Merge branch 'dev-v2.6' of https://github.com/rancher/charts into HEAD

charts/fleet-agent/100.0.4+up0.3.10-rc1/Chart.yaml

@@ -0,0 +1,13 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: fleet-agent
+apiVersion: v2
+appVersion: 0.3.10-rc1
+description: Fleet Manager Agent - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-agent
+version: 100.0.4+up0.3.10-rc1

charts/fleet-agent/100.0.4+up0.3.10-rc1/README.md

@@ -0,0 +1,3 @@
+Standalone Fleet users use this chart for agent-based registration [docs/agent-initiated.md](/docs/agent-initiated.md).
+Fleet in Rancher does not use this chart, but creates the agent deployments programmatically.
+

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/_helpers.tpl

@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/configmap.yaml

@@ -0,0 +1,12 @@
+kind: ConfigMap
+apiVersion: v1
+metadata:
+  name: fleet-agent
+data:
+  config: |-
+    {
+      {{ if .Values.labels }}
+      "labels":{{toJson .Values.labels}},
+      {{ end }}
+      "clientID":"{{.Values.clientID}}"
+    }

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/deployment.yaml

@@ -0,0 +1,37 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-agent
+spec:
+  selector:
+    matchLabels:
+      app: fleet-agent
+  template:
+    metadata:
+      labels:
+        app: fleet-agent
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        image: '{{ template "system_default_registry" . }}{{.Values.image.repository}}:{{.Values.image.tag}}'
+        name: fleet-agent
+        command:
+        - fleetagent
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- end }}
+      serviceAccountName: fleet-agent
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.fleetAgent.nodeSelector }}
+{{ toYaml .Values.fleetAgent.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.fleetAgent.tolerations }}
+{{ toYaml .Values.fleetAgent.tolerations | indent 8 }}
+{{- end }}

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/network_policy_allow_all.yaml

@@ -0,0 +1,15 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: default-allow-all
+  namespace: {{ .Values.internal.systemNamespace }}
+spec:
+  podSelector: {}
+  ingress:
+  - {}
+  egress:
+  - {}
+  policyTypes:
+  - Ingress
+  - Egress

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/patch_default_serviceaccount.yaml

@@ -0,0 +1,28 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: patch-fleet-sa
+  annotations:
+    "helm.sh/hook": post-install, post-upgrade
+    "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation
+spec:
+  template:
+    spec:
+      serviceAccountName: fleet-agent
+      restartPolicy: Never
+      containers:
+      - name: sa
+        image: "{{ template "system_default_registry" . }}{{ .Values.global.kubectl.repository }}:{{ .Values.global.kubectl.tag }}"
+        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        command: ["kubectl", "patch", "serviceaccount", "default", "-p", "{\"automountServiceAccountToken\": false}"]
+        args: ["-n", {{ .Values.internal.systemNamespace }}]
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.kubectl.nodeSelector }}
+{{ toYaml .Values.kubectl.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.kubectl.tolerations }}
+{{ toYaml .Values.kubectl.tolerations | indent 8 }}
+{{- end }}
+  backoffLimit: 1

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/rbac.yaml

@@ -0,0 +1,25 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-agent-system-fleet-agent-role
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-agent-system-fleet-agent-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-agent-system-fleet-agent-role
+subjects:
+- kind: ServiceAccount
+  name: fleet-agent
+  namespace: {{.Release.Namespace}}

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/secret.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+data:
+  systemRegistrationNamespace: "{{b64enc .Values.systemRegistrationNamespace}}"
+  clusterNamespace: "{{b64enc .Values.clusterNamespace}}"
+  token: "{{b64enc .Values.token}}"
+  apiServerURL: "{{b64enc .Values.apiServerURL}}"
+  apiServerCA: "{{b64enc .Values.apiServerCA}}"
+kind: Secret
+metadata:
+  name: fleet-agent-bootstrap

