - name: crd-manifest
+ configMap:
+ name: {{ .Chart.Name }}-manifest
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/manifest.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/manifest.yaml
new file mode 100644
index 000000000..31016b6ef
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/manifest.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ .Chart.Name }}-manifest
+ namespace: {{ .Release.Namespace }}
+data:
+ crd-manifest.yaml: |
+ {{- $currentScope := . -}}
+ {{- $crds := (.Files.Glob "crd-manifest/**.yaml") -}}
+ {{- range $path, $_ := $crds -}}
+ {{- with $currentScope -}}
+ {{ .Files.Get $path | nindent 4 }}
+ ---
+ {{- end -}}{{- end -}}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/rbac.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/rbac.yaml
new file mode 100644
index 000000000..bdda1ddad
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/templates/rbac.yaml
@@ -0,0 +1,72 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ .Chart.Name }}-manager
+ labels:
+ app: {{ .Chart.Name }}-manager
+rules:
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs: ['create', 'get', 'patch', 'delete']
+- apiGroups: ['policy']
+ resources: ['podsecuritypolicies']
+ verbs: ['use']
+ resourceNames:
+ - {{ .Chart.Name }}-manager
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ .Chart.Name }}-manager
+ labels:
+ app: {{ .Chart.Name }}-manager
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ .Chart.Name }}-manager
+subjects:
+- kind: ServiceAccount
+ name: {{ .Chart.Name }}-manager
+ namespace: {{ .Release.Namespace }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ .Chart.Name }}-manager
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ .Chart.Name }}-manager
+---
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ name: {{ .Chart.Name }}-manager
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app: {{ .Chart.Name }}-manager
+spec:
+ privileged: false
+ allowPrivilegeEscalation: false
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ rule: 'MustRunAsNonRoot'
+ seLinux:
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+ volumes:
+ - 'configMap'
+ - 'secret'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/values.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/values.yaml
new file mode 100644
index 000000000..657ccacf8
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper-crd/100.0.0+up3.5.1/values.yaml
@@ -0,0 +1,11 @@
+# Default values for rancher-gatekeeper-crd.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+
+global:
+ cattle:
+ systemDefaultRegistry: ""
+
+image:
+ repository: rancher/kubectl
+ tag: v1.20.2
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/.helmignore b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/.helmignore
new file mode 100644
index 000000000..f0c131944
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/CHANGELOG.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/CHANGELOG.md
new file mode 100644
index 000000000..c68d23c24
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/CHANGELOG.md
@@ -0,0 +1,15 @@
+# Changelog
+All notable changes from the upstream OPA Gatekeeper chart will be added to this file
+
+## [Package Version 00] - 2020-09-10
+### Added
+- Enabled the CRD chart generator in `package.yaml`
+
+### Modified
+- Updated namespace to `cattle-gatekeeper-system`
+- Updated for Helm 3 compatibility
+ - Moved crds to `crds` directory
+ - Removed `crd-install` hooks and templates from crds
+
+### Removed
+- Removed `gatekeeper-system-namespace.yaml` as Rancher handles namespaces for chart installation
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/Chart.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/Chart.yaml
new file mode 100644
index 000000000..b23715011
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/Chart.yaml
@@ -0,0 +1,23 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-gatekeeper-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/display-name: OPA Gatekeeper
+ catalog.cattle.io/namespace: cattle-gatekeeper-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: config.gatekeeper.sh.config/v1alpha1
+ catalog.cattle.io/release-name: rancher-gatekeeper
+ catalog.cattle.io/type: cluster-tool
+ catalog.cattle.io/ui-component: gatekeeper
+apiVersion: v2
+appVersion: v3.5.1
+description: Modifies Open Policy Agent's upstream gatekeeper chart that provides
+ policy-based control for cloud native environments
+home: https://github.com/open-policy-agent/gatekeeper
+icon: https://charts.rancher.io/assets/logos/gatekeeper.svg
+keywords:
+- open policy agent
+- security
+name: rancher-gatekeeper
+sources:
+- https://github.com/open-policy-agent/gatekeeper.git
+version: 100.0.0+up3.5.1
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/README.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/README.md
new file mode 100644
index 000000000..f641232bc
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/README.md
@@ -0,0 +1,113 @@
+# Gatekeeper Helm Chart
+
+## Get Repo Info
+
+```console
+helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Install Chart
+
+```console
+# Helm install with gatekeeper-system namespace already created
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
+
+# Helm install and create namespace
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
+
+```
+
+_See [parameters](#parameters) below._
+
+_See [helm install](https://helm.sh/docs/helm/helm_install/) for command documentation._
+
+## Upgrade Chart
+
+**Upgrading from < v3.4.0**
+Chart 3.4.0 deprecates support for Helm 2 and also removes the creation of the `gatekeeper-system` Namespace from within the chart. This follows Helm 3 Best Practices.
+
+Option 1:
+A simple way to upgrade is to uninstall first and re-install with 3.4.0 or greater.
+
+```console
+$ helm uninstall gatekeeper
+$ helm install -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper --create-namespace
+
+```
+
+Option 2:
+Run the `helm_migrate.sh` script before installing the 3.4.0 or greater chart. This will remove the Helm secret for the original release, while keeping all of the resources. It then updates the annotations of the resources so that the new chart can import and manage them.
+
+```console
+$ helm_migrate.sh
+$ helm install -n gatekeeper-system gatekeeper gatekeeper/gatekeeper
+```
+
+**Upgrading from >= v3.4.0**
+```console
+$ helm upgrade -n gatekeeper-system [RELEASE_NAME] gatekeeper/gatekeeper
+```
+
+_See [helm 2 to 3](https://helm.sh/docs/topics/v2_v3_migration/) for Helm 2 migration documentation._
+
+
+## Exempting Namespace
+
+The Helm chart automatically sets the Gatekeeper flag `--exempt-namespace={{ .Release.Namespace }}` in order to exempt the namespace where the chart is installed, and adds the `admission.gatekeeper.sh/ignore` label to the namespace during a post-install hook.
+
+_See [Exempting Namespaces](https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces) for more information._
+
+## Parameters
+
+| Parameter | Description | Default |
+| :--------------------------------------------| :--------------------------------------------------------------------------------------| :-------------------------------------------------------------------------|
+| postInstall.labelNamespace.enabled | Add labels to the namespace during post install hooks | `true` |
+| postInstall.labelNamespace.image.repository | Image with kubectl to label the namespace | `line/kubectl-kustomize` |
+| postInstall.labelNamespace.image.tag | Image tag | `1.20.4-4.0.5` |
+| postInstall.labelNamespace.image.pullPolicy | Image pullPolicy | `IfNotPresent` |
+| postInstall.labelNamespace.image.pullSecrets | Image pullSecrets | `[]` |
+| auditInterval | The frequency with which audit is run | `300` |
+| constraintViolationsLimit | The maximum # of audit violations reported on a constraint | `20` |
+| auditFromCache | Take the roster of resources to audit from the OPA cache | `false` |
+| auditChunkSize | Chunk size for listing cluster resources for audit (alpha feature) | `0` |
+| auditMatchKindOnly | Only check resources of the kinds specified in all constraints defined in the cluster. | `false` |
+| disableValidatingWebhook | Disable the validating webhook | `false` |
+| validatingWebhookTimeoutSeconds | The timeout for the validating webhook in seconds | `3` |
+| enableDeleteOperations | Enable validating webhook for delete operations | `false` |
+| experimentalEnableMutation | Enable mutation (alpha feature) | `false` |
+| emitAdmissionEvents | Emit K8s events in gatekeeper namespace for admission violations (alpha feature) | `false` |
+| emitAuditEvents | Emit K8s events in gatekeeper namespace for audit violations (alpha feature) | `false` |
+| logDenies | Log detailed info on each deny | `false` |
+| logLevel | Minimum log level | `INFO` |
+| image.pullPolicy | The image pull policy | `IfNotPresent` |
+| image.repository | Image repository | `openpolicyagent/gatekeeper` |
+| image.release | The image release tag to use | Current release version: `v3.5.1` |
+| image.pullSecrets | Specify an array of imagePullSecrets | `[]` |
+| resources | The resource request/limits for the container image | limits: 1 CPU, 512Mi, requests: 100mCPU, 256Mi |
+| nodeSelector | The node selector to use for pod scheduling | `kubernetes.io/os: linux` |
+| affinity | The node affinity to use for pod scheduling | `{}` |
+| tolerations | The tolerations to use for pod scheduling | `[]` |
+| controllerManager.priorityClassName | Priority class name for controller manager | `system-cluster-critical` |
+| controllerManager.hostNetwork | Enables controllerManager to be deployed on hostNetwork | `false` |
+| audit.priorityClassName | Priority class name for audit controller | `system-cluster-critical` |
+| audit.hostNetwork | Enables audit to be deployed on hostNetwork | `false` |
+| replicas | The number of Gatekeeper replicas to deploy for the webhook | `3` |
+| podAnnotations | The annotations to add to the Gatekeeper pods | `container.seccomp.security.alpha.kubernetes.io/manager: runtime/default` |
+| podLabels | The labels to add to the Gatekeeper pods | `{}` |
+| podCountLimit | The maximum number of Gatekeeper pods to run | `100` |
+| secretAnnotations | The annotations to add to the Gatekeeper secrets | `{}` |
+| pdb.controllerManager.minAvailable | The number of controller manager pods that must still be available after an eviction | `1` |
+| service.type | Service type | `ClusterIP` |
+| service.loadBalancerIP | The IP address of LoadBalancer service | `` |
+
+## Contributing Changes
+
+This Helm chart is autogenerated from the Gatekeeper static manifest. The
+generator code lives under `cmd/build/helmify`. To make modifications to this
+template, please edit `kustomization.yaml`, `kustomize-for-helm.yaml` and
+`replacements.go` under that directory and then run `make manifests`. Your
+changes will show up in the `manifest_staging` directory and will be promoted
+to the root `charts` directory the next time a Gatekeeper release is cut.
