andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[release-v2.8] OOB release for rancher-provisioning-capi (#3700) 

Signed-off-by: Chris Kim <oats87g@gmail.com>
Co-authored-by: Chris Kim <30601846+Oats87@users.noreply.github.com>
pull/3706/head
Lucas Machado 2024-03-27 11:46:39 -03:00 committed by GitHub
parent 32669852a0
commit 8e614e5354
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 727 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-provisioning-capi/rancher-provisioning-capi-103.2.0+up0.0.1.tgz Normal file
View File

Binary file not shown.

22
charts/rancher-provisioning-capi/103.2.0+up0.0.1/Chart.yaml Normal file
View File

@ -0,0 +1,22 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
catalog.cattle.io/hidden: "true"
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/namespace: cattle-provisioning-capi-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: apps.deployment/v1
catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
catalog.cattle.io/release-name: rancher-provisioning-capi
apiVersion: v1
appVersion: 1.4.4
description: capi-controller-manager compatible with Rancher Provisioning
home: https://github.com/rancher/provisioning/blob/main/charts/capi/
maintainers:
- email: chris.kim@suse.com
name: Chris Kim
name: rancher-provisioning-capi
sources:
- https://github.com/rancher/provisioning/blob/main/charts/capi/
version: 103.2.0+up0.0.1

2
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/NOTES.txt Normal file
View File

@ -0,0 +1,2 @@
{{ $.Chart.Name }} has been installed. Check its status by running:
kubectl --namespace {{ .Release.Namespace }} get pods"

18
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,18 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
kubernetes.io/os: linux
{{- end -}}

11
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/clusterrole-capi-aggregated-manager-role.yaml Normal file
View File

@ -0,0 +1,11 @@
aggregationRule:
clusterRoleSelectors:
- matchLabels:
cluster.x-k8s.io/aggregate-to-manager: "true"
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-aggregated-manager-role
rules: []

323
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/clusterrole-capi-manager-role.yaml Normal file
View File

@ -0,0 +1,323 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
cluster.x-k8s.io/provider: cluster-api
name: capi-manager-role
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- addons.cluster.x-k8s.io
resources:
- clusterresourcesets/finalizers
- clusterresourcesets/status
verbs:
- get
- patch
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
- controlplane.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- bootstrap.cluster.x-k8s.io
- infrastructure.cluster.x-k8s.io
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusterclasses
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusterclasses
- clusterclasses/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/finalizers
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- clusters
- clusters/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinedeployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinedeployments
- machinedeployments/finalizers
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinedeployments
- machinedeployments/finalizers
- machinedeployments/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinehealthchecks
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinehealthchecks
- machinehealthchecks/finalizers
- machinehealthchecks/status
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinepools
- machinepools/finalizers
- machinepools/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/finalizers
- machines/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machines
- machines/status
verbs:
- delete
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinesets
verbs:
- get
- list
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinesets
- machinesets/finalizers
verbs:
- get
- list
- patch
- update
- watch
- apiGroups:
- cluster.x-k8s.io
resources:
- machinesets
- machinesets/finalizers
- machinesets/status
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- patch
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- delete
- get
- list
- patch
- watch
- apiGroups:
- ipam.cluster.x-k8s.io
resources:
- ipaddressclaims
verbs:
- get
- list
- watch
- apiGroups:
- runtime.cluster.x-k8s.io
resources:
- extensionconfigs
- extensionconfigs/status
verbs:
- get
- list
- patch
- update
- watch

21
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/clusterrole-cattle.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: provisioning-rke-cattle-io
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
rules:
- apiGroups: ["rke.cattle.io"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: provisioning-rke-machine-cattle-io
labels:
cluster.x-k8s.io/aggregate-to-manager: "true"
rules:
- apiGroups: ["rke-machine.cattle.io"]
resources: ["*"]
verbs: ["*"]

14
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/clusterrolebinding-capi-manager-rolebinding.yaml Normal file
View File

@ -0,0 +1,14 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: capi-aggregated-manager-role
subjects:
- kind: ServiceAccount
name: capi-manager
namespace: "{{ .Release.Namespace }}"