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-agent

charts/fleet-agent/100.0.4+up0.3.10-rc1/templates/validate.yaml

@@ -0,0 +1,11 @@
+{{if ne .Release.Namespace .Values.internal.systemNamespace }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.systemNamespace) }}
+{{end}}
+
+{{if ne .Release.Name .Values.internal.managedReleaseName }}
+{{ fail (printf "This chart must be installed in the namespace %s as the release name fleet-agent" .Values.internal.managedReleaseName) }}
+{{end}}
+
+{{if not .Values.apiServerURL }}
+{{ fail "apiServerURL is required to be set, and most likely also apiServerCA" }}
+{{end}}

charts/fleet-agent/100.0.4+up0.3.10-rc1/values.yaml

@@ -0,0 +1,63 @@
+image:
+  os: "windows,linux"
+  repository: rancher/fleet-agent
+  tag: v0.3.10-rc1
+
+# The public URL of the Kubernetes API server running the Fleet Manager must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# The the pem encoded value of the CA of the Kubernetes API server running the Fleet Manager.
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# The cluster registration value
+token: ""
+
+# Labels to add to the cluster upon registration only. They are not added after the fact.
+#labels:
+#  foo: bar
+
+# The client ID of the cluster to associate with
+clientID: ""
+
+# The namespace of the cluster we are register with
+clusterNamespace: ""
+
+# The namespace containing the clusters registration secrets
+systemRegistrationNamespace: fleet-clusters-system
+
+# Please do not change the below setting unless you really know what you are doing
+internal:
+  systemNamespace: fleet-system
+  managedReleaseName: fleet-agent
+
+# The nodeSelector and tolerations for the agent deployment
+fleetAgent:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations: []
+kubectl:
+  ## Node labels for pod assignment
+  ## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+  ##
+  nodeSelector: {}
+  ## List of node taints to tolerate (requires Kubernetes >= 1.6)
+  tolerations:
+  - key: node.cloudprovider.kubernetes.io/uninitialized
+    operator: "Equal"
+    value: "true"
+    effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+  kubectl:
+    repository: rancher/kubectl
+    tag: v1.21.5
+
+debug: false
+debugLevel: 0

charts/fleet-crd/100.0.4+up0.3.10-rc1/Chart.yaml

@@ -0,0 +1,13 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/release-name: fleet-crd
+apiVersion: v2
+appVersion: 0.3.10-rc1
+description: Fleet Manager CustomResourceDefinitions
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet-crd
+version: 100.0.4+up0.3.10-rc1

charts/fleet-crd/100.0.4+up0.3.10-rc1/values.yaml

@@ -0,0 +1 @@
+# This file is intentionally empty

charts/fleet/100.0.4+up0.3.10-rc1/Chart.yaml

@@ -0,0 +1,20 @@
+annotations:
+  catalog.cattle.io/auto-install: fleet-crd=match
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/experimental: "true"
+  catalog.cattle.io/hidden: "true"
+  catalog.cattle.io/namespace: cattle-fleet-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux,windows
+  catalog.cattle.io/provides-gvr: clusters.fleet.cattle.io/v1alpha1
+  catalog.cattle.io/release-name: fleet
+apiVersion: v2
+appVersion: 0.3.10-rc1
+dependencies:
+- condition: gitops.enabled
+  name: gitjob
+  repository: file://./charts/gitjob
+description: Fleet Manager - GitOps at Scale
+icon: https://charts.rancher.io/assets/logos/fleet.svg
+name: fleet
+version: 100.0.4+up0.3.10-rc1

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/Chart.yaml

@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: 0.1.26
+description: Controller that run jobs based on git events
+name: gitjob
+version: 0.1.26

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/_helpers.tpl

@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrole.yaml

@@ -0,0 +1,38 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: gitjob
+rules:
+  - apiGroups:
+      - "batch"
+    resources:
+      - 'jobs'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'pods'
+    verbs:
+      - 'list'
+      - 'get'
+      - 'watch'
+  - apiGroups:
+      - ""
+    resources:
+      - 'secrets'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - 'configmaps'
+    verbs:
+      - '*'
+  - apiGroups:
+      - "gitjob.cattle.io"
+    resources:
+      - "gitjobs"
+      - "gitjobs/status"
+    verbs:
+      - "*"