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/app-readme.md b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/app-readme.md
new file mode 100644
index 000000000..d44cf7b2b
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/app-readme.md
@@ -0,0 +1,14 @@
+# Rancher OPA Gatekeeper
+
+This chart is based off of the upstream [OPA Gatekeeper](https://github.com/open-policy-agent/gatekeeper/tree/master/charts/gatekeeper) chart.
+
+For more information on how to use the feature, refer to our [docs](https://rancher.com/docs/rancher/v2.x/en/opa-gatekeper/).
+
+The chart installs the following components:
+
+- OPA Gatekeeper Controller-Manager - OPA Gatekeeper is a policy engine for providing policy based governance for Kubernetes clusters. The controller installs as a [validating admission controller webhook](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#validatingadmissionwebhook) on the cluster and intercepts all admission requests that create, update or delete a resource in the cluster.
+- [Audit](https://github.com/open-policy-agent/gatekeeper#audit) - A periodic audit of the cluster resources against the enforced policies. Any existing resource that violates a policy will be recorded as violations.
+- [Constraint Template](https://github.com/open-policy-agent/gatekeeper#constraint-templates) - A template is a CRD (`ConstraintTemplate`) that defines the schema and Rego logic of a policy to be applied to the cluster by Gatekeeper's admission controller webhook. This chart installs a few default `ConstraintTemplate` custom resources.
+- [Constraint](https://github.com/open-policy-agent/gatekeeper#constraints) - A constraint is a custom resource that defines the scope of resources which a specific constraint template should apply to. The complete policy is defined by a combination of `ConstraintTemplates` (i.e. what the policy is) and `Constraints` (i.e. what resource to apply the policy to).
+
+For more information on how to configure the Helm chart, refer to the Helm README.
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/_helpers.tpl b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/_helpers.tpl
new file mode 100644
index 000000000..2d2402686
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/_helpers.tpl
@@ -0,0 +1,49 @@
+
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "gatekeeper.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "gatekeeper.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "gatekeeper.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Adds additional pod labels to the common ones
+*/}}
+{{- define "gatekeeper.podLabels" -}}
+{{- if .Values.podLabels }}
+{{- toYaml .Values.podLabels | nindent 8 }}
+{{- end }}
+{{- end -}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/allowedrepos.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/allowedrepos.yaml
new file mode 100644
index 000000000..9abb84ecb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/allowedrepos.yaml
@@ -0,0 +1,35 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+ name: k8sallowedrepos
+spec:
+ crd:
+ spec:
+ names:
+ kind: K8sAllowedRepos
+ validation:
+ # Schema for the `parameters` field
+ openAPIV3Schema:
+ properties:
+ repos:
+ type: array
+ items:
+ type: string
+ targets:
+ - target: admission.k8s.gatekeeper.sh
+ rego: |
+ package k8sallowedrepos
+
+ violation[{"msg": msg}] {
+ container := input.review.object.spec.containers[_]
+ satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
+ not any(satisfied)
+ msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
+ }
+
+ violation[{"msg": msg}] {
+ container := input.review.object.spec.initContainers[_]
+ satisfied := [good | repo = input.parameters.repos[_] ; good = startswith(container.image, repo)]
+ not any(satisfied)
+ msg := sprintf("container <%v> has an invalid image repo <%v>, allowed repos are %v", [container.name, container.image, input.parameters.repos])
+ }
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-podsecuritypolicy.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
new file mode 100644
index 000000000..78f36ecfb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-podsecuritypolicy.yaml
@@ -0,0 +1,35 @@
+apiVersion: policy/v1beta1
+kind: PodSecurityPolicy
+metadata:
+ annotations:
+ seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-admin
+spec:
+ allowPrivilegeEscalation: false
+ fsGroup:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ requiredDropCapabilities:
+ - ALL
+ runAsUser:
+ rule: MustRunAsNonRoot
+ seLinux:
+ rule: RunAsAny
+ supplementalGroups:
+ ranges:
+ - max: 65535
+ min: 1
+ rule: MustRunAs
+ volumes:
+ - configMap
+ - projected
+ - secret
+ - downwardAPI
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-serviceaccount.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-serviceaccount.yaml
new file mode 100644
index 000000000..4b68998cb
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-admin-serviceaccount.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-admin
+ namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-audit-deployment.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-audit-deployment.yaml
new file mode 100644
index 000000000..1bc5d8d90
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-audit-deployment.yaml
@@ -0,0 +1,104 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: audit-controller
+ gatekeeper.sh/operation: audit
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-audit
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: audit-controller
+ gatekeeper.sh/operation: audit
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ template:
+ metadata:
+ annotations:
+ {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
+ labels:
+{{- include "gatekeeper.podLabels" . }}
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: audit-controller
+ gatekeeper.sh/operation: audit
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ spec:
+ affinity:
+ {{- toYaml .Values.audit.affinity | nindent 8 }}
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --audit-interval={{ .Values.auditInterval }}
+ - --log-level={{ .Values.logLevel }}
+ - --constraint-violations-limit={{ .Values.constraintViolationsLimit }}
+ - --audit-from-cache={{ .Values.auditFromCache }}
+ - --audit-chunk-size={{ .Values.auditChunkSize }}
+ - --audit-match-kind-only={{ .Values.auditMatchKindOnly }}
+ - --emit-audit-events={{ .Values.emitAuditEvents }}
+ - --operation=audit
+ - --operation=status
+ - --logtostderr
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+ imagePullPolicy: '{{ .Values.image.pullPolicy }}'
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9090
+ name: manager
+ ports:
+ - containerPort: 8888
+ name: metrics
+ protocol: TCP
+ - containerPort: 9090
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 9090
+ resources:
+ {{- toYaml .Values.audit.resources | nindent 10 }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
+ runAsGroup: 999
+ runAsNonRoot: true
+ runAsUser: 1000
+ hostNetwork: {{ .Values.audit.hostNetwork }}
+ imagePullSecrets:
+ {{- toYaml .Values.image.pullSecrets | nindent 8 }}
+ nodeSelector:
+ {{- toYaml .Values.audit.nodeSelector | nindent 8 }}
+ priorityClassName: {{ .Values.audit.priorityClassName }}
+ serviceAccountName: gatekeeper-admin
+ terminationGracePeriodSeconds: 60
+ tolerations:
+ {{- toYaml .Values.audit.tolerations | nindent 8 }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-deployment.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-deployment.yaml
new file mode 100644
index 000000000..96d4a75e3
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-deployment.yaml
@@ -0,0 +1,118 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: controller-manager
+ gatekeeper.sh/operation: webhook
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-controller-manager
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ replicas: {{ .Values.replicas }}
+ selector:
