diff --git a/assets/fleet/fleet-100.1.0+up0.4.0.tgz b/assets/fleet/fleet-100.1.0+up0.4.0.tgz new file mode 100644 index 000000000..0fb2c4a8f Binary files /dev/null and b/assets/fleet/fleet-100.1.0+up0.4.0.tgz differ diff --git a/charts/fleet/100.1.0+up0.4.0/Chart.yaml b/charts/fleet/100.1.0+up0.4.0/Chart.yaml new file mode 100644 index 000000000..e203823ac --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/Chart.yaml @@ -0,0 +1,22 @@ +annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.25.0-0' + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' + catalog.cattle.io/release-name: fleet +apiVersion: v2 +appVersion: 0.4.0 +dependencies: +- condition: gitops.enabled + name: gitjob + repository: file://./charts/gitjob +description: Fleet Manager - GitOps at Scale +icon: https://charts.rancher.io/assets/logos/fleet.svg +name: fleet +version: 100.1.0+up0.4.0 diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/.helmignore b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/.helmignore new file mode 100644 index 000000000..691fa13d6 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ \ No newline at end of file diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/Chart.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/Chart.yaml new file mode 100644 index 000000000..5fb993ef1 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/Chart.yaml @@ -0,0 +1,5 @@ +apiVersion: v2 +appVersion: 0.1.32 +description: Controller that run jobs based on git events +name: gitjob +version: 0.1.32 diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/_helpers.tpl b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/_helpers.tpl new file mode 100644 index 000000000..6cd96c3ac --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} \ No newline at end of file diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/clusterrole.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/clusterrole.yaml new file mode 100644 index 000000000..bcad90164 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/clusterrole.yaml @@ -0,0 +1,38 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: gitjob +rules: + - apiGroups: + - "batch" + resources: + - 'jobs' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'pods' + verbs: + - 'list' + - 'get' + - 'watch' + - apiGroups: + - "" + resources: + - 'secrets' + verbs: + - '*' + - apiGroups: + - "" + resources: + - 'configmaps' + verbs: + - '*' + - apiGroups: + - "gitjob.cattle.io" + resources: + - "gitjobs" + - "gitjobs/status" + verbs: + - "*" \ No newline at end of file diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/clusterrolebinding.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..0bf07c4ef --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: gitjob-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/deployment.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/deployment.yaml new file mode 100644 index 000000000..86bb61edd --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/deployment.yaml @@ -0,0 +1,45 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: gitjob +spec: + selector: + matchLabels: + app: "gitjob" + template: + metadata: + labels: + app: "gitjob" + spec: + serviceAccountName: gitjob + containers: + - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}" + name: gitjob + command: + - gitjob + {{- if .Values.debug }} + - --debug + {{- end }} + - --tekton-image + - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}" + env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/leases.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/leases.yaml new file mode 100644 index 000000000..51f933950 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/leases.yaml @@ -0,0 +1,23 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: gitjob +rules: + - apiGroups: + - "coordination.k8s.io" + resources: + - "leases" + verbs: + - "*" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: gitjob +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: gitjob +subjects: + - kind: ServiceAccount + name: gitjob diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/service.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/service.yaml new file mode 100644 index 000000000..bf57c1b55 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/service.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Service +metadata: + name: gitjob +spec: + ports: + - name: http-80 + port: 80 + protocol: TCP + targetPort: 8080 + selector: + app: "gitjob" \ No newline at end of file diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/serviceaccount.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/serviceaccount.yaml new file mode 100644 index 000000000..5f8aecb04 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: gitjob diff --git a/charts/fleet/100.1.0+up0.4.0/charts/gitjob/values.yaml b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/values.yaml new file mode 100644 index 000000000..23b96c32f --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/charts/gitjob/values.yaml @@ -0,0 +1,26 @@ +gitjob: + repository: rancher/gitjob + tag: v0.1.32 + +tekton: + repository: rancher/tekton-utils + tag: v0.1.7 + +global: + cattle: + systemDefaultRegistry: "" + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +debug: false diff --git a/charts/fleet/100.1.0+up0.4.0/templates/_helpers.tpl b/charts/fleet/100.1.0+up0.4.0/templates/_helpers.tpl new file mode 100644 index 000000000..6cd96c3ac --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/templates/_helpers.tpl @@ -0,0 +1,22 @@ +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} \ No newline at end of file diff --git a/charts/fleet/100.1.0+up0.4.0/templates/configmap.yaml b/charts/fleet/100.1.0+up0.4.0/templates/configmap.yaml new file mode 100644 index 000000000..6b8d6f05a --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/templates/configmap.