From 119b12e979fc5fddc51dffe28993401dc9805855 Mon Sep 17 00:00:00 2001 From: selvamt94 Date: Sat, 20 May 2023 00:51:32 +0000 Subject: [PATCH 01/18] Add NeuVector chart version 2.4.5 --- .../generated-changes/patch/Chart.yaml.patch | 6 +++--- .../generated-changes/patch/README.md.patch | 18 +++++++++--------- .../patch/templates/updater-cronjob.yaml.patch | 7 +------ .../generated-changes/patch/values.yaml.patch | 16 ++++++++-------- packages/neuvector/package.yaml | 4 ++-- .../templates/crd-template/Chart.yaml | 4 ++-- 6 files changed, 25 insertions(+), 30 deletions(-) diff --git a/packages/neuvector/generated-changes/patch/Chart.yaml.patch b/packages/neuvector/generated-changes/patch/Chart.yaml.patch index 3c9048580..960e472b3 100644 --- a/packages/neuvector/generated-changes/patch/Chart.yaml.patch +++ b/packages/neuvector/generated-changes/patch/Chart.yaml.patch @@ -13,9 +13,9 @@ + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: neuvector + catalog.cattle.io/type: cluster-tool -+ catalog.cattle.io/upstream-version: 2.4.3 ++ catalog.cattle.io/upstream-version: 2.4.5 apiVersion: v1 - appVersion: 5.1.2 + appVersion: 5.1.3 -description: Helm chart for NeuVector's core services +description: Helm feature chart for NeuVector's core services home: https://neuvector.com @@ -29,4 +29,4 @@ +name: neuvector +sources: +- https://github.com/neuvector/neuvector - version: 2.4.3 + version: 2.4.5 diff --git a/packages/neuvector/generated-changes/patch/README.md.patch b/packages/neuvector/generated-changes/patch/README.md.patch index 7530294bd..35e302efa 100644 --- a/packages/neuvector/generated-changes/patch/README.md.patch +++ b/packages/neuvector/generated-changes/patch/README.md.patch @@ -5,7 +5,7 @@ `controller.affinity` | controller affinity rules | ... | spread controllers to different nodes | `controller.tolerations` | List of node taints to tolerate | `nil` | -`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](values.yaml) -+`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` | `controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` | `controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | @@ -14,7 +14,7 @@ `controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) `controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. -`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml) -+`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` | `controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` | `controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` | @@ -23,7 +23,7 @@ `controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) `controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. -`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml) -+`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed `controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`. `controller.ingress.host` | Must set this host value if ingress is enabled | `nil` | @@ -31,7 +31,7 @@ `controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) `controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. -`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml) -+`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false` `controller.configmap.data` | NeuVector configuration in YAML format | `{}` `controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false` @@ -40,7 +40,7 @@ `enforcer.env` | User-defined environment variables for enforcers. | `[]` | `enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`
`key: node-role.kubernetes.io/master` | other taints can be added after the default -`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](values.yaml) -+`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `manager.enabled` | If true, create manager | `true` | `manager.image.repository` | manager image repository | `neuvector/manager` | `manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | @@ -49,7 +49,7 @@ `manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;