+ matchLabels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: controller-manager
+ gatekeeper.sh/operation: webhook
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ template:
+ metadata:
+ annotations:
+ {{- toYaml .Values.podAnnotations | trim | nindent 8 }}
+ labels:
+{{- include "gatekeeper.podLabels" . }}
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: controller-manager
+ gatekeeper.sh/operation: webhook
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ spec:
+ affinity:
+ {{- toYaml .Values.controllerManager.affinity | nindent 8 }}
+ automountServiceAccountToken: true
+ containers:
+ - args:
+ - --port=8443
+ - --logtostderr
+ - --log-denies={{ .Values.logDenies }}
+ - --emit-admission-events={{ .Values.emitAdmissionEvents }}
+ - --log-level={{ .Values.logLevel }}
+ - --exempt-namespace={{ .Release.Namespace }}
+ - --operation=webhook
+ - --enable-mutation={{ .Values.experimentalEnableMutation}}
+
+ {{- range .Values.disabledBuiltins}}
+ - --disable-opa-builtin={{ . }}
+ {{- end }}
+ command:
+ - /manager
+ env:
+ - name: POD_NAMESPACE
+ valueFrom:
+ fieldRef:
+ apiVersion: v1
+ fieldPath: metadata.namespace
+ - name: POD_NAME
+ valueFrom:
+ fieldRef:
+ fieldPath: metadata.name
+ image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+ imagePullPolicy: '{{ .Values.image.pullPolicy }}'
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 9090
+ name: manager
+ ports:
+ - containerPort: 8443
+ name: webhook-server
+ protocol: TCP
+ - containerPort: 8888
+ name: metrics
+ protocol: TCP
+ - containerPort: 9090
+ name: healthz
+ protocol: TCP
+ readinessProbe:
+ httpGet:
+ path: /readyz
+ port: 9090
+ resources:
+ {{- toYaml .Values.controllerManager.resources | nindent 10 }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ drop:
+ - all
+ readOnlyRootFilesystem: true
+ runAsGroup: 999
+ runAsNonRoot: true
+ runAsUser: 1000
+ volumeMounts:
+ - mountPath: /certs
+ name: cert
+ readOnly: true
+ hostNetwork: {{ .Values.controllerManager.hostNetwork }}
+ imagePullSecrets:
+ {{- toYaml .Values.image.pullSecrets | nindent 8 }}
+ nodeSelector:
+ {{- toYaml .Values.controllerManager.nodeSelector | nindent 8 }}
+ priorityClassName: {{ .Values.controllerManager.priorityClassName }}
+ serviceAccountName: gatekeeper-admin
+ terminationGracePeriodSeconds: 60
+ tolerations:
+ {{- toYaml .Values.controllerManager.tolerations | nindent 8 }}
+ volumes:
+ - name: cert
+ secret:
+ defaultMode: 420
+ secretName: gatekeeper-webhook-server-cert
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
new file mode 100644
index 000000000..258a42f34
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-controller-manager-poddisruptionbudget.yaml
@@ -0,0 +1,22 @@
+apiVersion: policy/v1beta1
+kind: PodDisruptionBudget
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-controller-manager
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ minAvailable: {{ .Values.pdb.controllerManager.minAvailable }}
+ selector:
+ matchLabels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: controller-manager
+ gatekeeper.sh/operation: webhook
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-critical-pods-resourcequota.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-critical-pods-resourcequota.yaml
new file mode 100644
index 000000000..201191f26
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-critical-pods-resourcequota.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: ResourceQuota
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-critical-pods
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ hard:
+ pods: {{ .Values.podCountLimit }}
+ scopeSelector:
+ matchExpressions:
+ - operator: In
+ scopeName: PriorityClass
+ values:
+ - {{ .Values.controllerManager.priorityClassName }}
+ - {{ .Values.audit.priorityClassName }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-clusterrole.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-clusterrole.yaml
new file mode 100644
index 000000000..027f134ed
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-clusterrole.yaml
@@ -0,0 +1,153 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ creationTimestamp: null
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-manager-role
+rules:
+- apiGroups:
+ - '*'
+ resources:
+ - '*'
+ verbs:
+ - get
+ - list
+ - watch
+- apiGroups:
+ - apiextensions.k8s.io
+ resources:
+ - customresourcedefinitions
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - config.gatekeeper.sh
+ resources:
+ - configs
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - config.gatekeeper.sh
+ resources:
+ - configs/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - constraints.gatekeeper.sh
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - mutations.gatekeeper.sh
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - policy
+ resourceNames:
+ - gatekeeper-admin
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+- apiGroups:
+ - status.gatekeeper.sh
+ resources:
+ - '*'
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - templates.gatekeeper.sh
+ resources:
+ - constrainttemplates
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - templates.gatekeeper.sh
+ resources:
+ - constrainttemplates/finalizers
+ verbs:
+ - delete
+ - get
+ - patch
+ - update
+- apiGroups:
+ - templates.gatekeeper.sh
+ resources:
+ - constrainttemplates/status
+ verbs:
+ - get
+ - patch
+ - update
+- apiGroups:
+ - admissionregistration.k8s.io
+ resourceNames:
+ - gatekeeper-validating-webhook-configuration
+ resources:
+ - validatingwebhookconfigurations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - admissionregistration.k8s.io
+ resourceNames:
+ - gatekeeper-mutating-webhook-configuration
+ resources:
+ - mutatingwebhookconfigurations
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-role.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-role.yaml
new file mode 100644
index 000000000..73e2c5cf7
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-role-role.yaml
@@ -0,0 +1,32 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ creationTimestamp: null
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-manager-role
+ namespace: '{{ .Release.Namespace }}'
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - events
+ verbs:
+ - create
+ - patch
+- apiGroups:
+ - ""
+ resources:
+ - secrets
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
new file mode 100644
index 000000000..22194d2ad
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-clusterrolebinding.yaml
@@ -0,0 +1,18 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-manager-rolebinding
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: gatekeeper-manager-role
+subjects:
+- kind: ServiceAccount
+ name: gatekeeper-admin
+ namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
new file mode 100644
index 000000000..4bf6087dc
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-manager-rolebinding-rolebinding.yaml
@@ -0,0 +1,19 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-manager-rolebinding
+ namespace: '{{ .Release.Namespace }}'
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: gatekeeper-manager-role
+subjects:
+- kind: ServiceAccount
+ name: gatekeeper-admin
+ namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
new file mode 100644
index 000000000..8a860a488
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-mutating-webhook-configuration-mutatingwebhookconfiguration.yaml
@@ -0,0 +1,40 @@
+{{- if .Values.experimentalEnableMutation }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+ creationTimestamp: null
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: gatekeeper-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /v1/mutate
+ failurePolicy: Ignore
+ matchPolicy: Exact
+ name: mutation.gatekeeper.sh
+ namespaceSelector:
+ matchExpressions:
+ - key: admission.gatekeeper.sh/ignore
+ operator: DoesNotExist
+ rules:
+ - apiGroups:
+ - '*'
+ apiVersions:
+ - '*'
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - '*'
+ sideEffects: None
+ timeoutSeconds: 3
