andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

(dev-v2.6-archive) remove rke2 charts 

(partially cherry picked from commit 0a381894df)
pull/1680/head
Caleb Bron 2020-08-19 13:28:53 -07:00 committed by Arvind Iyengar
parent 7bfb20e89a
commit b5eaa9042c
No known key found for this signature in database
GPG Key ID: A8DD9BFD6C811498
19 changed files with 0 additions and 1229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
packages/canal/charts/Chart.yaml
View File

@ -1,13 +0,0 @@
apiVersion: v1
name: canal
description: Install Canal Network Plugin.
version: v3.13.3
appVersion: v3.13.3
home: https://www.projectcalico.org/
keywords:
- canal
sources:
- https://github.com/rancher/charts
maintainers:
- name: Rancher Labs
email: charts@rancher.com

3
packages/canal/charts/templates/NOTES.txt
View File

@ -1,3 +0,0 @@
Canal network plugin has been installed.
NOTE: It may take few minutes until Canal image install CNI files and node become in ready state.

67
packages/canal/charts/templates/config.yaml
View File

@ -1,67 +0,0 @@
---
# Source: calico/templates/calico-config.yaml
# This ConfigMap is used to configure a self-hosted Canal installation.
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ .Release.Name }}-config
namespace: kube-system
data:
# Typha is disabled.
typha_service_name: {{ .Values.calico.typhaServiceName | quote }}
# The interface used by canal for host <-> host communication.
# If left blank, then the interface is chosen using the node's
# default route.
canal_iface: {{ .Values.flannel.iface | quote }}
# Whether or not to masquerade traffic to destinations not within
# the pod network.
masquerade: {{ .Values.calico.masquerade | quote }}
# Configure the MTU to use
veth_mtu: {{ .Values.calico.vethuMTU | quote }}
# The CNI network configuration to install on each node. The special
# values in this config will be automatically populated.
cni_network_config: |-
{
"name": "k8s-pod-network",
"cniVersion": "0.3.1",
"plugins": [
{
"type": "calico",
"log_level": "info",
"datastore_type": "kubernetes",
"nodename": "__KUBERNETES_NODE_NAME__",
"mtu": __CNI_MTU__,
"ipam": {
"type": "host-local",
"subnet": "usePodCidr"
},
"policy": {
"type": "k8s"
},
"kubernetes": {
"kubeconfig": "__KUBECONFIG_FILEPATH__"
}
},
{
"type": "portmap",
"snat": true,
"capabilities": {"portMappings": true}
},
{
"type": "bandwidth",
"capabilities": {"bandwidth": true}
}
]
}
# Flannel network configuration. Mounted into the flannel container.
net-conf.json: |
{
"Network": {{ .Values.podCidr | quote }},
"Backend": {
"Type": {{ .Values.flannel.backend | quote }}
}
}

197
packages/canal/charts/templates/crd.yaml
View File

@ -1,197 +0,0 @@
---
# Source: calico/templates/kdd-crds.yaml
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgpconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPConfiguration
plural: bgpconfigurations
singular: bgpconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: bgppeers.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BGPPeer
plural: bgppeers
singular: bgppeer
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: blockaffinities.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: BlockAffinity
plural: blockaffinities
singular: blockaffinity
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: clusterinformations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: ClusterInformation
plural: clusterinformations
singular: clusterinformation
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: felixconfigurations.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: FelixConfiguration
plural: felixconfigurations
singular: felixconfiguration
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworkpolicies.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkPolicy
plural: globalnetworkpolicies
singular: globalnetworkpolicy
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: globalnetworksets.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: GlobalNetworkSet
plural: globalnetworksets
singular: globalnetworkset
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: hostendpoints.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: HostEndpoint
plural: hostendpoints
singular: hostendpoint
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamblocks.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMBlock
plural: ipamblocks
singular: ipamblock
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamconfigs.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMConfig
plural: ipamconfigs
singular: ipamconfig
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ipamhandles.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPAMHandle
plural: ipamhandles
singular: ipamhandle
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ippools.crd.projectcalico.org
spec:
scope: Cluster
group: crd.projectcalico.org
version: v1
names:
kind: IPPool
plural: ippools
singular: ippool
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networkpolicies.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkPolicy
plural: networkpolicies
singular: networkpolicy
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: networksets.crd.projectcalico.org
spec:
scope: Namespaced
group: crd.projectcalico.org
version: v1
names:
kind: NetworkSet
plural: networksets
singular: networkset