if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google `manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` | -`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](values.yaml) -+`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` | `manager.route.host` | Set OpenShift route host for management console service | `nil` | `manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` | @@ -58,11 +58,11 @@ `manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` | `manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/` -`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](values.yaml) -+`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`. `manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) -`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](values.yaml) -+`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) ++`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) `manager.affinity` | manager affinity rules | `{}` | `manager.tolerations` | List of node taints to tolerate | `nil` | `manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` | @@ -71,7 +71,7 @@ `cve.scanner.replicas` | external scanner replicas | `3` | `cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` | -`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](values.yaml) | -+`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.3/charts/core/values.yaml) | ++`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) | `cve.scanner.affinity` | scanner affinity rules | `{}` | `cve.scanner.tolerations` | List of node taints to tolerate | `nil` | `cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` | diff --git a/packages/neuvector/generated-changes/patch/templates/updater-cronjob.yaml.patch b/packages/neuvector/generated-changes/patch/templates/updater-cronjob.yaml.patch index 8ca29da0a..2dc31e4d8 100644 --- a/packages/neuvector/generated-changes/patch/templates/updater-cronjob.yaml.patch +++ b/packages/neuvector/generated-changes/patch/templates/updater-cronjob.yaml.patch @@ -1,6 +1,6 @@ --- charts-original/templates/updater-cronjob.yaml +++ charts/templates/updater-cronjob.yaml -@@ -50,20 +50,12 @@ +@@ -50,19 +50,7 @@ {{- end }} containers: - name: neuvector-updater-pod @@ -19,10 +19,5 @@ - {{- end }} + image: {{ template "system_default_registry" . }}{{ .Values.cve.updater.image.repository }}:{{ .Values.cve.updater.image.tag }} imagePullPolicy: Always -+ command: -+ - /bin/sh -+ - -c -+ - sleep 30 {{- if .Values.cve.scanner.enabled }} command: - - /bin/sh diff --git a/packages/neuvector/generated-changes/patch/values.yaml.patch b/packages/neuvector/generated-changes/patch/values.yaml.patch index 1b384acb2..6989f032c 100644 --- a/packages/neuvector/generated-changes/patch/values.yaml.patch +++ b/packages/neuvector/generated-changes/patch/values.yaml.patch @@ -13,7 +13,7 @@ openshift: false registry: docker.io --tag: 5.1.2 +-tag: 5.1.3 oem: -imagePullSecrets: -psp: false @@ -29,7 +29,7 @@ image: - repository: neuvector/controller + repository: rancher/mirrored-neuvector-controller -+ tag: 5.1.2 ++ tag: 5.1.3 hash: replicas: 3 disruptionbudget: 0 @@ -42,27 +42,27 @@ pvc: enabled: false existingClaim: false -@@ -220,7 +224,8 @@ +@@ -223,7 +227,8 @@ # If false, enforcer will not be installed enabled: true image: - repository: neuvector/enforcer + repository: rancher/mirrored-neuvector-enforcer -+ tag: 5.1.2 ++ tag: 5.1.3 hash: updateStrategy: type: RollingUpdate -@@ -251,7 +256,8 @@ +@@ -254,7 +259,8 @@ # If false, manager will not be installed enabled: true image: - repository: neuvector/manager + repository: rancher/mirrored-neuvector-manager -+ tag: 5.1.2 ++ tag: 5.1.3 hash: priorityClassName: env: -@@ -322,7 +328,7 @@ +@@ -325,7 +331,7 @@ enabled: true secure: false image: @@ -71,7 +71,7 @@ tag: latest hash: schedule: "0 0 * * *" -@@ -343,7 +349,7 @@ +@@ -346,7 +352,7 @@ maxSurge: 1 maxUnavailable: 0 image: diff --git a/packages/neuvector/package.yaml b/packages/neuvector/package.yaml index c2a9c31ea..4180c0370 100644 --- a/packages/neuvector/package.yaml +++ b/packages/neuvector/package.yaml @@ -1,5 +1,5 @@ -url: https://neuvector.github.io/neuvector-helm/core-2.4.3.tgz -version: 102.0.1 +url: https://neuvector.github.io/neuvector-helm/core-2.4.5.tgz +version: 102.0.2 additionalCharts: - workingDir: charts-crd crdOptions: diff --git a/packages/neuvector/templates/crd-template/Chart.yaml b/packages/neuvector/templates/crd-template/Chart.yaml index 18e6ef19c..7aaee8aba 100644 --- a/packages/neuvector/templates/crd-template/Chart.yaml +++ b/packages/neuvector/templates/crd-template/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: true apiVersion: v1 -appVersion: 5.1.2 +appVersion: 5.1.3 description: Helm chart for NeuVector's CRD services home: https://neuvector.com icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 @@ -12,5 +12,5 @@ maintainers: - email: support@neuvector.com name: becitsthere name: neuvector-crd -version: 2.4.3 +version: 2.4.5 type: application From 71a2da69601e1bda0a9741c93ef52a56ad11c704 Mon Sep 17 00:00:00 2001 From: selvamt94 Date: Sat, 20 May 2023 00:51:36 +0000 Subject: [PATCH 02/18] make chart --- .../neuvector-crd-102.0.2+up2.4.5.tgz | Bin 0 -> 3706 bytes .../neuvector/neuvector-102.0.2+up2.4.5.tgz | Bin 0 -> 16700 bytes .../neuvector-crd/102.0.2+up2.4.5/Chart.yaml | 16 + .../neuvector-crd/102.0.2+up2.4.5/README.md | 15 + .../102.0.2+up2.4.5/templates/_helpers.tpl | 32 + .../102.0.2+up2.4.5/templates/crd.yaml | 1112 +++++++++++++++++ .../neuvector-crd/102.0.2+up2.4.5/values.yaml | 11 + charts/neuvector/102.0.2+up2.4.5/.helmignore | 21 + charts/neuvector/102.0.2+up2.4.5/Chart.yaml | 27 + charts/neuvector/102.0.2+up2.4.5/README.md | 194 +++ .../neuvector/102.0.2+up2.4.5/app-readme.md | 35 + .../102.0.2+up2.4.5/crds/_helpers.tpl | 32 + .../neuvector/102.0.2+up2.4.5/questions.yaml | 336 +++++ .../102.0.2+up2.4.5/templates/NOTES.txt | 20 + .../102.0.2+up2.4.5/templates/_helpers.tpl | 40 + .../templates/admission-webhook-service.yaml | 18 + .../templates/cert-manager-secret.yaml | 33 + .../templates/clusterrole.yaml | 121 ++ .../templates/clusterrolebinding.yaml | 147 +++ .../templates/controller-deployment.yaml | 235 ++++ .../templates/controller-ingress.yaml | 219 ++++ .../templates/controller-route.yaml | 98 ++ .../templates/controller-service.yaml | 97 ++ .../templates/enforcer-daemonset.yaml | 139 +++ .../templates/init-configmap.yaml | 13 + .../templates/init-secret.yaml | 15 + .../templates/manager-deployment.yaml | 92 ++ .../templates/manager-ingress.yaml | 71 ++ .../templates/manager-route.yaml | 33 + .../templates/manager-service.yaml | 26 + .../102.0.2+up2.4.5/templates/psp.yaml | 77 ++ .../102.0.2+up2.4.5/templates/pvc.yaml | 27 + .../templates/rolebinding.yaml | 56 + .../templates/scanner-deployment.yaml | 97 ++ .../templates/serviceaccount.yaml | 13 + .../templates/updater-cronjob.yaml | 70 ++ .../templates/validate-psp-install.yaml | 7 + charts/neuvector/102.0.2+up2.4.5/values.yaml | 414 ++++++ index.yaml | 51 + 39 files changed, 4060 insertions(+) create mode 100644 assets/neuvector-crd/neuvector-crd-102.0.2+up2.4.5.tgz create mode 100644 assets/neuvector/neuvector-102.0.2+up2.4.5.tgz create mode 100644 charts/neuvector-crd/102.0.2+up2.4.5/Chart.yaml create mode 100644 charts/neuvector-crd/102.0.2+up2.4.5/README.md create mode 100644 charts/neuvector-crd/102.0.2+up2.4.5/templates/_helpers.tpl create mode 100644 charts/neuvector-crd/102.0.2+up2.4.5/templates/crd.yaml create mode 100644 charts/neuvector-crd/102.0.2+up2.4.5/values.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/.helmignore create mode 100644 charts/neuvector/102.0.2+up2.4.5/Chart.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/README.md create mode 100644 charts/neuvector/102.0.2+up2.4.5/app-readme.md create mode 100644 charts/neuvector/102.0.2+up2.4.5/crds/_helpers.tpl create mode 100644 charts/neuvector/102.0.2+up2.4.5/questions.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/NOTES.txt create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/_helpers.tpl create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/admission-webhook-service.