+{{- end }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
new file mode 100644
index 000000000..eb5f44fd2
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-validating-webhook-configuration-validatingwebhookconfiguration.yaml
@@ -0,0 +1,66 @@
+{{- if not .Values.disableValidatingWebhook }}
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-validating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: gatekeeper-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /v1/admit
+ failurePolicy: Ignore
+ matchPolicy: Exact
+ name: validation.gatekeeper.sh
+ namespaceSelector:
+ matchExpressions:
+ - key: admission.gatekeeper.sh/ignore
+ operator: DoesNotExist
+ rules:
+ - apiGroups:
+ - '*'
+ apiVersions:
+ - '*'
+ operations:
+ - CREATE
+ - UPDATE
+ {{- if .Values.enableDeleteOperations }}
+ - DELETE
+ {{- end}}
+ resources:
+ - '*'
+ sideEffects: None
+ timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
+- admissionReviewVersions:
+ - v1
+ - v1beta1
+ clientConfig:
+ service:
+ name: gatekeeper-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+ path: /v1/admitlabel
+ failurePolicy: Fail
+ matchPolicy: Exact
+ name: check-ignore-label.gatekeeper.sh
+ rules:
+ - apiGroups:
+ - ""
+ apiVersions:
+ - '*'
+ operations:
+ - CREATE
+ - UPDATE
+ resources:
+ - namespaces
+ sideEffects: None
+ timeoutSeconds: {{ .Values.validatingWebhookTimeoutSeconds }}
+{{- end }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-server-cert-secret.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-server-cert-secret.yaml
new file mode 100644
index 000000000..d6e906a99
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-server-cert-secret.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ annotations: {{- toYaml .Values.secretAnnotations | trim | nindent 4 }}
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-webhook-server-cert
+ namespace: '{{ .Release.Namespace }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-service-service.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-service-service.yaml
new file mode 100644
index 000000000..de7300e92
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/gatekeeper-webhook-service-service.yaml
@@ -0,0 +1,29 @@
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ name: gatekeeper-webhook-service
+ namespace: '{{ .Release.Namespace }}'
+spec:
+ {{- if .Values.service }}
+ type: {{ .Values.service.type | default "ClusterIP" }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ {{- end }}
+ ports:
+ - port: 443
+ targetPort: 8443
+ selector:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ control-plane: controller-manager
+ gatekeeper.sh/operation: webhook
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/namespace-post-install.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/namespace-post-install.yaml
new file mode 100644
index 000000000..ca54d15a7
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/namespace-post-install.yaml
@@ -0,0 +1,98 @@
+{{- if .Values.postInstall.labelNamespace.enabled }}
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: gatekeeper-update-namespace-label
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ chart: '{{ template "gatekeeper.name" . }}'
+ gatekeeper.sh/system: "yes"
+ heritage: '{{ .Release.Service }}'
+ release: '{{ .Release.Name }}'
+ annotations:
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+spec:
+ template:
+ metadata:
+ labels:
+ app: '{{ template "gatekeeper.name" . }}'
+ release: '{{ .Release.Name }}'
+ spec:
+ restartPolicy: OnFailure
+ {{- if .Values.postInstall.labelNamespace.image.pullSecrets }}
+ imagePullSecrets:
+ {{- .Values.postInstall.labelNamespace.image.pullSecrets | toYaml | nindent 12 }}
+ {{- end }}
+ serviceAccount: gatekeeper-update-namespace-label
+ nodeSelector:
+ kubernetes.io/os: linux
+ containers:
+ - name: kubectl-label
+ image: '{{ template "system_default_registry" . }}{{ .Values.postInstall.labelNamespace.image.repository }}:{{ .Values.postInstall.labelNamespace.image.tag }}'
+ imagePullPolicy: {{ .Values.postInstall.labelNamespace.image.pullPolicy }}
+ command:
+ - kubectl
+ - label
+ - ns
+ - {{ .Release.Namespace }}
+ - admission.gatekeeper.sh/ignore=no-self-managing
+ - --overwrite
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: gatekeeper-update-namespace-label
+ labels:
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: gatekeeper-update-namespace-label
+ labels:
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+rules:
+ - apiGroups:
+ - ""
+ resources:
+ - namespaces
+ verbs:
+ - get
+ - update
+ - patch
+ resourceNames:
+ - {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: gatekeeper-update-namespace-label
+ labels:
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ annotations:
+ "helm.sh/hook": post-install
+ "helm.sh/hook-weight": "-5"
+ "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: Role
+ name: gatekeeper-update-namespace-label
+subjects:
+ - kind: ServiceAccount
+ name: gatekeeper-update-namespace-label
+ namespace: {{ .Release.Namespace | quote }}
+
+{{- end }}
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/requiredlabels.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/requiredlabels.yaml
new file mode 100644
index 000000000..e93e6a0a7
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/requiredlabels.yaml
@@ -0,0 +1,57 @@
+apiVersion: templates.gatekeeper.sh/v1beta1
+kind: ConstraintTemplate
+metadata:
+ name: k8srequiredlabels
+spec:
+ crd:
+ spec:
+ names:
+ kind: K8sRequiredLabels
+ validation:
+ # Schema for the `parameters` field
+ openAPIV3Schema:
+ properties:
+ message:
+ type: string
+ labels:
+ type: array
+ items:
+ type: object
+ properties:
+ key:
+ type: string
+ allowedRegex:
+ type: string
+ targets:
+ - target: admission.k8s.gatekeeper.sh
+ rego: |
+ package k8srequiredlabels
+
+ get_message(parameters, _default) = msg {
+ not parameters.message
+ msg := _default
+ }
+
+ get_message(parameters, _default) = msg {
+ msg := parameters.message
+ }
+
+ violation[{"msg": msg, "details": {"missing_labels": missing}}] {
+ provided := {label | input.review.object.metadata.labels[label]}
+ required := {label | label := input.parameters.labels[_].key}
+ missing := required - provided
+ count(missing) > 0
+ def_msg := sprintf("you must provide labels: %v", [missing])
+ msg := get_message(input.parameters, def_msg)
+ }
+
+ violation[{"msg": msg}] {
+ value := input.review.object.metadata.labels[key]
+ expected := input.parameters.labels[_]
+ expected.key == key
+ # do not match if allowedRegex is not defined, or is an empty string
+ expected.allowedRegex != ""
+ not re_match(expected.allowedRegex, value)
+ def_msg := sprintf("Label <%v: %v> does not satisfy allowed regex: %v", [key, value, expected.allowedRegex])
+ msg := get_message(input.parameters, def_msg)
+ }
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/validate-install-crd.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/validate-install-crd.yaml
new file mode 100644
index 000000000..98facd373
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/templates/validate-install-crd.yaml
@@ -0,0 +1,20 @@
+#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}}
+# {{- $found := dict -}}
+# {{- set $found "mutations.gatekeeper.sh/v1alpha1/Assign" false -}}
+# {{- set $found "mutations.gatekeeper.sh/v1alpha1/AssignMetadata" false -}}
+# {{- set $found "config.gatekeeper.sh/v1alpha1/Config" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintPodStatus" false -}}
+# {{- set $found "templates.gatekeeper.sh/v1alpha1/ConstraintTemplate" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/ConstraintTemplatePodStatus" false -}}
+# {{- set $found "status.gatekeeper.sh/v1beta1/MutatorPodStatus" false -}}
+# {{- range .Capabilities.APIVersions -}}
+# {{- if hasKey $found (toString .) -}}
+# {{- set $found (toString .) true -}}
+# {{- end -}}
+# {{- end -}}
+# {{- range $_, $exists := $found -}}
+# {{- if (eq $exists false) -}}
+# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}}
+# {{- end -}}
+# {{- end -}}
+#{{- end -}}
\ No newline at end of file
diff --git a/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/values.yaml b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/values.yaml
new file mode 100644
index 000000000..c57008ad0
--- /dev/null
+++ b/charts/rancher-gatekeeper/rancher-gatekeeper/100.0.0+up3.5.1/values.yaml
@@ -0,0 +1,80 @@
+replicas: 3
+auditInterval: 300
+auditMatchKindOnly: false
+constraintViolationsLimit: 20
+auditFromCache: false
+disableValidatingWebhook: false
+validatingWebhookTimeoutSeconds: 3
+enableDeleteOperations: false
+experimentalEnableMutation: false
+auditChunkSize: 0
+logLevel: INFO
+logDenies: false
+emitAdmissionEvents: false
+emitAuditEvents: false
+postInstall:
+ labelNamespace:
+ enabled: true
+ image:
+ repository: rancher/kubectl
+ tag: v1.20.2
+ pullPolicy: IfNotPresent
+ pullSecrets: []
+image:
+ repository: rancher/mirrored-openpolicyagent-gatekeeper
+ tag: v3.5.1
+ pullPolicy: IfNotPresent
+ pullSecrets: []
+podAnnotations:
+ { container.seccomp.security.alpha.kubernetes.io/manager: runtime/default }
+podLabels: {}
+podCountLimit: 100
+secretAnnotations: {}
+controllerManager:
+ hostNetwork: false
+ priorityClassName: system-cluster-critical
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: gatekeeper.sh/operation
+ operator: In
+ values:
+ - webhook
+ topologyKey: kubernetes.io/hostname
+ weight: 100
+ tolerations: []
+ nodeSelector: { kubernetes.io/os: linux }
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 256Mi
+audit:
+ hostNetwork: false
+ priorityClassName: system-cluster-critical
+ affinity: {}
+ tolerations: []
+ nodeSelector: { kubernetes.io/os: linux }
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 512Mi
+ requests:
+ cpu: 100m
+ memory: 256Mi
+pdb:
+ controllerManager:
+ minAvailable: 1
+global:
+ cattle:
+ systemDefaultRegistry: ""
+ kubectl:
+ repository: rancher/kubectl
+ tag: v1.20.2
+service: {}
+disabledBuiltins:
diff --git a/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/Chart.yaml
new file mode 100644
index 000000000..86c169a3d
--- /dev/null
+++ b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/Chart.yaml
@@ -0,0 +1,11 @@
+annotations:
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/release-name: rancher-gke-operator-crd
+apiVersion: v2
+appVersion: 1.1.1
+description: GKE Operator CustomResourceDefinitions
+name: rancher-gke-operator-crd
+version: 100.0.0+up1.1.1
diff --git a/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/templates/crds.yaml b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/templates/crds.yaml
new file mode 100644
index 000000000..592d30c6a
--- /dev/null
+++ b/charts/rancher-gke-operator-crd/rancher-gke-operator-crd/100.0.0+up1.1.1/templates/crds.yaml
@@ -0,0 +1,249 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ helm.sh/resource-policy: keep
+ name: gkeclusterconfigs.gke.cattle.io
+spec:
+ group: gke.cattle.io
+ names:
+ kind: GKEClusterConfig
+ plural: gkeclusterconfigs
+ shortNames:
+ - gkecc
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ properties:
+ spec:
+ properties:
+ clusterAddons:
+ nullable: true
+ properties:
+ horizontalPodAutoscaling:
+ type: boolean
+ httpLoadBalancing:
+ type: boolean
+ networkPolicyConfig:
+ type: boolean
+ type: object
+ clusterIpv4Cidr:
+ nullable: true
+ type: string
+ clusterName:
+ nullable: true
+ type: string
+ description:
+ nullable: true
+ type: string
+ enableKubernetesAlpha:
+ nullable: true
+ type: boolean
+ googleCredentialSecret:
+ nullable: true
+ type: string
+ imported:
+ type: boolean
+ ipAllocationPolicy:
+ nullable: true
+ properties:
+ clusterIpv4CidrBlock:
+ nullable: true
+ type: string
+ clusterSecondaryRangeName:
+ nullable: true
+ type: string
+ createSubnetwork:
+ type: boolean
+ nodeIpv4CidrBlock:
+ nullable: true
+ type: string
+ servicesIpv4CidrBlock:
+ nullable: true
+ type: string
+ servicesSecondaryRangeName:
+ nullable: true
+ type: string
+ subnetworkName:
+ nullable: true
+ type: string
+ useIpAliases:
+ type: boolean
+ type: object
+ kubernetesVersion:
+ nullable: true
+ type: string
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ locations:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ loggingService:
+ nullable: true
+ type: string
+ maintenanceWindow:
+ nullable: true
+ type: string
+ masterAuthorizedNetworks:
+ nullable: true
+ properties:
+ cidrBlocks:
+ items:
+ properties:
+ cidrBlock:
+ nullable: true
+ type: string
+ displayName:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ enabled:
+ type: boolean
+ type: object
+ monitoringService:
+ nullable: true
+ type: string
+ network:
+ nullable: true
+ type: string
+ networkPolicyEnabled:
+ nullable: true
+ type: boolean
+ nodePools:
+ items:
+ properties:
+ autoscaling:
+ nullable: true
+ properties:
+ enabled:
+ type: boolean
+ maxNodeCount:
+ type: integer
+ minNodeCount:
+ type: integer
+ type: object
+ config:
+ nullable: true
+ properties:
+ diskSizeGb:
+ type: integer
+ diskType:
+ nullable: true
+ type: string
+ imageType:
+ nullable: true
+ type: string
+ labels:
+ additionalProperties:
+ nullable: true
+ type: string
+ nullable: true
+ type: object
+ localSsdCount:
+ type: integer
+ machineType:
+ nullable: true
+ type: string
+ oauthScopes:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ preemptible:
+ type: boolean
+ tags:
+ items:
+ nullable: true
+ type: string
+ nullable: true
+ type: array
+ taints:
+ items:
+ properties:
+ effect:
+ nullable: true
+ type: string
+ key:
+ nullable: true
+ type: string
+ value:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ type: object
+ initialNodeCount:
+ nullable: true
+ type: integer
+ management:
+ nullable: true
+ properties:
+ autoRepair:
+ type: boolean
+ autoUpgrade:
+ type: boolean
+ type: object
+ maxPodsConstraint:
+ nullable: true
+ type: integer
+ name:
+ nullable: true
+ type: string
+ version:
+ nullable: true
+ type: string
+ type: object
+ nullable: true
+ type: array
+ privateClusterConfig:
+ nullable: true
+ properties:
+ enablePrivateEndpoint:
+ type: boolean
+ enablePrivateNodes:
+ type: boolean
+ masterIpv4CidrBlock:
+ nullable: true
+ type: string
+ type: object
+ projectID:
+ nullable: true
+ type: string
+ region:
+ nullable: true
+ type: string
+ subnetwork:
+ nullable: true
+ type: string
+ zone:
+ nullable: true
+ type: string
+ type: object
+ status:
+ properties:
+ failureMessage:
+ nullable: true
+ type: string
+ phase:
+ nullable: true
+ type: string
+ type: object
+ type: object
+ version: v1
+ versions:
+ - name: v1
+ served: true
+ storage: true
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/Chart.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/Chart.yaml
new file mode 100644
index 000000000..8ed7a8502
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/Chart.yaml
@@ -0,0 +1,18 @@
+annotations:
+ catalog.cattle.io/auto-install: rancher-gke-operator-crd=match
+ catalog.cattle.io/certified: rancher
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/namespace: cattle-system
+ catalog.cattle.io/os: linux
+ catalog.cattle.io/provides-gvr: gkeclusterconfigs.gke.cattle.io/v1
+ catalog.cattle.io/rancher-version: '>= 2.6.0-alpha'
+ catalog.cattle.io/release-name: rancher-gke-operator
+ catalog.cattle.io/scope: management
+apiVersion: v2
+appVersion: 1.1.1
+description: A Helm chart for provisioning GKE clusters
+home: https://github.com/rancher/gke-operator
+name: rancher-gke-operator
+sources:
+- https://github.com/rancher/gke-operator
+version: 100.0.0+up1.1.1
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/NOTES.txt b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/NOTES.txt
new file mode 100644
index 000000000..238173d1b
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/NOTES.txt
@@ -0,0 +1,4 @@
+You have deployed the Rancher GKE operator
+Version: {{ .Chart.AppVersion }}
+Description: This operator provisions GKE clusters
+from GKEClusterConfig CRs.