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/clusterrolebinding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: gitjob-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: gitjob
+subjects:
+  - kind: ServiceAccount
+    name: gitjob
+    namespace: {{ .Release.Namespace }}

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/deployment.yaml

@@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitjob
+spec:
+  selector:
+    matchLabels:
+      app: "gitjob"
+  template:
+    metadata:
+      labels:
+        app: "gitjob"
+    spec:
+      serviceAccountName: gitjob
+      containers:
+        - image: "{{ template "system_default_registry" . }}{{ .Values.gitjob.repository }}:{{ .Values.gitjob.tag }}"
+          name: gitjob
+          command:
+          - gitjob
+          {{- if .Values.debug }}
+          - --debug
+          {{- end }}
+          - --tekton-image
+          - "{{ template "system_default_registry" . }}{{ .Values.tekton.repository }}:{{ .Values.tekton.tag }}"
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+          {{- if .Values.proxy }}
+            - name: HTTP_PROXY
+              value: {{ .Values.proxy }}
+            - name: HTTPS_PROXY
+              value: {{ .Values.proxy }}
+            - name: NO_PROXY
+              value: {{ .Values.noProxy }}
+          {{- end }}
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/service.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitjob
+spec:
+  ports:
+    - name: http-80
+      port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: "gitjob"

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/templates/serviceaccount.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: gitjob

charts/fleet/100.0.4+up0.3.10-rc1/charts/gitjob/values.yaml

@@ -0,0 +1,26 @@
+gitjob:
+  repository: rancher/gitjob
+  tag: v0.1.26
+
+tekton:
+  repository: rancher/tekton-utils
+  tag: v0.1.5
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+debug: false

charts/fleet/100.0.4+up0.3.10-rc1/templates/_helpers.tpl

@@ -0,0 +1,22 @@
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Windows cluster will add default taint for linux nodes,
+add below linux tolerations to workloads could be scheduled to those linux nodes
+*/}}
+{{- define "linux-node-tolerations" -}}
+- key: "cattle.io/os"
+  value: "linux"
+  effect: "NoSchedule"
+  operator: "Equal"
+{{- end -}}
+
+{{- define "linux-node-selector" -}}
+kubernetes.io/os: linux
+{{- end -}}

charts/fleet/100.0.4+up0.3.10-rc1/templates/configmap.yaml

@@ -0,0 +1,24 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: fleet-controller
+data:
+  config: |
+    {
+      "agentImage": "{{ template "system_default_registry" . }}{{.Values.agentImage.repository}}:{{.Values.agentImage.tag}}",
+      "agentImagePullPolicy": "{{ .Values.agentImage.imagePullPolicy }}",
+      "apiServerURL": "{{.Values.apiServerURL}}",
+      "apiServerCA": "{{b64enc .Values.apiServerCA}}",
+      "agentCheckinInterval": "{{.Values.agentCheckinInterval}}",
+      "ignoreClusterRegistrationLabels": {{.Values.ignoreClusterRegistrationLabels}},
+      "bootstrap": {
+        "paths": "{{.Values.bootstrap.paths}}",
+        "repo": "{{.Values.bootstrap.repo}}",
+        "secret": "{{.Values.bootstrap.secret}}",
+        "branch":  "{{.Values.bootstrap.branch}}",
+        "namespace": "{{.Values.bootstrap.namespace}}",
+        "agentNamespace": "{{.Values.bootstrap.agentNamespace}}",
+      },
+      "webhookReceiverURL": "{{.Values.webhookReceiverURL}}",
+      "githubURLPrefix": "{{.Values.githubURLPrefix}}"
+    }

charts/fleet/100.0.4+up0.3.10-rc1/templates/deployment.yaml

@@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: fleet-controller
+spec:
+  selector:
+    matchLabels:
+      app: fleet-controller
+  template:
+    metadata:
+      labels:
+        app: fleet-controller
+    spec:
+      containers:
+      - env:
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        {{- if .Values.proxy }}
+        - name: HTTP_PROXY
+          value: {{ .Values.proxy }}
+        - name: HTTPS_PROXY
+          value: {{ .Values.proxy }}
+        - name: NO_PROXY
+          value: {{ .Values.noProxy }}
+        {{- end }}
+        image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
+        name: fleet-controller
+        imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
+        command:
+        - fleetcontroller
+        {{- if .Values.debug }}
+        - --debug
+        - --debug-level
+        - {{ quote .Values.debugLevel }}
+        {{- end }}
+        {{- if not .Values.gitops.enabled }}
+        - --disable-gitops
+        {{- end }}
+      serviceAccountName: fleet-controller
+      nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
+{{- if .Values.nodeSelector }}
+{{ toYaml .Values.nodeSelector | indent 8 }}
+{{- end }}
+      tolerations: {{ include "linux-node-tolerations" . | nindent 8 }}
+{{- if .Values.tolerations }}
+{{ toYaml .Values.tolerations | indent 8 }}
+{{- end }}

charts/fleet/100.0.4+up0.3.10-rc1/templates/rbac.yaml

@@ -0,0 +1,106 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - gitjob.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - fleet.cattle.io
+  resources:
+  - '*'
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - namespaces
+  - serviceaccounts
+  verbs:
+  - '*'
+- apiGroups:
+  - ""
+  resources:
+  - secrets
+  - configmaps
+  verbs:
+  - '*'
+- apiGroups:
+  - rbac.authorization.k8s.io
+  resources:
+  - clusterroles
+  - clusterrolebindings
+  - roles
+  - rolebindings
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+  namespace: {{.Release.Namespace}}
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: fleet-controller
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - '*'
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: fleet-controller
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: fleet-controller
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller
+
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: fleet-controller-bootstrap
+rules:
+- apiGroups:
+  - '*'
+  resources:
+  - '*'
+  verbs:
+  - '*'
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: fleet-controller-bootstrap
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: fleet-controller-bootstrap
+subjects:
+- kind: ServiceAccount
+  name: fleet-controller-bootstrap
+  namespace: {{.Release.Namespace}}

charts/fleet/100.0.4+up0.3.10-rc1/templates/serviceaccount.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller
+
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: fleet-controller-bootstrap

charts/fleet/100.0.4+up0.3.10-rc1/values.yaml

@@ -0,0 +1,60 @@
+image:
+  repository: rancher/fleet
+  tag: v0.3.10-rc1
+  imagePullPolicy: IfNotPresent
+
+agentImage:
+  repository: rancher/fleet-agent
+  tag: v0.3.10-rc1
+  imagePullPolicy: IfNotPresent
+
+# For cluster registration the public URL of the Kubernetes API server must be set here
+# Example: https://example.com:6443
+apiServerURL: ""
+
+# For cluster registration the pem encoded value of the CA of the Kubernetes API server must be set here
+# If left empty it is assumed this Kubernetes API TLS is signed by a well known CA.
+apiServerCA: ""
+
+# A duration string for how often agents should report a heartbeat
+agentCheckinInterval: "15m"
+
+# Whether you want to allow cluster upon registration to specify their labels.
+ignoreClusterRegistrationLabels: false
+
+# http[s] proxy server
+# proxy: http://<username>@<password>:<url>:<port>
+
+# comma separated list of domains or ip addresses that will not use the proxy
+noProxy: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,.svc,.cluster.local
+
+bootstrap:
+  # The namespace that will be autocreated and the local cluster will be registered in
+  namespace: fleet-local
+  # The namespace where the fleet agent for the local cluster will be ran, if empty
+  # this will default to fleet-system
+  agentNamespace: ""
+  # A repo to add at install time that will deploy to the local cluster. This allows
+  # one to fully bootstrap fleet, it's configuration and all it's downstream clusters
+  # in one shot.
+  repo: ""
+  secret: ""
+  branch: master
+  paths: ""
+
+global:
+  cattle:
+    systemDefaultRegistry: ""
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+##
+nodeSelector: {}
+## List of node taints to tolerate (requires Kubernetes >= 1.6)
+tolerations: []
+
+gitops:
+  enabled: true
+
+debug: false
+debugLevel: 0

charts/harvester-csi-driver/100.0.2+up0.1.14/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

charts/harvester-csi-driver/100.0.2+up0.1.14/Chart.yaml

@@ -0,0 +1,21 @@
+annotations:
+  catalog.cattle.io/certified: rancher
+  catalog.cattle.io/display-name: Harvester CSI Driver
+  catalog.cattle.io/kube-version: '>= 1.18.0-0 < 1.24.0-0'
+  catalog.cattle.io/namespace: kube-system
+  catalog.cattle.io/os: linux
+  catalog.cattle.io/permits-os: linux
+  catalog.cattle.io/rancher-version: '>= 2.6.1-0 < 2.7.0-0'
+  catalog.cattle.io/release-name: harvester-csi-driver
+  catalog.cattle.io/ui-component: harvester-csi-driver
+apiVersion: v2
+appVersion: v0.1.3
+description: A Helm chart for Harvester CSI driver
+keywords:
+- infrastructure
+- harvester
+maintainers:
+- name: harvester
+name: harvester-csi-driver
+type: application
+version: 100.0.2+up0.1.14

charts/harvester-csi-driver/100.0.2+up0.1.14/questions.yml

@@ -0,0 +1,11 @@
+categories:
+- infrastructure
+- harvester
+namespace: kube-system
+questions:
+- variable: cloudConfig.hostPath
+  label: Cloud config file path
+  description: "Specify the path of the cloud config."
+  group: "Default"
+  type: string
+  default: "/etc/kubernetes/cloud-config"

charts/harvester-csi-driver/100.0.2+up0.1.14/templates/NOTES.txt

@@ -0,0 +1 @@
+Successfully deployed Harvester CSI driver to the {{ .Release.Namespace }} namespace.

charts/harvester-csi-driver/100.0.2+up0.1.14/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "harvester-csi-driver.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "harvester-csi-driver.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "harvester-csi-driver.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "harvester-csi-driver.labels" -}}
+helm.sh/chart: {{ include "harvester-csi-driver.chart" . }}
+{{ include "harvester-csi-driver.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "harvester-csi-driver.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "harvester-csi-driver.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Global system default registry
+*/}}
+{{- define "system_default_registry" -}}
+{{- if .Values.global.cattle.systemDefaultRegistry -}}
+{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
+{{- else -}}
+{{- "" -}}
+{{- end -}}
+{{- end -}}

charts/harvester-csi-driver/100.0.2+up0.1.14/templates/csidriver.yaml

@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: CSIDriver
+metadata:
+  name: driver.harvesterhci.io
+spec:
+  attachRequired: true
+  fsGroupPolicy: ReadWriteOnceWithFSType
+  podInfoOnMount: true
+  volumeLifecycleModes:
+    - Persistent