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/cert-manager-secret.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/clusterrole.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/clusterrolebinding.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/controller-deployment.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/controller-ingress.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/controller-route.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/controller-service.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/enforcer-daemonset.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/init-configmap.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/init-secret.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/manager-deployment.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/manager-ingress.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/manager-route.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/manager-service.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/psp.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/pvc.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/rolebinding.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/scanner-deployment.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/serviceaccount.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/updater-cronjob.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/templates/validate-psp-install.yaml create mode 100644 charts/neuvector/102.0.2+up2.4.5/values.yaml diff --git a/assets/neuvector-crd/neuvector-crd-102.0.2+up2.4.5.tgz b/assets/neuvector-crd/neuvector-crd-102.0.2+up2.4.5.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6d29eda7755245c5c7809e4a44210ee11452fdab GIT binary patch literal 3706 zcmV-=4u$a_iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PJ1sbK5wQ_hiMp0cMZ{is>#@p< z`$if`Q?7`jJe4C4AR>w|J`EzG6vKe>g9wG96N>Q&1WBVAib}E>jbltlu&+dp`;{aq zNl<1a!V%bu{!01erBs+y-X@SCk?8B&N3fx<9?9qj6q53E1oNIpvTXV9%b*twyclI9 zXr|1iev>wXyi$NcrsO9)LBp(zSE@_fLA zP&NXYXBijje>O)0u&W+pM3q!C6zEmSL0x7z0+MBnMrJd;`9co8upfj$|1Wvg4~D@@ zueAT0_CF^qN4aYU&}RRGe!pb@!+v<^?Eh=DCvc1tk~0N%?~P@wl+b$uzs{%xDuKZN zz4`ekf5JsVl)@M$l%Xa##)uJtFeieNF+&N8!x$kWQeq4=RUFg|L1B_HqEH5&$1_aj zj84=DCWJ}!yu$k4L=n$ZwWi>n7m4@+$1~2)wTrU4e#COAP`rKT0br_!jYpt;Pg%iT zYiyhLzucmOvl+4sg$z`7Ygf=>|NU?NmItBrsn9nAl23|quLyQxeBJ8i6h^F2Lf7NgNO<=+1 ziDngiuz^QY{xU})XpC^B?KzF$a9}>tf(Ib)ab zdrp{vFgik-xd+~FXt^7DrN_|gkUG+mTp~!GApDq*QKYC)+7(YIvRHz4c8n%eJ3-^y zsDx+ZOCycrllPjIrc;m^M$ZH9?F0%4W0`1xKxirpBx0^n1s9Yt?KN}lGl_P$dh*3= z8-%N=HU&&4OL;Cjmoi<@)Dm{Xa?nPjbJ+&5pZ`rqzAk(7?5=)h1JbF}a?*G^8UeN3N;XXW*`B*9eJ@9)F z9FdHSDWi&_40L=gd{yuds)~=#pRbQOXc#l)%1rBdqg+sRDRQR6b?FeogeY@91U6`m;PdBYK35T{0zC~)T_7JrzZrQ8f*A^` z$h1W9-X?>ZNTVn{@>K9VTT2Vq&PR%w*=3*1-xq5+%^8{wMy2|(qVp#zl_AJjE(p6O z2h%5MI?WjoVg`r= zRVXNFV$`yoU8ii@Io3*U%c2ZBXe5sAe&=f!c(faIE!W^o!0HR4`aro^D`1fDCJFK!Gtn} zwbN|9U1$&|>AWSBjX7sXsx+)wF&AR2?6gzgo&M3(;h#lw_{ZU&y5{gtMRWMa;h#=( zso$DR@aR#*AI$76KZu&$@a7w8((QEOEEBvM9yhDNm`G$atr1kc0xTaa z*YwI6MHbg|j)|mEP2V3VxE~8Tspi}$`vwszBBodoN}HvVaYm!dgvU3K&oPw|pVz$Cc=h}c28aT$RLM59`L!weN zoz|F5quq6}xn?W@EqDT2F$J{Y3g~J$_YFlGPylo>sAgl5im1G1pPErq!@w70;?(VW zbLw^%>Q=p4zW{MwE02wfYtL_e-+yeC29Yh?{+x`PUuit>Xh;TV$jDufE6 zRWU*_j;lm)l?Zop65>wc-AVk7rfi!#iLYqxB;K9Gcbbc88gfbIXiQp;`%AKwf!BrxFt3+5dSBbDCCs&DZy}3ujrS`ZU z4ZBK&n&#BaRU$m-N`#nY-%}OBG0Pe&5K8?O)dyvPnC|t;gA#$OI=J_$1Bt1u%37ME zL}Rwn;&SUfc3bYRRqBoc-cF9=GNKfU`eXgpnRcJAZRV$9KQ$g=+twDXZSx@)tOL~y zNnDeAZxW7q+46Dl=dt)+sq?+J>& zS*-2IuB{Q5HW62V)JC~oL#$2I4!+(ye2sWIq0_D5E2EgIvztA8D1K+Wrne43wS++X zTZuPG^Z{Bs;_})yZF8JflP7#<&v9EG7`5Nu^025S zQR$YXw53&@pWIjIYQu@;=;oBzV>mpOzwt(^75|S-hcFYa7;@T}g zXu--WqLw6~Tbj^01?W~71WQnMX3)?swAGO9f>DP(-G`vyvljlZqVq=eHZI|7PWUd! zaxHl)5x9Kq-t#s0xS?fIou*a{c$cX?rDrJojK^l5o-EMbDQCF( z-d0dtgB_v8cXWEZfLP|GF=bqzs~H#c5A(&n)hlGm*+30I`|FOf5iurFusN0Xlw@9& zc&tRysH-Brqzx!JjKaqv4O>Fqz0D3LKhpv z=PlCUbvxY16StO#%uSRs*02$aiWlN8d9L}_%~$5G25yT*CB4lhiW8gQ`(R(hJt|m} z;%&TjtVWHqDMj2CPo9vJOi_TIj&JQVh7{EW7v~4XSGml4y6s`XqcpxwR(Jg^Ru9p~ zmyeiA&i(o#{QBR=TJ!eIo-_FnBSVE-cy_0MyLJ8#ObzeP=a&WHTz#df#VmX5=GD=z zD(dvVNe^GKj%_@7N4;8>fI*R6IxXv@Wo?Ca-=xa5E$Z%&gj2&?VTp(4^X?N)T$9CP zLln;PzM|zl=s0knX4ov4$7Yiqjq!p^9=rK8jkG6gLG_==5;)R6-Sf<6SA$(b zQxvf9l~3(sk;2u;U`1T?JhOGuuqc#oFyd1^;;2=c_ zNCdkCnu3}kWHd8B()dFEmx6hsit&m#A}Nd!V$2x7#26HxqMD(A3#w*@!)ih6zwI1& z-rq4IxkN*xmr=`ej1w+!W7(0ukO>~=kaAdx}nF}K`&--j z^DzKVE(C3f^<^!K1QiMid}6xSRLsamD}Dc zVQyr3R8em|NM&qo0PMYcciT3$C_aDdQ{bnxzdUM6e!EBa^xW&(ZtK&;@v@!v%$hYT zhDb<4O%WUbl%q*l?CpyUq;+*$T6=_7A~D8nS`f#?7A(@tmS z$IiC54gM4Cbas!#&*#pX0y>MKk9t78^s;WSDdTADtVUQ5gg8n*IKRe-jxqOU6ryB; z1H`=Hgj&Sw_+;Fj>^Q4va^-pob~{J9r@NgWt2;_jh#*6noN05;vV0l~dV~q%h$N<!x>5r;TJRK7=J zh{GOWNgNZ(|4$wT02GP)$j6-V5u&J7BswDr^^t^Sa8)QuyfVI<)ksOav%TBd?(F`M z#ERGtxc)OdCNNA8dk6tg&;NH1b`Fk;{D1%8V8j2{@jL^kXaJLt12z6~U1pQL^$gsM zFawwY2>yQj=CwB@d4TCHJ7`Y_ZIhlfb~0zffijnEYuV#evT2ik4h@o_skobHWLv44$%%KErQ0q7VSg72RKboOS7e8 z-zQ1L?M2?g5l1wFVGlgh2!Q($ihvM+-WW!3h^U~RmY{-cgi3Olnn24+Uyw!+1W~Rl z_CTxLTSY14Q^X4_$1@;XEx`gQ2}48$$)17pfvUU(vM=Bshardv7lW1J*RtA^od>|y z5x~dKEdUs&kfY&LjfWB?S0oH^G<+8akSipq{l*O47=E};=n(b5PWI+q1Sb%OqS+qU zZUKPDaHy+L6cdIy5ksVfV|R=xB@_jgAkX@xaDqc4iNv2H$VLJjMRACI$a+A$4=|&N z6jA*o7$UCPX8s5TNr>o$Aa4tRm|`MC#7PJlOJ9=UHSD9%kR&F-afwbSn)JXw{wZiU z7~lwVO)*)ROl{P#g`f6(Tqqo)06EzCQba{6xxCUCjgc2oFbG2##(2 zPPL)o-yk~fr5^wY1>)Bzl$5hSh{53g=$|Z_R7@tGoh4)weN z<|JEgT9shnx0{>GYe1rKx&;^kC>RRnNXIymHRY1jg;AhaQj)D82Ri_E{hs8!d_+ky z9O=)3TBbe^tim!6n=|nH+25;SI|^wQ#~A75nZIVnv6-EYX@EXpL4x5) z2=Und0DT`Z_J#!6LiE5Dg2A5@bMyvAQzcb6p>T*KpHt<07(-ukDERM$qF-=`u1Aof zN+gtMGHen6CQ6$>?b&9PR=@AiRDkb^8QQr+3a1#2vzM_n)ohu|wRVy)Em||NO2*?P z5=~(eb-<-GjYK&qeXoz-oPm>LSp|lneCLyKOd=F<23}ZlatkmYMv?ddqX3|2K&X!> zcnNMqB}6%h5DKK)GlCNYAUL@IWB}T!eWMhZQs>j|yJWa3;G{``Dn8}ABvaY z85k!_ig(dH2FJ+mvT3Q)0$_jw%|R7rV<^nRloQ&#P|V<8(&FHaED6q|p%59m1Xh1# zY{tp6G+Pn?-@LoN5qL7hw*Vd(0Agfy)wGWOlnG;_A4MMGhlsZ=cAo++_({wY4RQ3LqfzSQB~%~!cPI+H zm=aEW681n_a{jhe{~2)C&12L9-L#J2-UTWaSDag3HIrDYlUW6+RXGP{NUpr>DoC$t z`PG=!H)Qs8QtScRY9h-XpxJ^%Yb?`dN;Sbzgh>-LV=1!ehNoc>QW|Bj!?|VXnn34ew5sonT2Se$| z&L-Y706Lvc`UfQq3x)xV8x~Ql;vU^P?3)SnIPq;B#~7XN7_`{d<`^l~c>Ib^2Tw$Oqij@YsP_AX{(xSsRwO5@)S;5c4|yVdpx%BDPk1_R{t9=IUduZl7gyC)rno|tC^{;3S%r9fy;f)|G{ zLQjCdZrmp;cb|x-Wj1XJ>(6WgJ>2rsE!3?(=b94BMah2_rp@QQ-{67-=#ofc=uI`H zNQu$%z=;YUI9HrBBry0HhA{HQt7^}=ppSGWW;{@Buyy)~!@}y31w8@U>ucCvHiO#& z>-Ms6JeKq$F^}3Xj+y?e-D+apJOgjw9Re(&C>?1OO$15Bx>Ea-V#*Y)n^w-2DNceJ zCQN3&Sf)$CYyp{on61z^Q07av%E}w4F;G_Cma3y_DCwEXAsLo94vE64 zTHjINapIvU5W^|?1n>;~Re$9+Ow1Y3^aBiq1CQaMP^`uDnPHoW_Qq3>hs;xNpMWxv z?rW!N*=#j!h1<0>iH_MjCN%Q=qL5>9rDP@;K^h=QWF@a!0JQuG%G6S7`fSBXOpy6l zDY{*JTgHEHC=v zvUe@~%B5dk{I2C+!2n7uV2&A<*=sJQ@OU%u%e9f5R#F2ysnSxaw3QaNmRf4TN~=UJ z+U^9>E={7Y4!~o?ziYLMbKIWa#kuXA*ZDbJoX?KA+`8Liy_Q4mqDjQ@7%3JbF}>Sk z(yW)^!h!WuBi|>Shlq;)@P;5&=h+C4HH-|X6GDM@b=de6lSVKoCh{L$4+di_qrmP_ ze?-WgfT37vX7{yx8d#r;?7CR|vBOK^ef_yhWb;%W+NO8 z#YZNE?-)h_>$P;RHK$~tZQNY#5<+a^cLWy`?ErA`_Vn!i<=d;9pT2t`Y(<}kV2C*I zy!4O}5WTumCviF#>D$krfk(h!j6{O#{?z{1VKMSMawq&B+yCrD8iUX6^c0LGuJtSL z9`zIa(janvSwKSoVGALHIT}km7>7Jz9T)^+9FTmc|M=V%EhB$K((RA$G#BN$>j+c3fTr9M`XnjoE26Z;c#f27ndIePZge{PeIP5g#rysskA z^HvLh>$9sr&QBZ@uyF$w&`aZ|W~1#{HY`F+OdPxBWQLtJVo{K?6Z!M88SfK$T=M_@ z2!%1Cti$7#90i*x{|}1ie-93~H|M|B@_hW*eFY|X+*5Wj4w2wfKM7L~`Xkf>uex&C zbYHd3KEy&z5Nt*)aAAH*Q7_Mpw{$sAM+$&;c8E+K(*R!fT^`Enr~~JME2R8Vlzclu zlnOoKlQ1G89~|zkG0~p5= z_fG3iq@c_4T(lwj!9XARP#Exxj1l-f^#-dR4=@S?1|UVs7)1e)XWK9XFZxqSjnj*3 zQC4tXA$wkSTIU0x&*ds0smxI4VC6f^m5;HHl$QZAArg`>)Y#S#SCq;V7!Oi zO_|C9jfgI!pZViE*@50q&BxWkGo^)sk`omfuDQ2!BN$U0@d0Rm&%Ezhy8unKJI_q3 z`kkAB*3gP2qYw6qVU@$H=ZY#N4`bC1u`JiF?2t`w^;;js2A`y}R7l+R4{gwX-=23( zW!R{rneX)=zc;5QowH6I?lgzUorgLdo$0n00+1W)cKvugHnV+#k4yfiejiVJc8rd; z;NkEY@_+mAups|;cXs!7Hu8TRPa%)P9gcz?xK_j68Y2!(tYz`6F`M{aX`<+II@v~* z^54=YP|X=L!Lwv(GX)*YucPV#BTLKBO@R@jn8RVAgzl0kB;>LRDWg1%4ikU$fUp+K zt_&R_ektGXZfEbaE$^EX6F;a(<06J~e_C#iqD$4X3R&(vE{x+|l4!z9%xY#R99+v#3b|qAd0sPQtvI7KV;txxvL4tuI@sMFfoEVBOcA6^bSLTm zg?t@7MCcGk_}}>e9WR$J3A2;qbl1fv<1vXY@*KNkZTSU}+)b9SJa>^icsmMZUYaBf z4oy=59%2qd!0<4V*??L)sQ^HckK+-dV-#`OA2Eln&_H!}NJ$cxMp1=U*>f&q$Ma$N z&H9C${9pM?WhnD1(gDrj|NBP=dj-?Vdk><&rUoqD|U%s^4 z+^cCbB3z>N(%JlfEZaIBCt7 zKaIIvnocQx+9_K)K>ms~ZRBhPT`MJwyN3q+8Amn4$k4?Hv{UzuVgf`y2g#9nVJp zH?4o067XlWz`qnbfP_f;g!EYH>9D5&7_M4Fsh05<*|Ni;PkraLQ%?uhm@XsFZDR)Ol(Vq~H^n?t>G8c4W+E*aYnG&?^-Ci5kLwp~ezrS?lnKQ@B92Zt;f*V3;J;WBY5an7>T&WCo^#7Z%* z8nOH&n^|w3Noc(={G%R6lPJcTPw53nwY(y&nDUArD^aOKz{)X`70;y#twqDGz9c4g zW}B>hF5gW(E;#^8B9puDDyxvc2dhFNRMef-x{Rl|Ov3P5u3~FAieEB5<2fQbE5Xds z{Zf*ptWr7uQUw`mV3aV)+b|`lE)%C*tx=UU6O4n34X)o(xvla_PUSf;q3pP6qvC6_ z+*k$syHt|Hq0M_hdPV06i8%Ve?Nt48h$c8h!(5Iq_2f3tXS2|>xKfU47GG8}U3ojZ zd7N!EwhXH&fIRmXJ%Ry_5M!5=^iiG==tIVX&7(736kp450>~Y2yL=pXMJv^ZCVkQK*^v>7`>X#m7ee z>iFX1x3jDF*Vk{|gVo+?*H%2ctf*(Pg#7u>gofbr=k~0%QL7in6TeR1&0lRciv}k* zSFhh+o?Ts^U*Ehxd3*88`L9iAQHgbx&48kbvC|w@LL-JTAz?B`Z-iJVUFA3yZ!fbH zVD^2{_M_#+#FIC<6+Q}H@iq#l#T!_hvrT6ut0Zp`qZx_K3Vqkx3#P%lJ+`Kn>}+pq zYEouto3E*SayJL~Mqun5eKY1>Hg|NkJFieHKYt3syNJMuFy4(R@trM*58i}?OF{SL zDI+I*^=X+F5cj*v_H#ENKY41sHf^KEkj+lDX)C;bcm;NuD_GQKUB*IB{K{p6R1Zt~ zs-jzuvs>4BC99@Jn)Y}>l2#(E@@X%Kw9a|C3Z&~~Rnt?K^O3+n>n=8UIb<4+Vwy;Q z)x(+Z%iLq??8}V7T|-}B#{qkhuBa5OEA2^XzFHR%{7RvZF7t~1UV7y;MT|qrFG+~~ zX%8HS_i$=1?^AruWrh~jiW)oJ(&2JFjuB;;aTM`CWHaje+gyiz@v7E<7r^c7bHS%H zqfO@7_X5aayW|-w3g`J0%d|`$<%%P>)xfg~#R-vJ!P^j$DPIIsrR}+O2q9GEl+GK9 zbsDFGTYB|MgsYLcRnOS9@N^aNt-`i%sF0PRi^9#|)@ZRMu%fJ$Sa>$@CW>pRm0YFS z&CLR*70L=~xTk_c+pC>xIknNNQ|W5Kuqo>fSW!*%W@vCRC4V8GqkNfOucUH8cA4^4`ZcjfgQL&$Y zNrKa~4?oL3G~U<``g5k^7~|+TyWPP(Mn#IQWXJkZW0PjY|Cn^l4|x7-=U{LDsC52o z`)CvYvyNwW{7*T*Uyf;&a)H;dmYr1v3q^?E6MBcEVJX_uTpC`-C#0nkV>7$wh#{hx z!cH|`-%Q!UY9iKMb=^E40DVH(^k5cHgSs4A&Qq09D6CeZD5rT-0991L#osqFecdHR z1NJvY z$`@bt8oQWhRp~k^i>0-QN`0@U{s09!=BcBuLS_?xol?J;$8Sl=pY~ye3%-^_Up*J7 z?fr6E!hE3TR2^!8FT~PnAwmjMbq>sI(i`pZsH ze<`xHrF57LQ(G%j+c1YOmpLq~SUFdHUccH|TEB|m5Cvblf@M1KP|T=Aq;HEGmAbz| z9cwo1Wt6NE^yL|83FMrdv{Zj-RyqUXDtT#T=U2r{OAS1ZswL4_!dJ9nU2DVN*2~{E zT;dDo5=-h_#pOSjQ)_ec(~M`v{x2m7U-}Y&8TmgCw-0uU_rL5PZt{Pw<@s2ZDcfT?S4fo5&h)3B9AcJy%?(z@{_8}Dvr0}D zaiTh#zcH+VQm3ezsc`m9Tcu*$(A0`TZiKT{-kO($f*0stb5(9rgd(3#W8Qu_e`OR5 zQTydA{V!iXEFM6u*6ThNGF54ttbXk}9VTD*O3rz2zWfDUGlI>QcLM;cS?oE&yVv|c zYIpN2^cw8vUG@z@HDLlxK{aCub=n4N#ku7+;koLrjBABrMv4b9_z?8!>) z5}chy;OsPl^X{|?P7+vf=D31-w!6XHY+c-bSz`Xo;gM-zZhs~FDvn#ms|Uk9iJkYG zyCz?5B<7zni#jJBVk*t;5}4as`zGdB?RZ(UEuCvSX0EC68R)&8;=TG0JF!wl`Qc{P zJhtTg3jVh@w@O3inq1otKDoX&YsjVlqi8^=kEj4W zr2&u`Sk6za%pz4-Eu6P`HiQyZPc3J&a}h0xRO=qB~;CiQKhz&DfnHpKnzm;_0Pn6m}_ZJs8IYSN=8P|c*` zm!3Ygz9(N$^3?i{Jb~1yJG;x}PTge0oCS815%V!KV!HWyEx@vhk|O?kQWUjT!MD+Xs7xMgQ;i!N&i)mZy5d%y}1{bC2xAWUQ@qyy{f4Pd@-e zb)fbFsEjtEaON7={Zf{F`c$re>w3jy+nBZf5BG}azYh0~b~fvO9Z&W8FJInSu|Y11 zeO)Wx0~AI>1irgN(=G7b1cspZQw@zI6OfI3{3t7d&!2nX6Ucaogz*XV5BE{z7x!Zx zQ)O_if2~%n=JM~^>;K^BupIxnzmflIc?#>ls8N4O+rP~&|2C8ROS$>Gd^PvZ0vovb zUN5zOn+K(y#kOzFWP8BfTdRpRY~GfvRnz=@Hy@X3EporF0kX*6t*h=bI4pMCv9tCf zXgvC5!|5zsbjP{@fJfZ2uIMdIqGR@sA!-A!*c(pEI=k(FRO)WCeRCJ{T5j9i;5cK~ zJYTG|XAh?d~0H?7ww9dIG~JsI&n~BCL>{bcT)iR4#qFNBv~! zdmf53_)5-URIsrnQjE?7(Ik^-5lHh?fW?{>8UKpK8YlLvujppI_4)g%Fa~p`=_|r{ z_?(@pkXm2)J>8l#oj*RJ!R3z?`7OQApI0LP>-4{s zB!8T(|Lq*^?ics}j&}Ao`rkU9k8|XIOpUUyIu(>zj$g{wK&|*$_tGRdsBz7RVj+RS&oG3MkLdZOldYxD+OMs`imL&T z2T+Mlp`9W*9rod_}~4b z{lg9aU&mA6|HF{ahl(yKI|L%I9(Y_v`n^r*FV5HpJFDDc4SF;#yIMM zZ5^TXp$85R4)zXovGdE5d^PLHe-;d&2%Ute2cBPvx5v@+xfB_%ag=S0t=gi}KU{=_er3UNsNE7-z)v zGzXABGly-funjDV1!e`y8dx6fnIPKN1rmm=T51W)4{nkzI3zzS5MS5GkPzvU@n&pl z=+QEUyqux+y=O`PFXVGM>^X&B2mhqiXM_heRrxn+-6K6t{cqy0Q~%r9-!9t!`$v15 z`+wH*IHJF-05UNX&I zisye0_c#21Jx^g>3gt27@!t`DAM}38G5TzS&>8EsyXbbG)#hGJn?g>M`H% zWzMoMYtAh`!J3lek<9Upg7notF8z=BFpAc9{`>Iopp^gR=y0?DvzDi5mrYPd5C2zu z2HZ^WFD(T)Gs(YQP6KP?SeE!Z?=Hv=k=tgqRnrvEZh<*Zndj-c)G6~kDD{+LLu||+ z@DO>Sna4OtZlf^YVRC29MNU!MfEGDaUR8ftToyZAUJ2ogJYb%ip^F|eZwTb+95l}{ zuB8u~&w#ezfpZrhTkgQQjpvL*=jEcMgXig-bDnkukDST8X24aJ%yOE|48QA>H`U_3*$~?;}$RRtEVvm(Z)@lFe+==VR|GHDO|91{H_WxQQ z$Nqonh0N^!2vzB3ZLP1gXB-qTj>@uGz5{YCl@eg5ZY zXTNy<^JsSy|Gl2ap<(OcZ|eWs-C2eI{c2h)UJ#^claDnD2e`? z^lKfCW<`BzNhg^=Iu8K;BK@13^UwBd<=uk7;Ti-E_aG>{2=hd> zRmcX(C_$CcW_srICxU9XUeU^$$56D|bUGJ-+rc;oHV$0uF`2`o1!