254
packages/canal/charts/templates/daemonset.yaml
View File

@ -1,254 +0,0 @@
---
# Source: calico/templates/calico-node.yaml
# This manifest installs the canal container, as well
# as the CNI plugins and network config on
# each master and worker node in a Kubernetes cluster.
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Release.Name | quote }}
namespace: kube-system
labels:
k8s-app: canal
spec:
selector:
matchLabels:
k8s-app: canal
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
template:
metadata:
labels:
k8s-app: canal
annotations:
# This, along with the CriticalAddonsOnly toleration below,
# marks the pod as a critical add-on, ensuring it gets
# priority scheduling and that its resources are reserved
# if it ever gets evicted.
scheduler.alpha.kubernetes.io/critical-pod: ''
spec:
nodeSelector:
kubernetes.io/os: linux
hostNetwork: true
tolerations:
# Make sure canal gets scheduled on all nodes.
- effect: NoSchedule
operator: Exists
# Mark the pod as a critical add-on for rescheduling.
- key: CriticalAddonsOnly
operator: Exists
- effect: NoExecute
operator: Exists
serviceAccountName: canal
# Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
# deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
terminationGracePeriodSeconds: 0
priorityClassName: system-node-critical
initContainers:
# This container installs the CNI binaries
# and CNI network config file on each node.
- name: install-cni
image: {{ .Values.calico.cniImage }}:{{ .Values.calico.imageTag }}
command: ["/install-cni.sh"]
env:
# Name of the CNI config file to create.
- name: CNI_CONF_NAME
value: "10-canal.conflist"
# The CNI network config to install on each node.
- name: CNI_NETWORK_CONFIG
valueFrom:
configMapKeyRef:
name: canal-config
key: cni_network_config
# Set the hostname based on the k8s node name.
- name: KUBERNETES_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# CNI MTU Config variable
- name: CNI_MTU
valueFrom:
configMapKeyRef:
name: canal-config
key: veth_mtu
# Prevents the container from sleeping forever.
- name: SLEEP
value: "false"
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
securityContext:
privileged: true
# Adds a Flex Volume Driver that creates a per-pod Unix Domain Socket to allow Dikastes
# to communicate with Felix over the Policy Sync API.
- name: flexvol-driver
image: {{ .Values.calico.flexvolImage }}:{{ .Values.calico.imageTag }}
volumeMounts:
- name: flexvol-driver-host
mountPath: /host/driver
securityContext:
privileged: true
containers:
# Runs canal container on each Kubernetes node. This
# container programs network policy and routes on each
# host.
- name: calico-node
command:
- "start_runit"
image: {{ .Values.calico.nodeImage }}:{{ .Values.calico.imageTag }}
env:
# Use Kubernetes API as the backing datastore.
- name: DATASTORE_TYPE
value: {{ .Values.calico.datastoreType | quote }}
# Configure route aggregation based on pod CIDR.
- name: USE_POD_CIDR
value: {{ .Values.calico.usePodCIDR | quote }}
# Wait for the datastore.
- name: WAIT_FOR_DATASTORE
value: {{ .Values.calico.waitForDatastore | quote }}
# Set based on the k8s node name.
- name: NODENAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# Don't enable BGP.
- name: CALICO_NETWORKING_BACKEND
value: {{ .Values.calico.networkingBackend | quote }}
# Cluster type to identify the deployment type
- name: CLUSTER_TYPE
value: {{ .Values.calico.clusterType | quote}}
# Period, in seconds, at which felix re-applies all iptables state
- name: FELIX_IPTABLESREFRESHINTERVAL
value: {{ .Values.calico.felixIptablesRefreshInterval | quote}}
# No IP address needed.
- name: IP
value: ""
# The default IPv4 pool to create on startup if none exists. Pod IPs will be
# chosen from this range. Changing this value after installation will have
# no effect. This should fall within `--cluster-cidr`.
# - name: CALICO_IPV4POOL_CIDR
# value: "192.168.0.0/16"
# Disable file logging so `kubectl logs` works.
- name: CALICO_DISABLE_FILE_LOGGING
value: "true"
# Set Felix endpoint to host default action to ACCEPT.
- name: FELIX_DEFAULTENDPOINTTOHOSTACTION
value: {{ .Values.calico.felixDefaultEndpointToHostAction | quote }}
# Disable IPv6 on Kubernetes.
- name: FELIX_IPV6SUPPORT
value: {{ .Values.calico.felixIpv6Support | quote }}
# Set Felix logging to "info"
- name: FELIX_LOGSEVERITYSCREEN
value: {{ .Values.calico.felixLogSeverityScreen | quote }}
- name: FELIX_HEALTHENABLED
value: {{ .Values.calico.felixHealthEnabled | quote }}
securityContext:
privileged: true
resources:
requests:
cpu: 250m
livenessProbe:
exec:
command:
- /bin/calico-node
- -felix-live
periodSeconds: 10
initialDelaySeconds: 10
failureThreshold: 6
readinessProbe:
httpGet:
path: /readiness
port: 9099
host: localhost
periodSeconds: 10
volumeMounts:
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- mountPath: /var/run/calico
name: var-run-calico
readOnly: false
- mountPath: /var/lib/calico
name: var-lib-calico
readOnly: false
- name: policysync
mountPath: /var/run/nodeagent
# This container runs flannel using the kube-subnet-mgr backend
# for allocating subnets.
- name: kube-flannel
image: {{ .Values.flannel.image }}:{{ .Values.flannel.imageTag }}
command:
- "/opt/bin/flanneld"
{{- range .Values.flannel.args }}
- {{ . | quote }}
{{- end }}
securityContext:
privileged: true
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: FLANNELD_IFACE
valueFrom:
configMapKeyRef:
name: canal-config
key: canal_iface
- name: FLANNELD_IP_MASQ
valueFrom:
configMapKeyRef:
name: canal-config
key: masquerade
volumeMounts:
- mountPath: /run/xtables.lock
name: xtables-lock
readOnly: false
- name: flannel-cfg
mountPath: /etc/kube-flannel/
volumes:
# Used by canal.
- name: lib-modules
hostPath:
path: /lib/modules
- name: var-run-calico
hostPath:
path: /var/run/calico
- name: var-lib-calico
hostPath:
path: /var/lib/calico
- name: xtables-lock
hostPath:
path: /run/xtables.lock
type: FileOrCreate
# Used by flannel.
- name: flannel-cfg
configMap:
name: canal-config
# Used to install CNI.
- name: cni-bin-dir
hostPath:
path: /opt/cni/bin
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
# Used to create per-pod Unix Domain Sockets
- name: policysync
hostPath:
type: DirectoryOrCreate
path: /var/run/nodeagent
# Used to install Flex Volume Driver
- name: flexvol-driver-host
hostPath:
type: DirectoryOrCreate
path: /usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds

163
packages/canal/charts/templates/rbac.yaml
View File

@ -1,163 +0,0 @@
---
# Source: calico/templates/rbac.yaml
# Include a clusterrole for the calico-node DaemonSet,
# and bind it to the calico-node serviceaccount.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: calico-node
rules:
# The CNI plugin needs to get pods, nodes, and namespaces.
- apiGroups: [""]
resources:
- pods
- nodes
- namespaces
verbs:
- get
- apiGroups: [""]
resources:
- endpoints
- services
verbs:
# Used to discover service IPs for advertisement.
- watch
- list
# Used to discover Typhas.
- get
# Pod CIDR auto-detection on kubeadm needs access to config maps.
- apiGroups: [""]
resources:
- configmaps
verbs:
- get
- apiGroups: [""]
resources:
- nodes/status
verbs:
# Needed for clearing NodeNetworkUnavailable flag.
- patch
# Calico stores some configuration information in node annotations.
- update
# Watch for changes to Kubernetes NetworkPolicies.
- apiGroups: ["networking.k8s.io"]
resources:
- networkpolicies
verbs:
- watch
- list
# Used by Calico for policy information.
- apiGroups: [""]
resources:
- pods
- namespaces
- serviceaccounts
verbs:
- list
- watch
# The CNI plugin patches pods/status.
- apiGroups: [""]
resources:
- pods/status
verbs:
- patch
# Calico monitors various CRDs for config.
- apiGroups: ["crd.projectcalico.org"]
resources:
- globalfelixconfigs
- felixconfigurations
- bgppeers
- globalbgpconfigs
- bgpconfigurations
- ippools
- ipamblocks
- globalnetworkpolicies
- globalnetworksets
- networkpolicies
- networksets
- clusterinformations
- hostendpoints
- blockaffinities
verbs:
- get
- list
- watch
# Calico must create and update some CRDs on startup.
- apiGroups: ["crd.projectcalico.org"]
resources:
- ippools
- felixconfigurations
- clusterinformations
verbs:
- create
- update
# Calico stores some configuration information on the node.
- apiGroups: [""]
resources:
- nodes
verbs:
- get
- list
- watch
# These permissions are only requried for upgrade from v2.6, and can
# be removed after upgrade or on fresh installations.
- apiGroups: ["crd.projectcalico.org"]
resources:
- bgpconfigurations
- bgppeers
verbs:
- create
- update
---
# Flannel ClusterRole
# Pulled from https://github.com/coreos/flannel/blob/master/Documentation/kube-flannel-rbac.yml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: flannel
rules:
- apiGroups: [""]
resources:
- pods
verbs:
- get
- apiGroups: [""]
resources:
- nodes
verbs:
- list
- watch
- apiGroups: [""]
resources:
- nodes/status
verbs:
- patch
---
# Bind the flannel ClusterRole to the canal ServiceAccount.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: canal-flannel
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: flannel
subjects:
- kind: ServiceAccount
name: canal
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: canal-calico
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: calico-node
subjects:
- kind: ServiceAccount
name: canal
namespace: kube-system