charts/harvester-csi-driver/100.0.2+up0.1.14/templates/daemonset.yaml

@@ -0,0 +1,149 @@
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:
+      component: csi-driver
+      {{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        component: csi-driver
+        {{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --kubelet-registration-path={{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io/csi.sock
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - rm -rf /registration/driver.harvesterhci.io-reg.sock
+                    /csi//*
+          name: node-driver-registrar
+          securityContext:
+            privileged: true
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+            - mountPath: /registration
+              name: registration-dir
+        - args:
+            - --nodeid=$(NODE_ID)
+            - --endpoint=$(CSI_ENDPOINT)
+            - --kubeconfig=/var/lib/harvester/cloud-provider-config
+          env:
+            - name: NODE_ID
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: spec.nodeName
+            - name: CSI_ENDPOINT
+              value: unix:///csi/csi.sock
+          image: {{ template "system_default_registry" . }}{{ .Values.image.harvester.csiDriver.repository }}:{{ .Values.image.harvester.csiDriver.tag | default .Chart.AppVersion }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          lifecycle:
+            preStop:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - rm -f /csi//*
+          name: harvester-csi-driver
+          securityContext:
+            allowPrivilegeEscalation: true
+            capabilities:
+              add:
+                - SYS_ADMIN
+            privileged: true
+          volumeMounts:
+            - name: cloud-config
+              readOnly: true
+              mountPath: /var/lib/harvester
+            - name: kubernetes
+              readOnly: true
+              mountPath: /etc/kubernetes
+            - mountPath: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
+              mountPropagation: Bidirectional
+              name: kubernetes-csi-dir
+            - mountPath: /csi/
+              name: socket-dir
+            - mountPath: {{ .Values.kubeletRootDir }}/pods
+              mountPropagation: Bidirectional
+              name: pods-mount-dir
+            - mountPath: /dev
+              name: host-dev
+            - mountPath: /sys
+              name: host-sys
+            - mountPath: /rootfs
+              mountPropagation: Bidirectional
+              name: host
+            - mountPath: /lib/modules
+              name: lib-modules
+              readOnly: true
+      hostPID: true
+      serviceAccountName: {{ include "harvester-csi-driver.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: cloud-config
+        {{- if .Values.cloudConfig.secretName }}
+          secret:
+            secretName: {{ .Values.cloudConfig.secretName }}
+        {{- else }}
+          hostPath:
+            path: {{ .Values.cloudConfig.hostPath }}
+            type: DirectoryOrCreate
+        {{- end }}
+        - hostPath:
+            path: /etc/kubernetes
+            type: DirectoryOrCreate
+          name: kubernetes
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/plugins/kubernetes.io/csi
+            type: DirectoryOrCreate
+          name: kubernetes-csi-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/plugins_registry
+            type: Directory
+          name: registration-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
+            type: DirectoryOrCreate
+          name: socket-dir
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/pods
+            type: DirectoryOrCreate
+          name: pods-mount-dir
+        - hostPath:
+            path: /dev
+          name: host-dev
+        - hostPath:
+            path: /sys
+          name: host-sys
+        - hostPath:
+            path: /
+          name: host
+        - hostPath:
+            path: /lib/modules
+          name: lib-modules

charts/harvester-csi-driver/100.0.2+up0.1.14/templates/deployment.yaml

@@ -0,0 +1,95 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}-controllers
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+spec:
+  replicas: {{ .Values.replicasCount }}
+  selector:
+    matchLabels:
+      component: csi-controllers
+      {{- include "harvester-csi-driver.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        component: csi-controllers
+        {{- include "harvester-csi-driver.selectorLabels" . | nindent 8 }}
+    spec:
+      containers:
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-resizer
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+            - --default-fstype=ext4
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-provisioner
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+        - args:
+            - --v=5
+            - --csi-address=$(ADDRESS)
+            - --timeout=1m50s
+            - --leader-election
+            - --leader-election-namespace=$(POD_NAMESPACE)
+          env:
+            - name: ADDRESS
+              value: /csi/csi.sock
+            - name: POD_NAMESPACE
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.namespace
+          image: {{ template "system_default_registry" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          name: csi-attacher
+          volumeMounts:
+            - mountPath: /csi/
+              name: socket-dir
+      serviceAccountName: {{ include "harvester-csi-driver.name" . }}
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+      {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - hostPath:
+            path: {{ .Values.kubeletRootDir }}/harvester-plugins/driver.harvesterhci.io
+            type: DirectoryOrCreate
+          name: socket-dir

charts/harvester-csi-driver/100.0.2+up0.1.14/templates/rbac.yaml

@@ -0,0 +1,75 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "harvester-csi-driver.name" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "harvester-csi-driver.name" . }}
+    namespace: {{ .Release.Namespace }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "harvester-csi-driver.name" . }}
+  labels:
+  {{- include "harvester-csi-driver.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [ "coordination.k8s.io" ]
+    resources: [ "leases" ]
+    verbs: [ "get", "watch", "list", "delete", "update", "create" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "csistoragecapacities" ]
+    verbs: [ "get", "list", "watch", "create", "update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumes"]
+    verbs: [ "get", "list", "watch", "create","update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["get", "list", "watch", "create","update", "patch", "delete" ]
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims/status"]
+    verbs: ["patch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["storageclasses"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshots"]
+    verbs: ["get", "list"]
+  - apiGroups: ["snapshot.storage.k8s.io"]
+    resources: ["volumesnapshotcontents"]
+    verbs: ["get", "list"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "csinodes" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "list", "watch", "create", "update", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "apps" ]
+    resources: [ "replicasets" ]
+    verbs: [ "get" ]
+  - apiGroups: [""]
+    resources: ["nodes"]
+    verbs: ["get", "list", "watch"]
+  - apiGroups: ["storage.k8s.io"]
+    resources: ["volumeattachments"]
+    verbs: ["get", "list", "watch", "patch"]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "volumeattachments/status" ]
+    verbs: [ "patch" ]