}!oU|!Fb6SW$q zdLR<7E(S`8f>o-;7(Qow3|+zhBra=83* z!0DT-Vj#===M3Hr{B!xDCI1{~1=a<;q18fQA zTdkRCa!NUT3?AqvjLJ^<2@Qca0p9gIQ1W?LI0mPkAt*TJ?Oyx&tsoKj;rqXP-;cfTgPZSv z>wW*G_x<(v|Gs_R{w$v7;Q5I2nDx4LC-vm+!Wgrz-jMC4>I&;tsVm(qRDgAz&hO`r zfpy)6X{t0W9BpxEa@nAJ=ju#6t{mrTXgHoUlEy7ifa$7w8K4CLfpoX97bk z=BXF6*uxRyFbtP*0?qXQ9u@q*yW)Qv|Ia!etzZo~coCuqya)-oOJdNji|}oOwiU$M z25s^GmoLG#D`{ADMghycOgMOvR}qgd&$U{}I=?{%+WC9~-BPB3ELYP2;t;fNMo8zL z0=_~P1OzeJ)(B1z;3HJdR{)ML&(qD;4!D$T6a<(Fl)>foB?CADe1w_u$$&l@5Q^me ziwMaRGwqZLU&4u_Z2fmeC>-NqL?~Ku8#CAc&OyQdySKl||F@p!8MuU;BN{Ql2~fii z?nfvB{RD?%LW3CkcW{VUr}Yfnh?&olSZ4hJY=puPh!w7a193Fm0u+Ui;|Y?fGp+Y9 z3R=%VgoY}?+KX7GpGARkhy8yqJK${;P63HzO@R`K5d|TRP^Z;7y?%eq2}P}E;Dn6F zBm#e&T!R2p*6Iu~@5+A_`mIj?-?S_LH7`cPuK36N$tF=Z1JsAUV0i-^BG!7Oi7UVd<#Gjp?mP$r@?bD%J3F4nj*+i&;ddl@M(~_^Q06< z;JJYGJgabrV%1^sQ80#kNCV)LaSS<@%E>g<3K-(x)~CTe>W>JyGkVRfV5Bmc&z8__ zrX&G|1{s>NK~1O;Ax!YujI#O;>6XAcqr5`&UZs`V)$u>(+ zJKz^W0R(q@tV{3E?iL^v*jHE^eQ8V7pQg$Zrhwc>1`1%RtYGpT@OP2`HX=zF07V5| z!4xL3G?TZ$t#y0%t;G1&b>;T05F^6=7J?+4YC_3NR}&RC+>*o@kT4|of_PlE8e+!N zZmYuLbqpySBaSEoWFS9V^H~nPz(k>}Eo~JXDCY8|sSG}WQ^b6VWoP7Hs^}+hK{#S9 z&phB0@I1#~=2z=Bjj^}|pTPM*Pj=A}9D%nnimt`SEjh=ew#kVMhytI$t(;r8;8W|? z_@D(4*9tY?MJ;`+I3}_theJ_GdX@o)LpkTO*i2yVyf&%(1O#aua#@|Av8ev`?2XxN zlg@QfD#D>GQrz;%nv0V#)NxXF1z~aIJ972&@rghH50DsENX4?1)~L`LgpMMQD`N(X zN%0BX3Mxr>F^luyE=d54why$rFQLRN*2#K-i zNRW$V#YS-V;IQ}M!-o$Y(Uq7Yh9V9y2V{ciJ;fZUwVBO2xyU-;Q=xrx3Z>9`dN}11 zxZNw_Y<8mM;aE{I^PZ*K*t9fDEdb_lM4{32%!EvX1;8iJ=?IKjOc4yMl5&j(crZXz zbURY{I&w`|#~ws0uQ8L96GeeovRtimRjLZlG{RSaI1Yj=HaJbUA=z1o$5;WhdXxD8 z1@w=f1q_A|Kp)^Z7X8B!_=jeFQ#cO)`NB9OhnSC&e#a+cD}pq0BMQ0O=4)s=8p%{+^((;3P>@}!3r>=iR8@vBp4!I7{*Hy zoTepymL)o1TMd~s?mOTL`D8psQGfyy8onz=`gXh6R%ws6&{*kv2fRrb2Qrn8`YKwM zx{7tk61+x2)}nFDr#Z~r6CsUIknBj)ORTS$1e#PGH?8t<2CnLsZ@U5piYB7sJ0=f` z4se8o?4MvtB00S#kYa&7D~J{e?jQdw&1x9=BSaY^PL8OxiYrwL2z@C;fZ<^Tq$o~V zbyft?iCDftKoMgACTbx_r2qw;0ztCGM6PCIlak0sMM0TJ)$Q_+lROeCr(#x->*!*c z`4?RM`9E7~ma8N+GDl4jA1m#TTPD9q{kg|sDD?1Dhdv(w2pFeQOJPF&p5Oolq9?$>)HV4?X)Ti78bApXP;z3m zCbf{9m6|*%*AOQLN{u+R69d^G(quuO!0pbjxWxSbolx`(4$<`pQdBn=1lbcNK$1bO z=Y#?#mW&U>aH^=oFcHh*SOAylnScaeNrM6wSuD9gMCiMco?3;~8kE-dqz*hnx~+j| zi^;ak6wB!;V(#6cX_X`_pdtRP!lKk3C(_)hfE;6!lUe{f$=1=;+4YTdzG_WNEtFa) zFweq-D6|uV=LKI0zLTkG$hiwHT$&lobaZtyg=h_Zh>0l=0tzTLKU6@ks3Z(d*9 zHzr6vP{c&Mt7*RjE(v2;nMI885hclRv;|NwM8fLQ7bOTZt?#wSjtJ8#F|Q@LC|9R| z

b6&K;UI0egA&#;BoUPRqI2um$S`#+)r#HRo#)p3K+g$#Jf&F`No6Xp;8IdB=qD zi`fXkTv2}nv6>=!Lr+<)jnE8`U~00;$?^AQPSDufw3xc^={@a3~Uha)SB&B4AvJiKOD?!IY=Er@DaDwH@nA>QGqYo*-d~B<}>eS0FbZY;0b8~s! zeq66|jwC`84XU+XU0@ll*MR6N?`Z~+B^=Q;sJ&?y=hb_QonJujP1|0v;#)N?jTGMk zQjIiURZFsi#&WgL&PsLO3IaTU&Rguos+8WEA)J@6Gqv6YHQp7Y_+(Vx)%NT0blz3; zV;QAawf?wTZ>b|osJ*H`53l!@aGs_3x+^@0=38p&38}s%+@7}XTSE6ymERIJ-=_9E zC%>ae@U$4OkGn0##|)ki!@X+w)Pr!Or@?!kESGsKe)4T|4iz0UhOwJ>nAjOBz)_v; z5>)0m8Zy1(26d$F8yIIiqoSn%a#)I9&7yn-0semc=C#rDl|h=1`;&8SNtE@m;tF(i z6Af^^LsLax5JOChSeu~QI^LWH-r5nLX+>AOXIi5^+S3$s0W^`G1yBzY=b5&x5;uwOy=%>oXuQ z2v7jvKp20@{U(FHEJWvzhD~R~6NrT^1iZF9eS@+!lU#s z4QAjrb!r=gILUjy@jy#sKO{+D;!7#p0xa=I05TP9xCM^K@ZTib0>2V63{k$vp#@Pj zg$M4gW0q@vOB*vR4P#-}U<$CHuZuos;QZ1xkD58*i`YCi^I6(;uK-C#>XV3(5ZQez zP0YEy@>P(FySHV8z9F|xvFi<-t*OGlG6$=3mUqg?Jq`b3DgoxUC=KPFkU?o5W;N)Q zPqG&6k;Tua8VF0D=uAh!WPB}}RWyl&DIk-*d_#E)MTckajHBof4-mA>HRW*^r&}Q=b;aK*JV5| zlI9_g)4DQ#H}e8iC+?oZ6X43FF1xR;UdWNb%C&yG4Yt86@xKz3<^_-UpVgTH0NA6*8OU8IKE9S`y9IC22`ome^56yr37_kpm5$8Co0Qjg2sd+ zou|j7%)tY2a^5{TmG?>w_2y9|V-I~8sc~l}>yb>s11SP=!bZv}R)Dk2F0LV&Ux_hY zd~_wI*cDrqF-TUcG8MOs&Z*8+-441iLoHn_*_@&3#68BE(sM}}Qs6etjI4`^IhOA8 zt4vTf8@^WBv|`10;LZ>wGiPOqq-;a?)vF7_(W_TInMCStPt78FhthL?Drb?E<|$2G zq;1X|YNl7`1G~k%9~mUIp#$j_ z!115g`J80AuH-#YT9X^#%rG%orw-$^K@xTG9_de@QbL*c%`%XX3b& zx%e~-M3-sZwCO?vm0lCs3_YhaWl#-5qEam?EyITp^ha5)G(8ex72JBBT-0d#ljPL@ z*h+u?^Av=XbAZms|9iN5v|G&od$_y5 z$^W^I=h?Go;3|o{8zI{+DdEVM`skmSk4VD72^q(fj4?y4Ru=dapb$^Qx_~mtU5KQA zHu6+vNRwlakuZ_Kq&qMZr7~GIV_lUsMqaBU-kGKa!U;N|8D4OZ8r- z7(&YJD`m%PI7Jj3S?vrkMfWfaJEmiRp@?C*+Z{j-6%?xrekr$Uy3O6OyKfYC!94JA z#KWlqWpYo69$4Gya<`Ntm10unRpuU!vNi??