6
packages/canal/charts/templates/serviceaccount.yaml
View File

@ -1,6 +0,0 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: canal
namespace: kube-system

61
packages/canal/charts/values.yaml
View File

@ -1,61 +0,0 @@
---
# The IPv4 cidr pool to create on startup if none exists. Pod IPs will be
# chosen from this range.
podCidr: "10.42.0.0/16"
flannel:
# kube-flannel image
image: ranchertest/flannel
# kube-flannel tag
imageTag: v0.11.0
# The interface used by canal for host <-> host communication.
# If left blank, then the interface is chosen using the node's
# default route.
iface: ""
# kube-flannel command arguments
args:
- "--ip-masq"
- "--kube-subnet-mgr"
# Backend for kube-flannel. Backend should not be changed
# at runtime.
backend: "vxlan"
calico:
# CNI installation image.
cniImage: ranchertest/calico
# Canal node image.
nodeImage: ranchertest/calico
# Flexvol Image.
flexvolImage: ranchertest/calico
# Image tag used for all related canal images.
imageTag: v3.13.3
# Datastore type for canal. It can be either kuberentes or etcd.
datastoreType: kubernetes
# Wait for datastore to initialize.
waitForDatastore: true
# Configure route aggregation based on pod CIDR.
usePodCIDR: true
# Disable BGP routing.
networkingBackend: none
# Cluster type to identify the deployment type.
clusterType: "k8s,canal"
# Disable file logging so `kubectl logs` works.
disableFileLogging: true
# Disable IPv6 on Kubernetes.
felixIpv6Support: false
# Period, in seconds, at which felix re-applies all iptables state
felixIptablesRefreshInterval: 60
# Set Felix logging to "info".
felixLogSeverityScreen: info
# Enable felix healthcheck.
felixHealthEnabled: true
# Whether or not to masquerade traffic to destinations not within
# the pod network.
masquerade: true
# Set Felix endpoint to host default action to ACCEPT.
felixDefaultEndpointToHostAction: ACCEPT
# Configure the MTU to use.
vethuMTU: 1450
# Typha is disabled.
typhaServiceName: none