charts/harvester-csi-driver/100.0.2+up0.1.14/templates/storageclass.yaml

@@ -0,0 +1,10 @@
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:
+  name: harvester
+  annotations:
+    storageclass.kubernetes.io/is-default-class: "true"
+allowVolumeExpansion: true
+provisioner: driver.harvesterhci.io
+reclaimPolicy: Delete
+volumeBindingMode: Immediate

charts/harvester-csi-driver/100.0.2+up0.1.14/values.yaml

@@ -0,0 +1,54 @@
+# Default values for harvester-csi-driver.
+
+replicasCount: 3
+
+image:
+  harvester:
+    csiDriver:
+      repository: rancher/harvester-csi-driver
+      # Overrides the image tag whose default is the chart appVersion.
+      tag: "v0.1.3"
+  csi:
+    nodeDriverRegistrar:
+      repository: rancher/mirrored-longhornio-csi-node-driver-registrar
+      tag: v2.3.0
+    resizer:
+      repository: rancher/mirrored-longhornio-csi-resizer
+      tag: v1.2.0
+    provisioner:
+      repository: rancher/mirrored-longhornio-csi-provisioner
+      tag: v2.1.2
+    attacher:
+      repository: rancher/mirrored-longhornio-csi-attacher
+      tag: v3.2.1
+  pullPolicy: IfNotPresent
+
+nameOverride: ""
+fullnameOverride: ""
+
+kubeletRootDir: /var/lib/kubelet
+cloudConfig:
+  secretName: ""
+  hostPath: "/var/lib/rancher/rke2/etc/config-files/"
+
+nodeSelector:
+  kubernetes.io/os: linux
+
+tolerations:
+  - effect: NoSchedule
+    key: kubevirt.io/drain
+    operator: Exists
+  - effect: NoSchedule
+    key: node-role.kubernetes.io/control-plane
+    operator: Equal
+  - effect: NoExecute
+    key: node-role.kubernetes.io/etcd
+    operator: Equal
+  - key: cattle.io/os
+    operator: Equal
+    value: "linux"
+    effect: NoSchedule
+
+global:
+  cattle:
+    systemDefaultRegistry: ""

charts/rancher-cis-benchmark-crd/2.0.5-rc3/Chart.yaml

@@ -7,4 +7,4 @@ apiVersion: v1
 description: Installs the CRDs for rancher-cis-benchmark.
 name: rancher-cis-benchmark-crd
 type: application
-version: 2.0.5-rc2
+version: 2.0.5-rc3

charts/rancher-cis-benchmark/2.0.5-rc3/Chart.yaml

@@ -2,7 +2,7 @@ annotations:
   catalog.cattle.io/auto-install: rancher-cis-benchmark-crd=match
   catalog.cattle.io/certified: rancher
   catalog.cattle.io/display-name: CIS Benchmark
-  catalog.cattle.io/kube-version: '>= 1.16.0-0 < 1.24.0-0'
+  catalog.cattle.io/kube-version: '>= 1.21.0-0 < 1.25.0-0'
   catalog.cattle.io/namespace: cis-operator-system
   catalog.cattle.io/os: linux
   catalog.cattle.io/permits-os: linux,windows
@@ -12,11 +12,11 @@ annotations:
   catalog.cattle.io/type: cluster-tool
   catalog.cattle.io/ui-component: rancher-cis-benchmark
 apiVersion: v1
-appVersion: v2.0.5-rc2
+appVersion: v2.0.5-rc3
 description: The cis-operator enables running CIS benchmark security scans on a kubernetes
   cluster
 icon: https://charts.rancher.io/assets/logos/cis-kube-bench.svg
 keywords:
 - security
 name: rancher-cis-benchmark
-version: 2.0.5-rc2
+version: 2.0.5-rc3