106
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/deployment-capi-controller-manager.yaml Normal file
View File

@ -0,0 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
name: capi-controller-manager
namespace: "{{ .Release.Namespace }}"
spec:
replicas: 1
selector:
matchLabels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
template:
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
control-plane: controller-manager
spec:
containers:
- command:
- /manager
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
{{- if .Values.extraEnv }}
{{ toYaml .Values.extraEnv | indent 12 }}
{{- end }}
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
livenessProbe:
httpGet:
path: /healthz
port: healthz
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
- containerPort: 9440
name: healthz
protocol: TCP
readinessProbe:
httpGet:
path: /readyz
port: healthz
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
runAsGroup: 65532
runAsUser: 65532
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
args:
- --leader-elect
{{ toYaml .Values.args | indent 12 }}
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
serviceAccountName: capi-manager
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
secretName: capi-webhook-service-cert
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 6 }}
{{- else }}
- effect: NoSchedule
key: node-role.kubernetes.io/controlplane
value: "true"
- effect: NoSchedule
key: "node-role.kubernetes.io/control-plane"
operator: "Exists"
- effect: NoSchedule
key: "node-role.kubernetes.io/master"
operator: "Exists"
- effect: "NoExecute"
key: "node-role.kubernetes.io/etcd"
operator: "Exists"
{{- end }}
{{- if .Values.priorityClassName }}
priorityClassName: "{{.Values.priorityClassName}}"
{{- end }}

81
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/hardened.yaml Normal file
View File

@ -0,0 +1,81 @@
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-provisioning-capi-patch-sa
namespace: {{ .Release.Namespace }}
labels:
app: rancher-provisioning-capi-patch-sa
annotations:
"helm.sh/hook": post-install, post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
spec:
template:
metadata:
name: rancher-provisioning-capi-patch-sa
labels:
app: rancher-provisioning-capi-patch-sa
spec:
serviceAccountName: rancher-provisioning-capi-patch-sa
securityContext:
runAsNonRoot: true
runAsUser: 1000
restartPolicy: Never
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
containers:
- name: patch-sa-{{ .Release.Namespace }}
image: {{ template "system_default_registry" $ }}{{ $.Values.global.kubectl.repository }}:{{ $.Values.global.kubectl.tag }}
imagePullPolicy: {{ $.Values.global.kubectl.pullPolicy }}
command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
args: ["-n", "{{ .Release.Namespace }}"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: rancher-provisioning-capi-patch-sa
labels:
app: rancher-provisioning-capi-patch-sa
rules:
- apiGroups:
- ""
resources:
- serviceaccounts
verbs: ['get', 'patch']
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rancher-provisioning-capi-patch-sa
labels:
app: rancher-provisioning-capi-patch-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-provisioning-capi-patch-sa
subjects:
- kind: ServiceAccount
name: rancher-provisioning-capi-patch-sa
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-provisioning-capi-patch-sa
namespace: {{ .Release.Namespace }}
labels:
app: rancher-provisioning-capi-patch-sa
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: default-allow-all
namespace: {{ .Release.Namespace }}
spec:
podSelector: {}
ingress:
- {}
egress:
- {}
policyTypes:
- Ingress
- Egress

26
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/role-capi-leader-election-role.yaml Normal file
View File

@ -0,0 +1,26 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-leader-election-role
namespace: "{{ .Release.Namespace }}"
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete

15
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/rolebinding-capi-leader-election-rolebinding.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-leader-election-rolebinding
namespace: "{{ .Release.Namespace }}"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: capi-leader-election-role
subjects:
- kind: ServiceAccount
name: capi-manager
namespace: "{{ .Release.Namespace }}"

15
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/service-capi-webhook-service.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v1
kind: Service
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-webhook-service
namespace: "{{ .Release.Namespace }}"
annotations:
need-a-cert.cattle.io/secret-name: capi-webhook-service-cert
spec:
ports:
- port: 443
targetPort: webhook-server
selector:
cluster.x-k8s.io/provider: cluster-api