49
packages/coredns/coredns.patch
View File

@ -1,49 +0,0 @@
diff -x '*.tgz' -x '*.lock' -uNr packages/coredns/charts-original/templates/_helpers.tpl packages/coredns/charts/templates/_helpers.tpl
--- packages/coredns/charts-original/templates/_helpers.tpl
+++ packages/coredns/charts/templates/_helpers.tpl
@@ -137,6 +137,7 @@
{{- end -}}
{{- end -}}
+
{{/*
Create the name of the service account to use
*/}}
diff -x '*.tgz' -x '*.lock' -uNr packages/coredns/charts-original/templates/configmap.yaml packages/coredns/charts/templates/configmap.yaml
--- packages/coredns/charts-original/templates/configmap.yaml
+++ packages/coredns/charts/templates/configmap.yaml
@@ -19,7 +19,7 @@
{{- if .port }}:{{ .port }} {{ end -}}
{
{{- range .plugins }}
- {{ .name }}{{ if .parameters }} {{ .parameters }}{{ end }}{{ if .configBlock }} {
+ {{ .name }} {{ if .parameters }} {{if eq .name "kubernetes" }} {{ (lookup "v1" "ConfigMap" "kube-system" "cluster-dns").data.clusterDomain }} {{ end }} {{.parameters}}{{ end }}{{ if .configBlock }} {
{{ .configBlock | indent 12 }}
}{{ end }}
{{- end }}
diff -x '*.tgz' -x '*.lock' -uNr packages/coredns/charts-original/templates/service.yaml packages/coredns/charts/templates/service.yaml
--- packages/coredns/charts-original/templates/service.yaml
+++ packages/coredns/charts/templates/service.yaml
@@ -26,6 +26,8 @@
app.kubernetes.io/name: {{ template "coredns.name" . }}
{{- if .Values.service.clusterIP }}
clusterIP: {{ .Values.service.clusterIP }}
+ {{ else }}
+ clusterIP: {{ (lookup "v1" "ConfigMap" "kube-system" "cluster-dns").data.clusterDNS }}
{{- end }}
{{- if .Values.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
diff -x '*.tgz' -x '*.lock' -uNr packages/coredns/charts-original/values.yaml packages/coredns/charts/values.yaml
--- packages/coredns/charts-original/values.yaml
+++ packages/coredns/charts/values.yaml
@@ -3,8 +3,8 @@
# Declare variables to be passed into your templates.
image:
- repository: coredns/coredns
- tag: "1.6.9"
+ repository: ranchertest/coredns
+ tag: "v1.6.9"
pullPolicy: IfNotPresent
replicaCount: 1

2
packages/coredns/package.yaml
View File

@ -1,2 +0,0 @@
url: https://kubernetes-charts.storage.googleapis.com/coredns-1.10.1.tgz
packageVersion: 01

12
packages/kube-proxy/charts/Chart.yaml
View File

@ -1,12 +0,0 @@
apiVersion: v1
name: kube-proxy
description: Install Kube Proxy.
version: v1.18.4
appVersion: v1.18.4
keywords:
- kube-proxy
sources:
- https://github.com/rancher/charts
maintainers:
- name: Rancher Labs
email: charts@rancher.com

2
packages/kube-proxy/charts/templates/NOTES.txt
View File

@ -1,2 +0,0 @@
Kube-proxy has been installed.

69
packages/kube-proxy/charts/templates/config.yaml
View File

@ -1,69 +0,0 @@
---
apiVersion: v1
data:
config.conf: |-
apiVersion: kubeproxy.config.k8s.io/v1alpha1
bindAddress: {{ .Values.bindAddress | quote }}
clientConnection:
acceptContentTypes: {{ .Values.clientConnection.acceptContentTypes | quote }}
burst: {{ .Values.clientConnection.burst }}
contentType: {{ .Values.clientConnection.contentType | quote }}
kubeconfig: {{ .Values.clientConnection.kubeconfig | quote }}
qps: {{ .Values.clientConnection.qps }}
clusterCIDR: {{ .Values.clusterCIDR | quote }}
configSyncPeriod: {{ .Values.configSyncPeriod }}
conntrack:
maxPerCore: {{ .Values.conntrack.maxPerCore }}
min: {{ .Values.conntrack.min }}
tcpCloseWaitTimeout: {{ .Values.conntrack.tcpCloseWaitTimeout | quote }}
tcpEstablishedTimeout: {{ .Values.conntrack.tcpEstablishedTimeout | quote }}
detectLocalMode: {{ .Values.detectLocalMode | quote }}
enableProfiling: {{ .Values.enableProfiling | quote }}
healthzBindAddress: {{ .Values.healthzBindAddress | quote }}
hostnameOverride: {{ .Values.hostnameOverride | quote }}
iptables:
masqueradeAll: {{ .Values.iptables.masqueradeAll | quote }}
masqueradeBit: {{ .Values.iptables.masqueradeBit }}
{{ if .Values.iptables.minSyncPeriod }}
minSyncPeriod: {{ .Values.iptables.minSyncPeriod }}
{{ end }}
syncPeriod: {{ .Values.iptables.syncPeriod }}
ipvs:
excludeCIDRs: {{ .Values.ipvs.excludeCIDRs | quote }}
{{ if .Values.ipvs.minSyncPeriod }}
minSyncPeriod: {{ .Values.ipvs.minSyncPeriod }}
{{ end }}
scheduler: {{ .Values.ipvs.scheduler | quote }}
strictARP: {{ .Values.ipvs.strictARP | quote }}
syncPeriod: {{ .Values.ipvs.syncPeriod }}
{{ if .Values.ipvs.tcpFinTimeout }}
tcpFinTimeout: {{ .Values.ipvs.tcpFinTimeout }}
{{ end }}
{{ if .Values.ipvs.tcpTimeout }}
tcpTimeout: {{ .Values.ipvs.tcpTimeout }}
{{ end }}
{{ if .Values.ipvs.udpTimeout }}
udpTimeout: {{ .Values.ipvs.udpTimeout }}
{{ end }}
kind: KubeProxyConfiguration
metricsBindAddress: {{ .Values.metricsBindAddresses | quote }}
mode: {{ .Values.proxy.mode | quote }}
nodePortAddresses: null
oomScoreAdj: {{ .Values.oomScoreAdj }}
portRange: {{ .Values.proxy.portRange | quote }}
showHiddenMetricsForVersion: {{ .Values.showHiddenMetricsForVersion | quote }}
udpIdleTimeout: {{ .Values.udpTimeout | quote }}
featureGates:
{{- range $key, $value := .Values.featureGates }}
{{ $key }}: {{ $value }}
{{- end }}
winkernel:
enableDSR: false
networkName: ""
sourceVip: ""
kind: ConfigMap
metadata:
labels:
app: kube-proxy
name: kube-proxy
namespace: kube-system

78
packages/kube-proxy/charts/templates/daemonset.yaml
View File

@ -1,78 +0,0 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
k8s-app: kube-proxy
name: kube-proxy
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: kube-proxy
template:
metadata:
labels:
k8s-app: kube-proxy
spec:
containers:
- command:
- /usr/local/bin/kube-proxy
- --config=/var/lib/kube-proxy/config.conf
- --hostname-override=$(NODE_NAME)
env:
- name: NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
image: {{ .Values.image }}:{{ .Values.imageTag }}
imagePullPolicy: IfNotPresent
name: kube-proxy
securityContext:
privileged: true
volumeMounts:
- mountPath: /var/lib/kube-proxy
name: kube-proxy
- mountPath: /var/lib/rancher/rke2/agent
name: rke2config
readOnly: true
- mountPath: /run/xtables.lock
name: xtables-lock
- mountPath: /lib/modules
name: lib-modules
readOnly: true
dnsPolicy: ClusterFirst
hostNetwork: true
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-node-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: kube-proxy
serviceAccountName: kube-proxy
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
- operator: Exists
volumes:
- hostPath:
path: /var/lib/rancher/rke2/agent
type: ""
name: rke2config
- configMap:
name: kube-proxy
name: kube-proxy
- hostPath:
path: /run/xtables.lock
type: FileOrCreate
name: xtables-lock
- hostPath:
path: /lib/modules
type: ""
name: lib-modules
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate

12
packages/kube-proxy/charts/templates/rbac.yaml
View File

@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rke2:node-proxier
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node-proxier
subjects:
- kind: ServiceAccount
name: kube-proxy
namespace: kube-system

5
packages/kube-proxy/charts/templates/serviceaccount.yaml
View File

@ -1,5 +0,0 @@
kind: ServiceAccount
apiVersion: v1
metadata:
name: kube-proxy
namespace: kube-system

222
packages/kube-proxy/charts/values.yaml
View File

@ -1,222 +0,0 @@
---
# image for kubeproxy
image: ranchertest/kube-proxy
# image tag for kubeproxy
imageTag: v1.18.4
# The IP address for the proxy server to serve on
# (set to '0.0.0.0' for all IPv4 interfaces and '::' for all IPv6 interfaces)
bindAddress: 0.0.0.0
# If true cleanup iptables and ipvs rules and exit.
cleanup:
# The CIDR range of pods in the cluster.
# When configured, traffic sent to a Service cluster IP from outside this range
# will be masqueraded and traffic sent from pods to an external
# LoadBalancer IP will be directed to the respective cluster IP instead
clusterCIDR: 10.42.0.0/16
# The path to the configuration file.
config:
# How often configuration from the apiserver is refreshed. Must be greater than 0.
configSyncPeriod: 15m0s
conntrack:
# Maximum number of NAT connections to track per CPU core (0 to leave the limit as-is and ignore conntrack-min).
maxPerCore: 32768
# Minimum number of conntrack entries to allocate, regardless of conntrack-max-per-core (set conntrack-max-per-core=0 to leave the limit as-is).
min: 131072
# NAT timeout for TCP connections in the CLOSE_WAIT state
tcpTimeoutCloseWait: 1h0m0s
# Idle timeout for established TCP connections (0 to leave as-is)
tcpTimeoutEstablished: 24h0m0s
# Mode to use to detect local traffic
detectLocalMode:
# A set of key=value pairs that describe feature gates for alpha/experimental features:
featureGates:
APIListChunking: true
APIPriorityAndFairness: false
APIResponseCompression: true
AllAlpha: false
AllBeta: false
AllowInsecureBackendProxy: true
AnyVolumeDataSource: false
AppArmor: true
BalanceAttachedNodeVolumes: false
BoundServiceAccountTokenVolume: false
CPUManager: true
CRIContainerLogRotation: true
CSIInlineVolume: true
CSIMigration: true
CSIMigrationAWS: false
CSIMigrationAWSComplete: false
CSIMigrationAzureDisk: false
CSIMigrationAzureDiskComplete: false
CSIMigrationAzureFile: false
CSIMigrationAzureFileComplete: false
CSIMigrationGCE: false
CSIMigrationGCEComplete: false
CSIMigrationOpenStack: false
CSIMigrationOpenStackComplete: false
ConfigurableFSGroupPolicy: false
CustomCPUCFSQuotaPeriod: false
DefaultIngressClass: true
DevicePlugins: true
DryRun: true
DynamicAuditing: false
DynamicKubeletConfig: true
EndpointSlice: true
EndpointSliceProxying: false
EphemeralContainers: false
EvenPodsSpread: true
ExpandCSIVolumes: true
ExpandInUsePersistentVolumes: true
ExpandPersistentVolumes: true
ExperimentalHostUserNamespaceDefaulting: false
HPAScaleToZero: false
HugePageStorageMediumSize: false
HyperVContainer: false
IPv6DualStack: false
ImmutableEphemeralVolumes: false
KubeletPodResources: true
LegacyNodeRoleBehavior: true
LocalStorageCapacityIsolation: true
LocalStorageCapacityIsolationFSQuotaMonitoring: false
NodeDisruptionExclusion: false
NonPreemptingPriority: false
PodDisruptionBudget: true
PodOverhead: true
ProcMountType: false
QOSReserved: false
RemainingItemCount: true
RemoveSelfLink: false
ResourceLimitsPriorityFunction: false
RotateKubeletClientCertificate: true
RotateKubeletServerCertificate: true
RunAsGroup: true
RuntimeClass: true
SCTPSupport: false
SelectorIndex: false
ServerSideApply: true
ServiceAccountIssuerDiscovery: false
ServiceAppProtocol: false
ServiceNodeExclusion: false
ServiceTopology: false
StartupProbe: true
StorageVersionHash: true
SupportNodePidsLimit: true
SupportPodPidsLimit: true
Sysctls: true
TTLAfterFinished: false
TokenRequest: true
TokenRequestProjection: true
TopologyManager: true
ValidateProxyRedirects: true
VolumeSnapshotDataSource: true
WinDSR: false
WinOverlay: false
# The IP address with port for the health check server to serve on
# (set to '0.0.0.0:10256' for all IPv4 interfaces and '[::]:10256' for all IPv6 interfaces). Set empty to disable.
healthzBindAddress: 0.0.0.0:10256
# help for kube-proxy
help:
# If non-empty, will use this string as identification instead of the actual hostname.
hostnameOverride:
iptables:
# If using the pure iptables proxy, SNAT all traffic sent via Service cluster IPs (this not commonly needed)
masqueradeAll:
# If using the pure iptables proxy, the bit of the fwmark space to mark packets requiring SNAT with. Must be within the range [0, 31].
masqueradeBit: 14