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: fleet-controller +data: + config: | + { + "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}", + "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}", + "apiServerURL": "{{.Values.apiServerURL}}", + "apiServerCA": "{{b64enc .Values.apiServerCA}}", + "agentCheckinInterval": "{{.Values.agentCheckinInterval}}", + "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}}, + "bootstrap": { + "paths": "{{.Values.bootstrap.paths}}", + "repo": "{{.Values.bootstrap.repo}}", + "secret": "{{.Values.bootstrap.secret}}", + "branch": "{{.Values.bootstrap.branch}}", + "namespace": "{{.Values.bootstrap.namespace}}", + "agentNamespace": "{{.Values.bootstrap.agentNamespace}}", + }, + "webhookReceiverURL": "{{.Values.webhookReceiverURL}}", + "githubURLPrefix": "{{.Values.githubURLPrefix}}" + } diff --git a/charts/fleet/100.1.0+up0.4.0/templates/deployment.yaml b/charts/fleet/100.1.0+up0.4.0/templates/deployment.yaml new file mode 100644 index 000000000..c2a952f18 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/templates/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: fleet-controller +spec: + selector: + matchLabels: + app: fleet-controller + template: + metadata: + labels: + app: fleet-controller + spec: + containers: + - env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.proxy }} + - name: HTTP_PROXY + value: {{ .Values.proxy }} + - name: HTTPS_PROXY + value: {{ .Values.proxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} + {{- end }} + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: fleet-controller + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" + command: + - fleetcontroller + {{- if .Values.debug }} + - --debug + - --debug-level + - {{ quote .Values.debugLevel }} + {{- end }} + {{- if not .Values.gitops.enabled }} + - --disable-gitops + {{- end }} + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + serviceAccountName: fleet-controller + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + securityContext: + runAsNonRoot: true + runAsUser: 1000 + runAsGroup: 1000 diff --git a/charts/fleet/100.1.0+up0.4.0/templates/rbac.yaml b/charts/fleet/100.1.0+up0.4.0/templates/rbac.yaml new file mode 100644 index 000000000..d9f9c4a1f --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/templates/rbac.yaml @@ -0,0 +1,112 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller +rules: +- apiGroups: + - gitjob.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - fleet.cattle.io + resources: + - '*' + verbs: + - '*' +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - '*' +- apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + namespace: {{.Release.Namespace}} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: fleet-controller +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - '*' +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - '*' + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: fleet-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: fleet-controller +subjects: +- kind: ServiceAccount + name: fleet-controller + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: fleet-controller-bootstrap +rules: +- apiGroups: + - '*' + resources: + - '*' + verbs: + - '*' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: fleet-controller-bootstrap +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: fleet-controller-bootstrap +subjects: +- kind: ServiceAccount + name: fleet-controller-bootstrap + namespace: {{.Release.Namespace}} diff --git a/charts/fleet/100.1.0+up0.4.0/templates/serviceaccount.yaml b/charts/fleet/100.1.0+up0.4.0/templates/serviceaccount.yaml new file mode 100644 index 000000000..bd99d9958 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/templates/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: fleet-controller-bootstrap diff --git a/charts/fleet/100.1.0+up0.4.0/values.yaml b/charts/fleet/100.1.0+up0.4.0/values.yaml new file mode 100644 index 000000000..558ea4383 --- /dev/null +++ b/charts/fleet/100.1.0+up0.4.0/values.yaml @@ -0,0 +1,60 @@ +image: + repository: rancher/fleet + tag: v0.4.0 + imagePullPolicy: IfNotPresent + +agentImage: + repository: rancher/fleet-agent + tag: v0.4.0 + imagePullPolicy: IfNotPresent + +# For cluster registration the public URL of the Kubernetes API server must be set here +# Example: https://example.com:6443 +apiServerURL: "" + +# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here +# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA. +apiServerCA: "" + +# A duration string for how often agents should report a heartbeat +agentCheckinInterval: "15m" + +# Whether you want to allow cluster upon registration to specify their labels. +ignoreClusterRegistrationLabels: false + +# http[s] proxy server +# proxy: http://@:: + +# comma separated list of domains or ip addresses that will not use the proxy +noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local + +bootstrap: + # The namespace that will be autocreated and the local cluster will be registered in + namespace: fleet-local + # The namespace where the fleet agent for the local cluster will be ran, if empty + # this will default to cattle-fleet-system + agentNamespace: "" + # A repo to add at install time that will deploy to the local cluster. This allows + # one to fully bootstrap fleet, it's configuration and all it's downstream clusters + # in one shot. + repo: "" + secret: "" + branch: master + paths: "" + +global: + cattle: + systemDefaultRegistry: "" + +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +gitops: + enabled: true + +debug: false +debugLevel: 0 diff --git a/index.yaml b/index.yaml index 1eb845c1a..59af01072 100755 --- a/index.yaml +++ b/index.yaml @@ -91,6 +91,32 @@ entries: urls: - assets/fleet/fleet-101.0.0+up0.5.0-rc4.tgz version: 101.0.0+up0.5.0-rc4 + - annotations: + catalog.cattle.io/auto-install: fleet-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/experimental: "true" + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.25.0-0' + catalog.cattle.io/namespace: cattle-fleet-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1 + catalog.cattle.io/rancher-version: '>= 2.6.0-0 < 2.7.0-0' + catalog.cattle.io/release-name: fleet + apiVersion: v2 + appVersion: 0.4.0 + created: "2022-11-09T23:44:14.07447-08:00" + dependencies: + - condition: gitops.enabled + name: gitjob + repository: file://./charts/gitjob + description: Fleet Manager - GitOps at Scale + digest: 424cf4f0fb718d547d2488de877fe82ba8d3fa11fdfe4e4f2ee8fa9f4c5ad1d1 + icon: https://charts.rancher.io/assets/logos/fleet.svg + name: fleet + urls: + - assets/fleet/fleet-100.1.0+up0.4.0.tgz + version: 100.1.0+up0.4.0 - annotations: catalog.cattle.io/auto-install: fleet-crd=match catalog.cattle.io/certified: rancher diff --git a/release.yaml b/release.yaml index 18b6b784c..b8bce42bb 100644 --- a/release.yaml +++ b/release.yaml @@ -4,6 +4,7 @@ epinio-crd: - 100.0.0+up1.2.1 fleet: - 101.0.0+up0.5.0-rc4 + - 100.1.0+up0.4.0 fleet-agent: - 101.0.0+up0.5.0-rc4 fleet-crd: