andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

(dev-v2.6-archive) Merge pull request #1195 from thedadams/add-gke-operator 

(partially cherry picked from commit 9f439d72ae)
pull/1680/head
Donnie Adams 2021-05-26 09:06:11 -07:00 committed by Arvind Iyengar
parent ed7f77d9af
commit 91cf674a50
No known key found for this signature in database
GPG Key ID: A8DD9BFD6C811498
14 changed files with 230 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
packages/rancher-cis-benchmark/charts/Chart.yaml
View File

@ -1,8 +1,8 @@
apiVersion: v1
appVersion: v1.0.4
appVersion: v1.0.5
description: The cis-operator enables running CIS benchmark security scans on a kubernetes cluster
name: rancher-cis-benchmark
version: 1.0.4
version: 1.0.5
icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
keywords:
- security

2
packages/rancher-cis-benchmark/charts/values.yaml
View File

@ -5,7 +5,7 @@
image:
cisoperator:
repository: rancher/cis-operator
tag: v1.0.4
tag: v1.0.5-rc1
securityScan:
repository: rancher/security-scan
tag: v0.2.3

2
packages/rancher-cis-benchmark/templates/crd-template/Chart.yaml
View File

@ -1,5 +1,5 @@
apiVersion: v1
version: 1.0.4
version: 1.0.5
description: Installs the CRDs for rancher-cis-benchmark.
name: rancher-cis-benchmark-crd
type: application

12
packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch
View File

@ -1,12 +0,0 @@
--- charts-original/Chart.yaml
+++ charts/Chart.yaml
@@ -5,7 +5,7 @@
catalog.cattle.io/os: linux
catalog.cattle.io/release-name: rancher-eks-operator-crd
apiVersion: v2
-appVersion: 2.0.1-rc1
+appVersion: 2.0.1
description: EKS Operator CustomResourceDefinitions
name: rancher-eks-operator-crd
-version: 2.0.1-rc1
+version: 2.0.1

2
packages/rancher-eks-operator-crd/package.yaml
View File

@ -1,2 +1,2 @@
url: https://github.com/rancher/eks-operator/releases/download/v2.0.1-rc1/rancher-eks-operator-crd-2.0.1-rc1.tgz
url: https://github.com/rancher/eks-operator/releases/download/v1.1.1-rc1/rancher-eks-operator-crd-1.1.1-rc1.tgz
packageVersion: 0

15
packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch
View File

@ -1,15 +0,0 @@
--- charts-original/Chart.yaml
+++ charts/Chart.yaml
@@ -9,10 +9,10 @@
catalog.cattle.io/release-name: rancher-eks-operator
catalog.cattle.io/scope: management
apiVersion: v2
-appVersion: 2.0.1-rc1
+appVersion: 2.0.1
description: A Helm chart for provisioning EKS clusters
home: https://github.com/rancher/eks-operator
name: rancher-eks-operator
sources:
- https://github.com/rancher/eks-operator
-version: 2.0.1-rc1
+version: 2.0.1

2
packages/rancher-eks-operator/package.yaml
View File

@ -1,2 +1,2 @@
url: https://github.com/rancher/eks-operator/releases/download/v2.0.1-rc1/rancher-eks-operator-2.0.1-rc1.tgz
url: https://github.com/rancher/eks-operator/releases/download/v1.1.1-rc1/rancher-eks-operator-1.1.1-rc1.tgz
packageVersion: 0

18
packages/rancher-grafana/generated-changes/patch/templates/pvc.yaml.patch Normal file
View File

@ -0,0 +1,18 @@
--- charts-original/templates/pvc.yaml
+++ charts/templates/pvc.yaml
@@ -16,12 +16,14 @@
{{- end }}
spec:
accessModes:
+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }}
+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }}
{{- range .Values.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
- storage: {{ .Values.persistence.size | quote }}
+ storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClassName }}
storageClassName: {{ .Values.persistence.storageClassName }}
{{- end -}}

17
packages/rancher-grafana/generated-changes/patch/templates/statefulset.yaml.patch Normal file
View File

@ -0,0 +1,17 @@
--- charts-original/templates/statefulset.yaml
+++ charts/templates/statefulset.yaml
@@ -39,11 +39,13 @@
- metadata:
name: storage
spec:
+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" .Values.persistence.accessModes }}
+{{- $_ := required "Must provide at least one access mode for persistent volumes used by Grafana" (first .Values.persistence.accessModes) }}
accessModes: {{ .Values.persistence.accessModes }}
storageClassName: {{ .Values.persistence.storageClassName }}
resources:
requests:
- storage: {{ .Values.persistence.size }}
+ storage: {{ required "Must provide size for persistent volumes used by Grafana" .Values.persistence.size }}
{{- with .Values.persistence.selectorLabels }}
selector:
matchLabels:

2
packages/rancher-grafana/package.yaml
View File

@ -1,4 +1,4 @@
url: https://github.com/grafana/helm-charts.git
subdirectory: charts/grafana
commit: 837b4ace32278eee14310f1d654d651d0898bb19
packageVersion: 1
packageVersion: 2

98
packages/rancher-logging/generated-changes/overlay/templates/loggings/kube-audit/logging.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- if .Values.additionalLoggingSources.kubeAudit.enabled }}
apiVersion: logging.banzaicloud.io/v1beta1
kind: Logging
metadata:
name: {{ .Release.Name }}-kube-audit
namespace: {{ .Release.Namespace }}
labels:
{{ include "logging-operator.labels" . | indent 4 }}
spec:
controlNamespace: {{ .Release.Namespace }}
{{- if .Values.additionalLoggingSources.kubeAudit.loggingRef }}
loggingRef: {{ .Values.additionalLoggingSources.kubeAudit.loggingRef }}
{{- end }}
fluentbit:
disableKubernetesFilter: true
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }}
tag: {{ .Values.images.fluentbit.tag }}
inputTail:
Tag: {{ .Values.additionalLoggingSources.kubeAudit.fluentbit.logTag }}
Path: /kube-audit-logs/{{ template "kubeAuditFilename" . }}
Parser: json
{{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }}
Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Buffer_Max_Size }}
Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }}
Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Multiline_Flush }}
Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }}
{{- end }}
{{- if .Values.fluentbit.inputTail.Skip_Long_Lines }}
Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }}
{{- end }}
extraVolumeMounts:
- source: {{ template "kubeAuditPathPrefix" . }}
destination: "/kube-audit-logs"
readOnly: true
{{- if not .Values.disablePvc }}
{{- with .Values.fluentbit.bufferStorage }}
bufferStorage: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentbit.bufferStorageVolume }}
bufferStorageVolume: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with (concat (.Values.tolerations) (.Values.additionalLoggingSources.kubeAudit.fluentbit.tolerations)) }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
nodeSelector:
{{- include "controlplaneSelector" . | nindent 6 }}
{{- with .Values.fluentbit.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
fluentd:
image:
repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }}
tag: {{ .Values.images.fluentd.tag }}
configReloaderImage:
repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }}
tag: {{ .Values.images.config_reloader.tag }}
{{- if not .Values.disablePvc }}
{{- with .Values.fluentd.bufferStorageVolume }}
bufferStorageVolume: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
disablePvc: {{ .Values.disablePvc }}
{{- if .Values.fluentd.replicas }}
scaling:
replicas: {{ .Values.fluentd.replicas }}
{{- end }}
{{- if .Values.global.psp.enabled }}
security:
podSecurityPolicyCreate: true
roleBasedAccessControlCreate: true
{{- end }}
{{- with (default .Values.tolerations .Values.fluentd.tolerations) }}
tolerations: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.resources }}
resources: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.fluentd.livenessProbe }}
livenessProbe: {{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}

38
packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch
View File

@ -1,6 +1,6 @@
--- charts-original/templates/_helpers.tpl
+++ charts/templates/_helpers.tpl
@@ -56,3 +56,33 @@
@@ -56,3 +56,68 @@
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
@ -34,3 +34,39 @@
+{{- define "windowsInputTailMount" -}}
+{{- (include "windowsPathPrefix" .) | replace "C:" "" -}}
+{{- end -}}
+
+{{/*
+Set the controlplane selector based on kubernetes distribution
+*/}}
+{{- define "controlplaneSelector" -}}
+{{- $master := or .Values.additionalLoggingSources.rke2.enabled .Values.additionalLoggingSources.k3s.enabled -}}
+{{- $defaultSelector := $master | ternary (dict "node-role.kubernetes.io/master" "true") (dict "node-role.kubernetes.io/controlplane" "true") -}}
+{{ default $defaultSelector .Values.additionalLoggingSources.kubeAudit.nodeSelector | toYaml }}
+{{- end -}}
+
+{{/*
+Set kube-audit file path prefix based on distribution
+*/}}
+{{- define "kubeAuditPathPrefix" -}}
+{{- if .Values.additionalLoggingSources.rke.enabled -}}
+{{ default "/var/log/kube-audit" .Values.additionalLoggingSources.kubeAudit.pathPrefix }}
+{{- else if .Values.additionalLoggingSources.rke2.enabled -}}
+{{ default "/var/lib/rancher/rke2/server/logs" .Values.additionalLoggingSources.kubeAudit.pathPrefix }}
+{{- else -}}
+{{ required "Directory PathPrefix of the kube-audit location is required" .Values.additionalLoggingSources.kubeAudit.pathPrefix }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set kube-audit file name based on distribution
+*/}}
+{{- define "kubeAuditFilename" -}}
+{{- if .Values.additionalLoggingSources.rke.enabled -}}
+{{ default "audit-log.json" .Values.additionalLoggingSources.kubeAudit.auditFilename }}
+{{- else if .Values.additionalLoggingSources.rke2.enabled -}}
+{{ default "audit.log" .Values.additionalLoggingSources.kubeAudit.auditFilename }}
+{{- else -}}
+{{ required "Filename of the kube-audit log is required" .Values.additionalLoggingSources.kubeAudit.auditFilename }}
+{{- end -}}
+{{- end -}}
\ No newline at end of file

15
packages/rancher-logging/generated-changes/patch/values.yaml.patch
View File

@ -36,7 +36,7 @@
rbac:
enabled: true
psp:
@@ -85,3 +93,94 @@
@@ -85,3 +93,107 @@
additionalLabels: {}
metricRelabelings: []
relabelings: []
@ -62,6 +62,19 @@
+ enabled: false
+ gke:
+ enabled: false
+ kubeAudit:
+ auditFilename: ""
+ enabled: false
+ pathPrefix: ""
+ fluentbit:
+ logTag: kube-audit
+ tolerations:
+ - key: node-role.kubernetes.io/controlplane
+ value: "true"
+ effect: NoSchedule
+ - key: node-role.kubernetes.io/etcd
+ value: "true"
+ effect: NoExecute
+
+images:
+ config_reloader:

77
packages/rancher-monitoring/generated-changes/patch/values.yaml.patch
View File