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/_helpers.tpl b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/_helpers.tpl
new file mode 100644
index 000000000..be11b4a66
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/_helpers.tpl
@@ -0,0 +1,9 @@
+{{/* vim: set filetype=mustache: */}}
+
+{{- define "system_default_registry" -}}
+{{- if .Values.global.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrole.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrole.yaml
new file mode 100644
index 000000000..7c352696e
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrole.yaml
@@ -0,0 +1,15 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+ name: gke-operator
+ namespace: cattle-system
+rules:
+ - apiGroups: ['']
+ resources: ['secrets']
+ verbs: ['get', 'list', 'create', 'watch']
+ - apiGroups: ['gke.cattle.io']
+ resources: ['gkeclusterconfigs']
+ verbs: ['get', 'list', 'update', 'watch']
+ - apiGroups: ['gke.cattle.io']
+ resources: ['gkeclusterconfigs/status']
+ verbs: ['update']
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml
new file mode 100644
index 000000000..e2af390c7
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/clusterrolebinding.yaml
@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: gke-operator
+ namespace: cattle-system
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: gke-operator
+subjects:
+- kind: ServiceAccount
+ name: gke-operator
+ namespace: cattle-system
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/deployment.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/deployment.yaml
new file mode 100644
index 000000000..acc3930ee
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/deployment.yaml
@@ -0,0 +1,50 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: gke-config-operator
+ namespace: cattle-system
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ ke.cattle.io/operator: gke
+ template:
+ metadata:
+ labels:
+ ke.cattle.io/operator: gke
+ spec:
+ serviceAccountName: gke-operator
+ securityContext:
+ fsGroup: 1007
+ runAsUser: 1007
+ containers:
+ - name: rancher-gke-operator
+ image: {{ template "system_default_registry" . }}{{ .Values.gkeOperator.image.repository }}:{{ .Values.gkeOperator.image.tag }}
+ imagePullPolicy: IfNotPresent
+ env:
+ - name: HTTP_PROXY
+ value: {{ .Values.httpProxy }}
+ - name: HTTPS_PROXY
+ value: {{ .Values.httpsProxy }}
+ - name: NO_PROXY
+ value: {{ .Values.noProxy }}
+{{- if .Values.additionalTrustedCAs }}
+ # gke-operator mounts the additional CAs in two places:
+ volumeMounts:
+ # This directory is owned by the gke-operator user so c_rehash works here.
+ - mountPath: /etc/rancher/ssl/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ # This directory is root-owned so c_rehash doesn't work here,
+ # but the cert is here in case update-ca-certificates is called in the future or by the OS.
+ - mountPath: /etc/pki/trust/anchors/ca-additional.pem
+ name: tls-ca-additional-volume
+ subPath: ca-additional.pem
+ readOnly: true
+ volumes:
+ - name: tls-ca-additional-volume
+ secret:
+ defaultMode: 0400
+ secretName: tls-ca-additional
+ {{- end }}
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml
new file mode 100644
index 000000000..ba52af628
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/templates/serviceaccount.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ namespace: cattle-system
+ name: gke-operator
diff --git a/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/values.yaml b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/values.yaml
new file mode 100644
index 000000000..ce6d5af13
--- /dev/null
+++ b/charts/rancher-gke-operator/rancher-gke-operator/100.0.0+up1.1.1/values.yaml
@@ -0,0 +1,12 @@
+global:
+ systemDefaultRegistry: ""
+
+gkeOperator:
+ image:
+ repository: rancher/gke-operator
+ tag: v1.1.1
+
+httpProxy: ""
+httpsProxy: ""
+noProxy: ""
+additionalTrustedCAs: false
diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore
new file mode 100644
index 000000000..8cade1318
--- /dev/null
+++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.vscode
+.project
+.idea/
+*.tmproj
+OWNERS
diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml
new file mode 100644
index 000000000..1b5c93f0f
--- /dev/null
+++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/Chart.yaml
@@ -0,0 +1,28 @@
+annotations:
+ catalog.cattle.io/hidden: "true"
+ catalog.cattle.io/os: linux
+ catalog.rancher.io/certified: rancher
+ catalog.rancher.io/namespace: cattle-monitoring-system
+ catalog.rancher.io/release-name: rancher-grafana
+apiVersion: v2
+appVersion: 7.5.8
+description: The leading tool for querying and visualizing time series and metrics.
+home: https://grafana.net
+icon: https://raw.githubusercontent.com/grafana/grafana/master/public/img/logo_transparent_400x.png
+kubeVersion: ^1.8.0-0
+maintainers:
+- email: zanhsieh@gmail.com
+ name: zanhsieh
+- email: rluckie@cisco.com
+ name: rtluckie
+- email: maor.friedman@redhat.com
+ name: maorfr
+- email: miroslav.hadzhiev@gmail.com
+ name: Xtigyro
+- email: mail@torstenwalter.de
+ name: torstenwalter
+name: rancher-grafana
+sources:
+- https://github.com/grafana/grafana
+type: application
+version: 100.0.0+up6.11.0
diff --git a/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md
new file mode 100644
index 000000000..3d1d73e48
--- /dev/null
+++ b/charts/rancher-grafana/rancher-grafana/100.0.0+up6.11.0/README.md
@@ -0,0 +1,526 @@
+# Grafana Helm Chart
+
+* Installs the web dashboarding system [Grafana](http://grafana.org/)
+
+## Get Repo Info
+
+```console
+helm repo add grafana https://grafana.github.io/helm-charts
+helm repo update
+```
+
+_See [helm repo](https://helm.sh/docs/helm/helm_repo/) for command documentation._
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install my-release grafana/grafana
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the my-release deployment:
+
+```console
+helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Upgrading an existing Release to a new major version
+
+A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an
+incompatible breaking change needing manual actions.
+
+### To 4.0.0 (And 3.12.1)
+
+This version requires Helm >= 2.12.0.
+
+### To 5.0.0
+
+You have to add --force to your helm upgrade command as the labels of the chart have changed.
+
+### To 6.0.0
+
+This version requires Helm >= 3.1.0.
+
+## Configuration
+
+| Parameter | Description | Default |
+|-------------------------------------------|-----------------------------------------------|---------------------------------------------------------|
+| `replicas` | Number of nodes | `1` |
+| `podDisruptionBudget.minAvailable` | Pod disruption minimum available | `nil` |
+| `podDisruptionBudget.maxUnavailable` | Pod disruption maximum unavailable | `nil` |
+| `deploymentStrategy` | Deployment strategy | `{ "type": "RollingUpdate" }` |
+| `livenessProbe` | Liveness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } "initialDelaySeconds": 60, "timeoutSeconds": 30, "failureThreshold": 10 }` |
+| `readinessProbe` | Readiness Probe settings | `{ "httpGet": { "path": "/api/health", "port": 3000 } }`|
+| `securityContext` | Deployment securityContext | `{"runAsUser": 472, "runAsGroup": 472, "fsGroup": 472}` |
+| `priorityClassName` | Name of Priority Class to assign pods | `nil` |
+| `image.repository` | Image repository | `grafana/grafana` |
+| `image.tag` | Image tag (`Must be >= 5.0.0`) | `7.4.5` |
+| `image.sha` | Image sha (optional) | `2b56f6106ddc376bb46d974230d530754bf65a640dfbc5245191d72d3b49efc6` |
+| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
+| `image.pullSecrets` | Image pull secrets | `{}` |
+| `service.enabled` | Enable grafana service | `true` |
+| `service.type` | Kubernetes service type | `ClusterIP` |
+| `service.port` | Kubernetes port where service is exposed | `80` |
+| `service.portName` | Name of the port on the service | `service` |
+| `service.targetPort` | Internal service is port | `3000` |
+| `service.nodePort` | Kubernetes service nodePort | `nil` |
+| `service.annotations` | Service annotations | `{}` |
+| `service.labels` | Custom labels | `{}` |
+| `service.clusterIP` | internal cluster service IP | `nil` |
+| `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `nil` |
+| `service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to lb (if supported) | `[]` |
+| `service.externalIPs` | service external IP addresses | `[]` |
+| `extraExposePorts` | Additional service ports for sidecar containers| `[]` |
+| `hostAliases` | adds rules to the pod's /etc/hosts | `[]` |
+| `ingress.enabled` | Enables Ingress | `false` |
+| `ingress.annotations` | Ingress annotations (values are templated) | `{}` |
