diff --git a/assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz b/assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz new file mode 100644 index 000000000..1bb4960f8 Binary files /dev/null and b/assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz differ diff --git a/charts/rancher-csp-adapter/1.0.1/Chart.yaml b/charts/rancher-csp-adapter/1.0.1/Chart.yaml new file mode 100644 index 000000000..24ac00b3a --- /dev/null +++ b/charts/rancher-csp-adapter/1.0.1/Chart.yaml @@ -0,0 +1,17 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher CSP Adapter + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.22.0-0 < 1.25.0-0' + catalog.cattle.io/namespace: cattle-csp-adapter-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.6.6-0 < 2.7.0-0' + catalog.cattle.io/release-name: rancher-csp-adapter + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.0.1 +description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors Rancher + entitlements against usage. +name: rancher-csp-adapter +version: 1.0.1 diff --git a/charts/rancher-csp-adapter/1.0.1/templates/_helpers.tpl b/charts/rancher-csp-adapter/1.0.1/templates/_helpers.tpl new file mode 100644 index 000000000..17310f598 --- /dev/null +++ b/charts/rancher-csp-adapter/1.0.1/templates/_helpers.tpl @@ -0,0 +1,57 @@ +{{- define "csp-adapter.labels" -}} +app: rancher-csp-adapter +{{- end }} + +{{- define "csp-adapter.outputConfigMap" -}} +csp-config +{{- end }} + +{{- define "csp-adapter.outputNotification" -}} +csp-compliance +{{- end }} + +{{- define "csp-adapter.cacheSecret" -}} +csp-adapter-cache +{{- end }} + +{{- define "csp-adapter.hostnameSetting" -}} +server-url +{{- end }} + +{{- define "csp-adapter.versionSetting" -}} +server-version +{{- end }} + +{{- define "csp-adapter.csp" -}} +{{- if .Values.aws -}} + {{- if .Values.aws.enabled -}} +aws + {{- end -}} +{{- else -}} +"" +{{- end -}} +{{- end }} + +{{- define "csp-adapter.awsValuesSet" -}} +{{- if .Values.aws -}} + {{- if and .Values.aws.accountNumber .Values.aws.roleName -}} + true + {{- else -}} + false + {{- end -}} +{{- else -}} +false +{{- end -}} +{{- end }} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} + {{- if eq (include "csp-adapter.csp" .) "aws" -}} + {{- "709825985650.dkr.ecr.us-east-1.amazonaws.com/suse/" -}} + {{- else -}} + {{- "" -}} + {{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/rancher-csp-adapter/1.0.1/templates/deployment.yaml b/charts/rancher-csp-adapter/1.0.1/templates/deployment.yaml new file mode 100644 index 000000000..f3e29628a --- /dev/null +++ b/charts/rancher-csp-adapter/1.0.1/templates/deployment.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system +spec: + selector: + matchLabels: + app: {{ .Chart.Name }} + template: + metadata: + labels: + app: {{ .Chart.Name }} + spec: + containers: + - env: + - name: CATTLE_DEBUG + value: {{ .Values.debug | quote }} + - name: K8S_OUTPUT_CONFIGMAP + value: '{{ template "csp-adapter.outputConfigMap" }}' + - name: K8S_OUTPUT_NOTIFICATION + value: '{{ template "csp-adapter.outputNotification" }}' + - name: K8S_CACHE_SECRET + value: '{{ template "csp-adapter.cacheSecret" }}' + - name: K8S_HOSTNAME_SETTING + value: '{{ template "csp-adapter.hostnameSetting" }}' + - name: K8S_RANCHER_VERSION_SETTING + value: '{{ template "csp-adapter.versionSetting" }}' + image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' + name: {{ .Chart.Name }} + imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" +{{- if .Values.additionalTrustedCAs }} + volumeMounts: + - mountPath: /etc/ssl/certs/rancher-cert.pem + name: tls-ca-volume + subPath: ca-additional.pem + readOnly: true +{{- end }} + serviceAccountName: {{ .Chart.Name }} +{{- if .Values.additionalTrustedCAs }} + volumes: + - name: tls-ca-volume + secret: + defaultMode: 0444 + secretName: tls-ca-additional +{{- end }} diff --git a/charts/rancher-csp-adapter/1.0.1/templates/rbac.yaml b/charts/rancher-csp-adapter/1.0.1/templates/rbac.yaml new file mode 100644 index 000000000..220c0d434 --- /dev/null +++ b/charts/rancher-csp-adapter/1.0.1/templates/rbac.yaml @@ -0,0 +1,114 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Chart.Name }}-cluster-role +rules: +- apiGroups: + - management.cattle.io + resources: + - ranchermetrics + verbs: + - get +- apiGroups: + - management.cattle.io + resources: + - rancherusernotifications + resourceNames: + - {{ template "csp-adapter.outputNotification" }} + verbs: + - "*" +- apiGroups: + - management.cattle.io + resources: + - rancherusernotifications + verbs: + - create +- apiGroups: + - management.cattle.io + resources: + - settings + resourceNames: + - {{ template "csp-adapter.hostnameSetting" }} + - {{ template "csp-adapter.versionSetting" }} + verbs: + - get + - list + - watch +- apiGroups: + - apiregistration.k8s.io + resources: + - apiservices + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Chart.Name }}-crb +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Chart.Name }}-cluster-role +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Chart.Name }}-role + namespace: cattle-csp-adapter-system +rules: +- apiGroups: + - "" + resources: + - secrets + resourceNames: + - {{ template "csp-adapter.cacheSecret" }} + verbs: + - "*" +- apiGroups: + - "" + resources: + - secrets + verbs: + - create +- apiGroups: + - "" + resources: + - configmaps + resourceNames: + - {{ template "csp-adapter.outputConfigMap" }} + verbs: + - "*" +- apiGroups: + - "" + resources: + - configmaps + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Chart.Name }}-binding + namespace: cattle-csp-adapter-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Chart.Name }}-role +subjects: + - kind: ServiceAccount + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system \ No newline at end of file diff --git a/charts/rancher-csp-adapter/1.0.1/templates/serviceAccount.yaml b/charts/rancher-csp-adapter/1.0.1/templates/serviceAccount.yaml new file mode 100644 index 000000000..fa8f63e7f --- /dev/null +++ b/charts/rancher-csp-adapter/1.0.1/templates/serviceAccount.yaml @@ -0,0 +1,17 @@ +{{- if eq (include "csp-adapter.csp" . ) "aws" -}} + {{- if eq (include "csp-adapter.awsValuesSet" .) "true" -}} + {{- else -}} + {{- fail "If the aws provider is enabled, account number and role name must be provided" -}} + {{- end -}} +{{- else -}} +{{- fail "One cloud provider must be enabled" -}} +{{- end -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Chart.Name }} + namespace: cattle-csp-adapter-system + {{- if eq (include "csp-adapter.csp" . ) "aws" }} + annotations: + eks.amazonaws.com/role-arn: arn:aws:iam::{{ .Values.aws.accountNumber }}:role/{{ .Values.aws.roleName }} + {{- end }} diff --git a/charts/rancher-csp-adapter/1.0.1/values.yaml b/charts/rancher-csp-adapter/1.0.1/values.yaml new file mode 100644 index 000000000..afa8e88be --- /dev/null +++ b/charts/rancher-csp-adapter/1.0.1/values.yaml @@ -0,0 +1,22 @@ +debug: false + +image: + repository: rancher/rancher-csp-adapter + tag: v1.0.1 + imagePullPolicy: IfNotPresent + +global: + cattle: + systemDefaultRegistry: "" + +tolerations: [] + +# if rancher is using a privateCA, this certificate must be provided as a secret in the adapter's namespace - see the +# readme/docs for more details +#additionalTrustedCAs: true + +# at least one csp must be enabled like below +aws: + enabled: false + accountNumber: "" + roleName: "" diff --git a/index.yaml b/index.yaml index 8dd319acb..23e7492c3 100755 --- a/index.yaml +++ b/index.yaml @@ -3562,6 +3562,27 @@ entries: - assets/rancher-cis-benchmark-crd/rancher-cis-benchmark-crd-1.0.100.tgz version: 1.0.100 rancher-csp-adapter: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Rancher CSP Adapter + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.22.0-0 < 1.25.0-0' + catalog.cattle.io/namespace: cattle-csp-adapter-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux + catalog.cattle.io/rancher-version: '>= 2.6.6-0 < 2.7.0-0' + catalog.cattle.io/release-name: rancher-csp-adapter + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.0.1 + created: "2022-09-06T16:38:05.397109-04:00" + description: Cloud Service Provider Marketplace Adapter for Rancher. Monitors + Rancher entitlements against usage. + digest: 35a37a41a3105b6c2a585b37191e13cb17b1616eaab628770a80b2ebf33acc38 + name: rancher-csp-adapter + urls: + - assets/rancher-csp-adapter/rancher-csp-adapter-1.0.1.tgz + version: 1.0.1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rancher CSP Adapter diff --git a/packages/rancher-csp-adapter/package.yaml b/packages/rancher-csp-adapter/package.yaml index bde5bf7b3..55104b6f6 100644 --- a/packages/rancher-csp-adapter/package.yaml +++ b/packages/rancher-csp-adapter/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/csp-adapter/releases/download/v1.0.0/rancher-csp-adapter-1.0.0.tgz -version: 1.0.0 +url: https://github.com/rancher/csp-adapter/releases/download/v1.0.1/rancher-csp-adapter-1.0.1.tgz +version: 1.0.1 diff --git a/release.yaml b/release.yaml index ce83a0493..ae5510797 100644 --- a/release.yaml +++ b/release.yaml @@ -2,3 +2,5 @@ rancher-eks-operator: - 100.0.4+up1.1.5-rc1 rancher-eks-operator-crd: - 100.0.4+up1.1.5-rc1 +rancher-csp-adapter: + - 1.0.1