@ -1,6 +1,6 @@
--- charts-original/values.yaml
+++ charts/values.yaml
@@ -2,13 +2,278 @@
@@ -2,13 +2,279 @@
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
@ -225,9 +225,10 @@
+ nodeSelector:
+ node-role.kubernetes.io/etcd: "true"
+ tolerations:
+ - effect: "NoExecute"
+ operator: "Exists"
+ - effect: "NoSchedule"
+ key: node-role.kubernetes.io/master
+ operator: "Equal"
+ operator: "Exists"
+
+## Component scraping nginx-ingress-controller
+##
@ -281,7 +282,7 @@
## Provide a k8s version to auto dashboard import script example: kubeTargetVersionOverride: 1.16.6
##
@@ -89,8 +354,32 @@
@@ -89,8 +355,32 @@
##
global:
@ -314,7 +315,7 @@
pspEnabled: true
pspAnnotations: {}
## Specify pod annotations
@@ -143,6 +432,22 @@
@@ -143,6 +433,22 @@
## ref: https://prometheus.io/docs/alerting/configuration/#configuration-file
## https://prometheus.io/webtools/alerting/routing-tree-editor/
##
@ -337,7 +338,7 @@
config:
global:
resolve_timeout: 5m
@@ -179,25 +484,76 @@
@@ -179,25 +485,76 @@
## ref: https://prometheus.io/docs/alerting/notifications/
## https://prometheus.io/docs/alerting/notification_examples/
##
@ -433,7 +434,7 @@
ingress:
enabled: false
@@ -235,6 +591,25 @@
@@ -235,6 +592,25 @@
## Configuration for Alertmanager secret
##
secret:
@ -459,7 +460,7 @@
annotations: {}
## Configuration for creating an Ingress that will map to each Alertmanager replica service
@@ -352,7 +727,7 @@
@@ -352,7 +728,7 @@
## Of type: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#tlsconfig
tlsConfig: {}
@ -468,7 +469,7 @@
## metric relabel configs to apply to samples before ingestion.
##
@@ -383,7 +758,7 @@
@@ -383,7 +759,7 @@
## Image of Alertmanager
##
image:
@ -477,7 +478,7 @@
tag: v0.21.0
sha: ""
@@ -495,9 +870,13 @@
@@ -495,9 +871,13 @@
## Define resources requests and limits for single Pods.
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
##
@ -494,7 +495,7 @@
## Pod anti-affinity can prevent the scheduler from placing Prometheus replicas on the same node.
## The default value "soft" means that the scheduler should *prefer* to not schedule two replica pods onto the same node but no guarantee is provided.
@@ -601,10 +980,46 @@
@@ -601,10 +981,46 @@
enabled: true
namespaceOverride: ""
@ -541,7 +542,7 @@
adminPassword: prom-operator
ingress:
@@ -644,6 +1059,7 @@
@@ -644,6 +1060,7 @@
dashboards:
enabled: true
label: grafana_dashboard
@ -549,7 +550,7 @@
## Annotations for Grafana dashboard configmaps
##
@@ -692,7 +1108,60 @@
@@ -692,7 +1109,60 @@
## Passed to grafana subchart and used by servicemonitor below
##
service:
@ -572,7 +573,7 @@
+ proxy:
+ image:
+ repository: rancher/mirrored-library-nginx
+ tag: 1.19.2-alpine
+ tag: 1.19.9-alpine
+
+ ## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod
+ extraContainers: |
@ -611,7 +612,7 @@
## If true, create a serviceMonitor for grafana
##
@@ -722,6 +1191,14 @@
@@ -722,6 +1192,14 @@
# targetLabel: nodename
# replacement: $1
# action: replace
@ -626,7 +627,7 @@
## Component scraping the kube api server
##
@@ -879,7 +1356,7 @@
@@ -879,7 +1357,7 @@
## Component scraping the kube controller manager
##
kubeControllerManager:
@ -635,7 +636,7 @@
## If your kube controller manager is not deployed as a pod, specify IPs it can be found on
##
@@ -1014,7 +1491,7 @@
@@ -1014,7 +1492,7 @@
## Component scraping etcd
##
kubeEtcd:
@ -644,7 +645,7 @@
## If your etcd is not deployed as a pod, specify IPs it can be found on
##
@@ -1076,7 +1553,7 @@
@@ -1076,7 +1554,7 @@
## Component scraping kube scheduler
##
kubeScheduler:
@ -653,7 +654,7 @@
## If your kube scheduler is not deployed as a pod, specify IPs it can be found on
##
@@ -1131,7 +1608,7 @@
@@ -1131,7 +1609,7 @@
## Component scraping kube proxy
##
kubeProxy:
@ -662,7 +663,7 @@
## If your kube proxy is not deployed as a pod, specify IPs it can be found on
##
@@ -1210,6 +1687,13 @@
@@ -1210,6 +1688,13 @@
create: true
podSecurityPolicy:
enabled: true
@ -676,7 +677,7 @@
## Deploy node exporter as a daemonset to all nodes
##
@@ -1259,6 +1743,16 @@
@@ -1259,6 +1744,16 @@
extraArgs:
- --collector.filesystem.ignored-mount-points=^/(dev|proc|sys|var/lib/docker/.+|var/lib/kubelet/.+)($|/)
- --collector.filesystem.ignored-fs-types=^(autofs|binfmt_misc|bpf|cgroup2?|configfs|debugfs|devpts|devtmpfs|fusectl|hugetlbfs|iso9660|mqueue|nsfs|overlay|proc|procfs|pstore|rpc_pipefs|securityfs|selinuxfs|squashfs|sysfs|tracefs)$
@ -693,7 +694,7 @@
## Manages Prometheus and Alertmanager components
##
@@ -1271,8 +1765,8 @@
@@ -1271,8 +1766,8 @@
enabled: true
# Value must match version names from https://golang.org/pkg/crypto/tls/#pkg-constants
tlsMinVersion: VersionTLS13
@ -704,7 +705,7 @@
## Admission webhook support for PrometheusRules resources added in Prometheus Operator 0.30 can be enabled to prevent incorrectly formatted
## rules from making their way into prometheus and potentially preventing the container from starting
@@ -1289,7 +1783,7 @@
@@ -1289,7 +1784,7 @@
patch:
enabled: true
image:
@ -713,7 +714,7 @@
tag: v1.5.0
sha: ""
pullPolicy: IfNotPresent
@@ -1428,13 +1922,13 @@
@@ -1428,13 +1923,13 @@
## Resource limits & requests
##
@ -734,7 +735,7 @@
# Required for use in managed kubernetes clusters (such as AWS EKS) with custom CNI (such as calico),
# because control-plane managed by AWS cannot communicate with pods' IP CIDR and admission webhooks are not working
@@ -1487,7 +1981,7 @@
@@ -1487,7 +1982,7 @@
## Prometheus-operator image
##
image:
@ -743,7 +744,7 @@
tag: v0.46.0
sha: ""
pullPolicy: IfNotPresent
@@ -1503,7 +1997,7 @@
@@ -1503,7 +1998,7 @@
## Prometheus-config-reloader image to use for config and rule reloading
##
prometheusConfigReloaderImage:
@ -752,7 +753,7 @@
tag: v0.46.0
sha: ""
@@ -1558,6 +2052,14 @@
@@ -1558,6 +2053,14 @@
##
nodePort: 30901
@ -767,7 +768,7 @@
## Configuration for Prometheus service
##
service:
@@ -1570,7 +2072,7 @@
@@ -1570,7 +2073,7 @@
port: 9090
## To be used with a proxy extraContainer port
@ -776,7 +777,7 @@
## List of IP addresses at which the Prometheus server service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
@@ -1822,7 +2324,7 @@
@@ -1822,7 +2325,7 @@
## Image of Prometheus.
##
image:
@ -785,7 +786,7 @@
tag: v2.24.0
sha: ""
@@ -1885,6 +2387,11 @@
@@ -1885,6 +2388,11 @@
##
externalUrl: ""
@ -797,7 +798,7 @@
## Define which Nodes the Pods are scheduled on.
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
@@ -1917,7 +2424,7 @@
@@ -1917,7 +2425,7 @@
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the PrometheusRule resources created
##
@ -806,7 +807,7 @@
## PrometheusRules to be selected for target discovery.
## If {}, select all PrometheusRules
@@ -1942,7 +2449,7 @@
@@ -1942,7 +2450,7 @@
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the servicemonitors created
##
@ -815,7 +816,7 @@
## ServiceMonitors to be selected for target discovery.
## If {}, select all ServiceMonitors
@@ -1965,7 +2472,7 @@
@@ -1965,7 +2473,7 @@
## prometheus resource to be created with selectors based on values in the helm deployment,
## which will also match the podmonitors created
##
@ -824,7 +825,7 @@
## PodMonitors to be selected for target discovery.
## If {}, select all PodMonitors
@@ -2092,9 +2599,13 @@
@@ -2092,9 +2600,13 @@
## Resource limits & requests
##
@ -841,7 +842,7 @@
## Prometheus StorageSpec for persistent data
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/storage.md
@@ -2117,7 +2628,13 @@
@@ -2117,7 +2629,13 @@
# medium: Memory
# Additional volumes on the output StatefulSet definition.
@ -856,14 +857,14 @@
# Additional VolumeMounts on the output StatefulSet definition.
volumeMounts: []
@@ -2224,9 +2741,34 @@
@@ -2224,9 +2742,34 @@
##
thanos: {}
+ proxy:
+ image:
+ repository: rancher/mirrored-library-nginx
+ tag: 1.19.2-alpine
+ tag: 1.19.9-alpine
+
## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod.
## if using proxy extraContainer update targetPort with proxy container port
@ -892,7 +893,7 @@
## InitContainers allows injecting additional initContainers. This is meant to allow doing some changes
## (permissions, dir tree) on mounted volumes before starting prometheus
@@ -2234,7 +2776,7 @@
@@ -2234,7 +2777,7 @@
## PortName to use for Prometheus.
##