7
charts/rancher-provisioning-capi/103.2.0+up0.0.1/templates/serviceaccount-capi-manager.yaml Normal file
View File

@ -0,0 +1,7 @@
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
cluster.x-k8s.io/provider: cluster-api
name: capi-manager
namespace: "{{ .Release.Namespace }}"

25
charts/rancher-provisioning-capi/103.2.0+up0.0.1/values.yaml Normal file
View File

@ -0,0 +1,25 @@
image:
repository: rancher/mirrored-cluster-api-controller
tag: v1.4.4
imagePullPolicy: IfNotPresent
global:
cattle:
systemDefaultRegistry: ""
kubectl:
repository: rancher/kubectl
tag: v1.20.2
pullPolicy: IfNotPresent
# tolerations for the capi-controller-manager deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
tolerations: []
nodeSelector: {}
## PriorityClassName assigned to deployment.
priorityClassName: ""
extraEnv: []
args:
- "--metrics-bind-addr=localhost:8080"
- "--feature-gates=MachinePool=false,ClusterResourceSet=false,ClusterTopology=false,RuntimeSDK=false,LazyRestmapper=false"

26
index.yaml
View File

@ -17207,6 +17207,32 @@ entries:
- assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz - assets/rancher-prometheus-adapter/rancher-prometheus-adapter-2.12.101.tgz
version: 2.12.101 version: 2.12.101
rancher-provisioning-capi: rancher-provisioning-capi:
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager
catalog.cattle.io/hidden: "true"
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/namespace: cattle-provisioning-capi-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: apps.deployment/v1
catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
catalog.cattle.io/release-name: rancher-provisioning-capi
apiVersion: v1
appVersion: 1.4.4
created: "2024-03-26T17:44:31.678364377Z"
description: capi-controller-manager compatible with Rancher Provisioning
digest: 8059bfb640ef0326a2fc05641202e968fd16e14fe8e17bbda9d66659293d3c93
home: https://github.com/rancher/provisioning/blob/main/charts/capi/
maintainers:
- email: chris.kim@suse.com
name: Chris Kim
name: rancher-provisioning-capi
sources:
- https://github.com/rancher/provisioning/blob/main/charts/capi/
urls:
- assets/rancher-provisioning-capi/rancher-provisioning-capi-103.2.0+up0.0.1.tgz
version: 103.2.0+up0.0.1
- annotations: - annotations:
catalog.cattle.io/certified: rancher catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager catalog.cattle.io/display-name: Rancher Provisioning CAPI Controller Manager

11
packages/rancher-provisioning-capi/generated-changes/patch/Chart.yaml.patch Normal file
View File

@ -0,0 +1,11 @@
--- charts-original/Chart.yaml
+++ charts/Chart.yaml
@@ -7,7 +7,7 @@
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/provides-gvr: apps.deployment/v1
- catalog.cattle.io/rancher-version: '>= 2.7.0-0'
+ catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
catalog.cattle.io/release-name: rancher-provisioning-capi
apiVersion: v1
appVersion: 1.4.4

4
packages/rancher-provisioning-capi/package.yaml
View File

@ -1,5 +1,5 @@
url: https://github.com/rancher/provisioning.git url: https://github.com/rancher/provisioning.git
commit: 778075c49a0ae18f04b2c84a7ac461bf42973c19 commit: ddba2c23cd70016f002448fd801d96aa9375782e
subdirectory: charts/capi subdirectory: charts/capi
version: 103.1.0 version: 103.2.0

14
release.yaml
View File

@ -1,12 +1,2 @@
rancher-csp-adapter: rancher-provisioning-capi:
- 103.0.1+up3.0.1 - 103.2.0+up0.0.1
rancher-istio:
- 103.2.0+up1.20.3
ui-plugin-operator:
- 103.0.2+up0.2.1
ui-plugin-operator-crd:
- 103.0.2+up0.2.1
harvester-cloud-provider:
- 103.0.1+up0.2.3
harvester-csi-driver:
- 103.0.1+up0.1.17