+| `ingress.labels` | Custom labels | `{}` |
+| `ingress.path` | Ingress accepted path | `/` |
+| `ingress.pathType` | Ingress type of path | `Prefix` |
+| `ingress.hosts` | Ingress accepted hostnames | `["chart-example.local"]` |
+| `ingress.extraPaths` | Ingress extra paths to prepend to every host configuration. Useful when configuring [custom actions with AWS ALB Ingress Controller](https://kubernetes-sigs.github.io/aws-alb-ingress-controller/guide/ingress/annotation/#actions). Requires `ingress.hosts` to have one or more host entries. | `[]` |
+| `ingress.tls` | Ingress TLS configuration | `[]` |
+| `resources` | CPU/Memory resource requests/limits | `{}` |
+| `nodeSelector` | Node labels for pod assignment | `{}` |
+| `tolerations` | Toleration labels for pod assignment | `[]` |
+| `affinity` | Affinity settings for pod assignment | `{}` |
+| `extraInitContainers` | Init containers to add to the grafana pod | `{}` |
+| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` |
+| `extraContainerVolumes` | Volumes that can be mounted in sidecar containers | `[]` |
+| `extraLabels` | Custom labels for all manifests | `{}` |
+| `schedulerName` | Name of the k8s scheduler (other than default) | `nil` |
+| `persistence.enabled` | Use persistent volume to store data | `false` |
+| `persistence.type` | Type of persistence (`pvc` or `statefulset`) | `pvc` |
+| `persistence.size` | Size of persistent volume claim | `10Gi` |
+| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` |
+| `persistence.storageClassName` | Type of persistent volume claim | `nil` |
+| `persistence.accessModes` | Persistence access modes | `[ReadWriteOnce]` |
+| `persistence.annotations` | PersistentVolumeClaim annotations | `{}` |
+| `persistence.finalizers` | PersistentVolumeClaim finalizers | `[ "kubernetes.io/pvc-protection" ]` |
+| `persistence.subPath` | Mount a sub dir of the persistent volume | `nil` |
+| `persistence.inMemory.enabled` | If persistence is not enabled, whether to mount the local storage in-memory to improve performance | `false` |
+| `persistence.inMemory.sizeLimit` | SizeLimit for the in-memory local storage | `nil` |
+| `initChownData.enabled` | If false, don't reset data ownership at startup | true |
+| `initChownData.image.repository` | init-chown-data container image repository | `busybox` |
+| `initChownData.image.tag` | init-chown-data container image tag | `1.31.1` |
+| `initChownData.image.sha` | init-chown-data container image sha (optional)| `""` |
+| `initChownData.image.pullPolicy` | init-chown-data container image pull policy | `IfNotPresent` |
+| `initChownData.resources` | init-chown-data pod resource requests & limits | `{}` |
+| `schedulerName` | Alternate scheduler name | `nil` |
+| `env` | Extra environment variables passed to pods | `{}` |
+| `envValueFrom` | Environment variables from alternate sources. See the API docs on [EnvVarSource](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.17/#envvarsource-v1-core) for format details. | `{}` |
+| `envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
+| `envRenderSecret` | Sensible environment variables passed to pods and stored as secret | `{}` |
+| `extraSecretMounts` | Additional grafana server secret mounts | `[]` |
+| `extraVolumeMounts` | Additional grafana server volume mounts | `[]` |
+| `extraConfigmapMounts` | Additional grafana server configMap volume mounts | `[]` |
+| `extraEmptyDirMounts` | Additional grafana server emptyDir volume mounts | `[]` |
+| `plugins` | Plugins to be loaded along with Grafana | `[]` |
+| `datasources` | Configure grafana datasources (passed through tpl) | `{}` |
+| `notifiers` | Configure grafana notifiers | `{}` |
+| `dashboardProviders` | Configure grafana dashboard providers | `{}` |
+| `dashboards` | Dashboards to import | `{}` |
+| `dashboardsConfigMaps` | ConfigMaps reference that contains dashboards | `{}` |
+| `grafana.ini` | Grafana's primary configuration | `{}` |
+| `ldap.enabled` | Enable LDAP authentication | `false` |
+| `ldap.existingSecret` | The name of an existing secret containing the `ldap.toml` file, this must have the key `ldap-toml`. | `""` |
+| `ldap.config` | Grafana's LDAP configuration | `""` |
+| `annotations` | Deployment annotations | `{}` |
+| `labels` | Deployment labels | `{}` |
+| `podAnnotations` | Pod annotations | `{}` |
+| `podLabels` | Pod labels | `{}` |
+| `podPortName` | Name of the grafana port on the pod | `grafana` |
+| `sidecar.image.repository` | Sidecar image repository | `quay.io/kiwigrid/k8s-sidecar` |
+| `sidecar.image.tag` | Sidecar image tag | `1.10.7` |
+| `sidecar.image.sha` | Sidecar image sha (optional) | `""` |
+| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` |
+| `sidecar.resources` | Sidecar resources | `{}` |
+| `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable | `false` |
+| `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` |
+| `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` |
+| `sidecar.dashboards.provider.name` | Unique name of the grafana provider | `sidecarProvider` |
+| `sidecar.dashboards.provider.orgid` | Id of the organisation, to which the dashboards should be added | `1` |
+| `sidecar.dashboards.provider.folder` | Logical folder in which grafana groups dashboards | `""` |
+| `sidecar.dashboards.provider.disableDelete` | Activate to avoid the deletion of imported dashboards | `false` |
+| `sidecar.dashboards.provider.allowUiUpdates` | Allow updating provisioned dashboards from the UI | `false` |
+| `sidecar.dashboards.provider.type` | Provider type | `file` |
+| `sidecar.dashboards.provider.foldersFromFilesStructure` | Allow Grafana to replicate dashboard structure from filesystem. | `false` |
+| `sidecar.dashboards.watchMethod` | Method to use to detect ConfigMap changes. With WATCH the sidecar will do a WATCH requests, with SLEEP it will list all ConfigMaps, then sleep for 60 seconds. | `WATCH` |
+| `sidecar.skipTlsVerify` | Set to true to skip tls verification for kube api calls | `nil` |
+| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` |
+| `sidecar.dashboards.labelValue` | Label value that config maps with dashboards should have to be added | `nil` |
+| `sidecar.dashboards.folder` | Folder in the pod that should hold the collected dashboards (unless `sidecar.dashboards.defaultFolderName` is set). This path will be mounted. | `/tmp/dashboards` |
+| `sidecar.dashboards.folderAnnotation` | The annotation the sidecar will look for in configmaps to override the destination folder for files | `nil` |
+| `sidecar.dashboards.defaultFolderName` | The default folder name, it will create a subfolder under the `sidecar.dashboards.folder` and put dashboards in there instead | `nil` |
+| `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
+| `sidecar.dashboards.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
+| `sidecar.datasources.enabled` | Enables the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` |
+| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` |
+| `sidecar.datasources.labelValue` | Label value that config maps with datasources should have to be added | `nil` |
+| `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
+| `sidecar.datasources.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
+| `sidecar.notifiers.enabled` | Enables the cluster wide search for notifiers and adds/updates/deletes them in grafana | `false` |
+| `sidecar.notifiers.label` | Label that config maps with notifiers should have to be added | `grafana_notifier` |
+| `sidecar.notifiers.searchNamespace` | If specified, the sidecar will search for notifiers config-maps (or secrets) inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` |
+| `sidecar.notifiers.resource` | Should the sidecar looks into secrets, configmaps or both. | `both` |
+| `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` |
+| `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` |
+| `smtp.passwordKey` | The key in the existing SMTP secret containing the password. | `"password"` |
+| `admin.existingSecret` | The name of an existing secret containing the admin credentials. | `""` |
+| `admin.userKey` | The key in the existing admin secret containing the username. | `"admin-user"` |
+| `admin.passwordKey` | The key in the existing admin secret containing the password. | `"admin-password"` |
+| `serviceAccount.annotations` | ServiceAccount annotations | |
+| `serviceAccount.create` | Create service account | `true` |
+| `serviceAccount.name` | Service account name to use, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `` |
+| `serviceAccount.nameTest` | Service account name to use for test, when empty will be set to created account if `serviceAccount.create` is set else to `default` | `nil` |