# The minimum interval of how often the iptables rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').
minSyncPeriod:
# The maximum interval of how often iptables rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0.
syncPeriod: 30s
ipvs:
# A comma-separated list of CIDR's which the ipvs proxier should not touch when cleaning up IPVS rules.
excludeCidrs:
# The minimum interval of how often the ipvs rules can be refreshed as endpoints and services change (e.g. '5s', '1m', '2h22m').
minSyncPeriod:
# The ipvs scheduler type when proxy mode is ipvs
scheduler:
# Enable strict ARP by setting arp_ignore to 1 and arp_announce to 2
strictArp:
# The maximum interval of how often ipvs rules are refreshed (e.g. '5s', '1m', '2h22m'). Must be greater than 0.
syncPeriod: 30s
# The timeout for idle IPVS TCP connections, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
tcpTimeout:
# The timeout for IPVS TCP connections after receiving a FIN packet, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
tcpfinTimeout:
# The timeout for IPVS UDP packets, 0 to leave as-is. (e.g. '5s', '1m', '2h22m').
udpTimeout:
clientConnection:
# Burst to use while talking with kubernetes apiserver
apiBurst: 10
# Content type of requests sent to apiserver.
apiContentType:
# QPS to use while talking with kubernetes apiserver
qps: 5
# Path to kubeconfig file with authorization information (the master location is set by the master flag).
kubeconfig: /var/lib/rancher/rke2/agent/kubeproxy.kubeconfig
# Maximum number of seconds between log flushes
logFlushFrequency: 5s
# The address of the Kubernetes API server (overrides any value in kubeconfig)
master:
# The IP address with port for the metrics server to serve on
# (set to '0.0.0.0:10249' for all IPv4 interfaces and '[::]:10249' for all IPv6 interfaces). Set empty to disable.
metricsBindAddress: 127.0.0.1:10249
# A string slice of values which specify the addresses to use for NodePorts.
# Values may be valid IP blocks (e.g. 1.2.3.0/24, 1.2.3.4/32). The default empty string slice ([]) means to use all local addresses.
nodeportAddresses:
# The oom-score-adj value for kube-proxy process. Values must be within the range [-1000, 1000]
oomScoreAdj: -999
# If true enables profiling via web interface on /debug/pprof handler.
profiling:
proxy:
# Which proxy mode to use: 'userspace' (older) or 'iptables' (faster) or 'ipvs'.
# If blank, use the best-available proxy (currently iptables).
# If the iptables proxy is selected, regardless of how, but the system's
# kernel or iptables versions are insufficient, this always falls back to the userspace proxy.
mode:
# Range of host ports (beginPort-endPort, single port or beginPort+offset, inclusive)
# that may be consumed in order to proxy service traffic.
# If (unspecified, 0, or 0-0) then ports will be randomly chosen.
portRange:
# The previous version for which you want to show hidden metrics.
# Only the previous minor version is meaningful, other values will not be allowed.
# The format is <major>.<minor>, e.g.: '1.16'. The purpose of this format is make
# sure you have the opportunity to notice if the next release hides additional metrics,
# rather than being surprised when they are permanently removed in the release after that.
showHiddenMetricsForVersion:
# How long an idle UDP connection will be kept open (e.g. '250ms', '2s').
# Must be greater than 0. Only applicable for proxy-mode=userspace
udpTimeout: 250ms
# Print version information and quit
version:
# If set, write the default configuration values to this file and exit.
writeConfigTo:

12
packages/metrics-server/metrics-server.patch
View File

@ -1,12 +0,0 @@
diff -x '*.tgz' -x '*.lock' -uNr packages/metrics-server/charts-original/values.yaml packages/metrics-server/charts/values.yaml
--- packages/metrics-server/charts-original/values.yaml
+++ packages/metrics-server/charts/values.yaml
@@ -27,7 +27,7 @@
enabled: false
image:
- repository: k8s.gcr.io/metrics-server-amd64
+ repository: ranchertest/k8s-metrics-server
tag: v0.3.6
pullPolicy: IfNotPresent

2
packages/metrics-server/package.yaml
View File

@ -1,2 +0,0 @@
url: https://kubernetes-charts.storage.googleapis.com/metrics-server-2.11.1.tgz
packageVersion: 00