+| `rbac.create` | Create and use RBAC resources | `true` |
+| `rbac.namespaced` | Creates Role and Rolebinding instead of the default ClusterRole and ClusteRoleBindings for the grafana instance | `false` |
+| `rbac.useExistingRole` | Set to a rolename to use existing role - skipping role creating - but still doing serviceaccount and rolebinding to the rolename set here. | `nil` |
+| `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` |
+| `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` |
+| `rbac.extraRoleRules` | Additional rules to add to the Role | [] |
+| `rbac.extraClusterRoleRules` | Additional rules to add to the ClusterRole | [] |
+| `command` | Define command to be executed by grafana container at startup | `nil` |
+| `testFramework.enabled` | Whether to create test-related resources | `true` |
+| `testFramework.image` | `test-framework` image repository. | `bats/bats` |
+| `testFramework.tag` | `test-framework` image tag. | `v1.1.0` |
+| `testFramework.imagePullPolicy` | `test-framework` image pull policy. | `IfNotPresent` |
+| `testFramework.securityContext` | `test-framework` securityContext | `{}` |
+| `downloadDashboards.env` | Environment variables to be passed to the `download-dashboards` container | `{}` |
+| `downloadDashboards.envFromSecret` | Name of a Kubernetes secret (must be manually created in the same namespace) containing values to be added to the environment. Can be templated | `""` |
+| `downloadDashboards.resources` | Resources of `download-dashboards` container | `{}` |
+| `downloadDashboardsImage.repository` | Curl docker image repo | `curlimages/curl` |
+| `downloadDashboardsImage.tag` | Curl docker image tag | `7.73.0` |
+| `downloadDashboardsImage.sha` | Curl docker image sha (optional) | `""` |
+| `downloadDashboardsImage.pullPolicy` | Curl docker image pull policy | `IfNotPresent` |
+| `namespaceOverride` | Override the deployment namespace | `""` (`Release.Namespace`) |
+| `serviceMonitor.enabled` | Use servicemonitor from prometheus operator | `false` |
+| `serviceMonitor.namespace` | Namespace this servicemonitor is installed in | |
+| `serviceMonitor.interval` | How frequently Prometheus should scrape | `1m` |
+| `serviceMonitor.path` | Path to scrape | `/metrics` |
+| `serviceMonitor.scheme` | Scheme to use for metrics scraping | `http` |
+| `serviceMonitor.tlsConfig` | TLS configuration block for the endpoint | `{}` |
+| `serviceMonitor.labels` | Labels for the servicemonitor passed to Prometheus Operator | `{}` |
+| `serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `30s` |
+| `serviceMonitor.relabelings` | MetricRelabelConfigs to apply to samples before ingestion. | `[]` |
+| `revisionHistoryLimit` | Number of old ReplicaSets to retain | `10` |
+| `imageRenderer.enabled` | Enable the image-renderer deployment & service | `false` |
+| `imageRenderer.image.repository` | image-renderer Image repository | `grafana/grafana-image-renderer` |
+| `imageRenderer.image.tag` | image-renderer Image tag | `latest` |
+| `imageRenderer.image.sha` | image-renderer Image sha (optional) | `""` |
+| `imageRenderer.image.pullPolicy` | image-renderer ImagePullPolicy | `Always` |
+| `imageRenderer.env` | extra env-vars for image-renderer | `{}` |
+| `imageRenderer.serviceAccountName` | image-renderer deployment serviceAccountName | `""` |
+| `imageRenderer.securityContext` | image-renderer deployment securityContext | `{}` |
+| `imageRenderer.hostAliases` | image-renderer deployment Host Aliases | `[]` |
+| `imageRenderer.priorityClassName` | image-renderer deployment priority class | `''` |
+| `imageRenderer.service.enabled` | Enable the image-renderer service | `true` |
+| `imageRenderer.service.portName` | image-renderer service port name | `'http'` |
+| `imageRenderer.service.port` | image-renderer service port used by both service and deployment | `8081` |
+| `imageRenderer.grafanaSubPath` | Grafana sub path to use for image renderer callback url | `''` |
+| `imageRenderer.podPortName` | name of the image-renderer port on the pod | `http` |
+| `imageRenderer.revisionHistoryLimit` | number of image-renderer replica sets to keep | `10` |
+| `imageRenderer.networkPolicy.limitIngress` | Enable a NetworkPolicy to limit inbound traffic from only the created grafana pods | `true` |
+| `imageRenderer.networkPolicy.limitEgress` | Enable a NetworkPolicy to limit outbound traffic to only the created grafana pods | `false` |
+| `imageRenderer.resources` | Set resource limits for image-renderer pdos | `{}` |
+
+### Example ingress with path
+
+With grafana 6.3 and above
+```yaml
+grafana.ini:
+ server:
+ domain: monitoring.example.com
+ root_url: "%(protocol)s://%(domain)s/grafana"
+ serve_from_sub_path: true
+ingress:
+ enabled: true
+ hosts:
+ - "monitoring.example.com"
+ path: "/grafana"
+```
+
+### Example of extraVolumeMounts
+
+Volume can be type persistentVolumeClaim or hostPath but not both at same time.
+If none existingClaim or hostPath argument is givent then type is emptyDir.
+
+```yaml
+- extraVolumeMounts:
+ - name: plugins
+ mountPath: /var/lib/grafana/plugins
+ subPath: configs/grafana/plugins
+ existingClaim: existing-grafana-claim
+ readOnly: false
+ - name: dashboards
+ mountPath: /var/lib/grafana/dashboards
+ hostPath: /usr/shared/grafana/dashboards
+ readOnly: false
+```
+
+## Import dashboards
+
+There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method:
+
+```yaml
+dashboards:
+ default:
+ some-dashboard:
+ json: |
+ {
+ "annotations":
+
+ ...
+ # Complete json file here
+ ...
+
+ "title": "Some Dashboard",
+ "uid": "abcd1234",
+ "version": 1
+ }
+ custom-dashboard:
+ # This is a path to a file inside the dashboards directory inside the chart directory
+ file: dashboards/custom-dashboard.json
+ prometheus-stats:
+ # Ref: https://grafana.com/dashboards/2
+ gnetId: 2
+ revision: 2
+ datasource: Prometheus
+ local-dashboard:
+ url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json
+```
+
+## BASE64 dashboards
+
+Dashboards could be stored on a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit)
+A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk.
+If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk.
+
+### Gerrit use case
+
+Gerrit API for download files has the following schema: where {project-name} and
+{file-id} usually has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard
+the url value is
+
+## Sidecar for dashboards
+
+If the parameter `sidecar.dashboards.enabled` is set, a sidecar container is deployed in the grafana
+pod. This container watches all configmaps (or secrets) in the cluster and filters out the ones with
+a label as defined in `sidecar.dashboards.label`. The files defined in those configmaps are written
+to a folder and accessed by grafana. Changes to the configmaps are monitored and the imported
+dashboards are deleted/updated.
+
+A recommendation is to use one configmap per dashboard, as a reduction of multiple dashboards inside
+one configmap is currently not properly mirrored in grafana.
+
+Example dashboard config:
+
+```yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: sample-grafana-dashboard
+ labels:
+ grafana_dashboard: "1"
+data:
+ k8s-dashboard.json: |-
+ [...]
+```
+
+## Sidecar for datasources
+
+If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana
+pod. This container lists all secrets (or configmaps, though not recommended) in the cluster and
+filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in
+those secrets are written to a folder and accessed by grafana on startup. Using these yaml files,
+the data sources in grafana can be imported.
+
+Secrets are recommended over configmaps for this usecase because datasources usually contain private
+data like usernames and passwords. Secrets are the more appropriate cluster resource to manage those.
+
+Example values to add a datasource adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file):
+
+```yaml
+datasources:
+ datasources.yaml:
+ apiVersion: 1
+ datasources:
+ # name of the datasource. Required
+ - name: Graphite
+ # datasource type. Required
+ type: graphite
+ # access mode. proxy or direct (Server or Browser in the UI). Required
+ access: proxy
+ # org id. will default to orgId 1 if not specified
+ orgId: 1
+ # url
+ url: http://localhost:8080
+ # database password, if used
+ password:
+ # database user, if used
+ user:
+ # database name, if used
+ database:
+ # enable/disable basic auth
+ basicAuth:
+ # basic auth username
+ basicAuthUser:
+ # basic auth password
+ basicAuthPassword:
+ # enable/disable with credentials headers
+ withCredentials:
+ # mark as default datasource. Max one per org
+ isDefault:
+ #