@`P&kW8G1~6sOWVVjw^R6fx-o4^YfU zoh+MS3PB$(>$O@xfS(f_1|S{@22(*#iS>V@=nh8=#9=b@u%drzUznn;AHZ=c+4R1K z=vYkAMA}%ofe;DpBZ*Avcob+u*1CN{OBRblumoC5EY|u#PQk(q%i$j(eoyG#mYG*7 zwU#}(#w5a=$i!9RQ#RLHKgfheI0_Qc+viNpr?7G=DNngPq+;CsfRBW91_81sFibcZ zYwz<=^cw2+j)Mt|d=wb8O^?mk2_#QnUuNL8QcYltq(>n&8fAoIq#Nyr#J@{>2vs6i z7|UtV`a!O7NxO=fAdelMUxPl1{LvWFJJxC)2Z7AZ3qzIQwAcCpTv9ZVnXv8g98fYg zlRt~rkZ(ys!6l?zx_eZvRm)4G#jQEpUPwhOi*IG_d_51sskEynavKW}8X)P#(BXpG zK#tITwoC)FK#YjKMhG~}R-J?{{V!%LL9DxXw7-AUku%W*l=_5H!BEQffm}WMw^S*U zNFZ1$*fF{uF~Lg~(FEk_e0-4Uk}bSHGX_D*m#^ESpPjKwe&7D#H}XeHjXH zpoc-_V#&p;%JWuAecA%o#4%ts(9x%M=G`WL`7{Q8Ml$Y6AC0Fap~%k**$MlADLX zf!=OQ@3c_6ca;}++?wbuW09%oun}a69I<8*;WRBM?UPPRyAOJ=UbVn^?ivlP2ye-G zWdMKyMq!|Y;5}pjGDdtX*Rzt`(Ns>K%oHk*368)3P6Q!k_Cl36QU`%c@V&a8c3OFy zbvkcNwW(lk=4_&Cb{Z$1L`G&uyuM^$f+2v~QqrJq!3!ZqO}=omD+&A%!3ZRA*2R}% z{$PFjJVfRq6Ui@)H6bTRpOQNi$&`dhl1say)3cO}28M_O#uNW8y*)+ZwFP2@v9OSmkV^!O5+xR+ zY@lsd5=bjn%|L*qQUcvs~KiJ#c|Ff3odJeoy02PiA7Xt?LM{WWW@WmZ2hr%HkXBo zl5Z!7QXC-gN!ay~4-WU_PdvU(1_S&7w7vWlTjICE@WjL`n>GfCkfQ%eV5s63VH``` zJFP#Ff-cK*(T3=UVC(A25=O>3Jx-C9l%~ChniD8w) ztLKU;CHD(!hgje5U)3R--s-o$IS+g?ss(8O&<5@I?YVmT*sN*utl`Pzzl;iyVHQhV z_33=-<^S%{?m_YXul?QagN^)O$CHkFuk}nhYI9B^*7DNunVx-%Lopz$1&jdbS***t zW2P-jq}M0)>h7s&0l8Dz)3*(@fMSw8JFoe6V33eI@Vc1TV1?_bkzyaN~EqDrmD3ZR4C?WX-$6J?EjR zuG|o}c_~^I9bQ3EUA)XoYXZrudDS0hsjGiM%9g^==b@~wT!~*Ew^@{Zmc6>t+b=be zOh?OUf1r&urwJTe~-Ci!VcIIBNx*b-ZELFFtO5SO017CwaWLc6-Ry{VN@%1f^LcD2dam)@I zb&Z?55AzP-Gjl6eGh@fP9?l+PImE>gUgYk$j=VNa@5tygtRQ!j+l#9||L0}($cpOM z9P)%&BPL$v?#!*UhKhHu)l2cJTiL2rq+EpyI7anYKC{kGSB*}^k?!WhGw*rtYT~Cx zimp={2=k%P&H8m$x3pXbYYXekv3BM=Twc4Fie3KAATYDbb=`1rbVomm=gH^7G-X9g zVQL*pDj@vvvjgLKPnxH@vF76N=Vt-t05TcG{5*|j(p&mwpZ49k00)D>#5tH)wOC$_ z9U-RfEHsGBMY!WamuJwg%I~t8UHeE zcd?~hpYHQ(UCj>it!6IEM1e_4$i-La%-fM3i)YTJz|!1w<~2hP$YN)AZ)xT`*L760hxs9L8?BC7=dS)d z2<5U|IF8q(c?Og<%3Y-+mhdCoAyP1t?EP;=3+)c`%Xhy!~Y{ zneV3KLkNB6%`i_w>bq&MTCwlEVP#!%-`&C03jUe5@q9s&-%YQF6a6)}1w9ejU%_r4 zK={{P{`0L#e>c_V6#vi6q0Kvgm9=XFfnNsbYecO?8sx8N(hhvxFmtW#T%2%$6L45VO61Oo5S}bl?^pP=?TkDI~$_54s&qe)^<~%XqjXqSRk`I zk~U4ZHe*M-G7(#f0*-iD`lR4h$%e=|^TDkaK@*g?ID(}NpsPjD#P&5u@Ua8sH_ztT XJe%h$d;VVl00960f>PmQ0QLa@Vs22F literal 0 HcmV?d00001 diff --git a/charts/neuvector-crd/102.0.2+up2.4.5/Chart.yaml b/charts/neuvector-crd/102.0.2+up2.4.5/Chart.yaml new file mode 100644 index 000000000..bdb5c1077 --- /dev/null +++ b/charts/neuvector-crd/102.0.2+up2.4.5/Chart.yaml @@ -0,0 +1,16 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd +apiVersion: v1 +appVersion: 5.1.3 +description: Helm chart for NeuVector's CRD services +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector-crd +type: application +version: 102.0.2+up2.4.5 diff --git a/charts/neuvector-crd/102.0.2+up2.4.5/README.md b/charts/neuvector-crd/102.0.2+up2.4.5/README.md new file mode 100644 index 000000000..915104e14 --- /dev/null +++ b/charts/neuvector-crd/102.0.2+up2.4.5/README.md @@ -0,0 +1,15 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector container security's CRD services. NeuVector's CRD (Custom Resource Definition) capture and declare application security policies early in the pipeline, then defined policies can be deployed together with the container applications. + +Because the CRD policies can be deployed before NeuVector's core product, this separate helm chart is created. For the backward compatibility reason, crd.yaml is not removed in the 'core' chart. If you use this 'crd' chart, please set `crdwebhook.enabled` to false in the 'core' chart. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`openshift` | If deploying in OpenShift, set this to true | `false` | +`serviceAccount` | Service account name for NeuVector components | `default` | +`crdwebhook.type` | crd webhook type | `ClusterIP` | diff --git a/charts/neuvector-crd/102.0.2+up2.4.5/templates/_helpers.tpl b/charts/neuvector-crd/102.0.2+up2.4.5/templates/_helpers.tpl new file mode 100644 index 000000000..c0cc49294 --- /dev/null +++ b/charts/neuvector-crd/102.0.2+up2.4.5/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/neuvector-crd/102.0.2+up2.4.5/templates/crd.yaml b/charts/neuvector-crd/102.0.2+up2.4.5/templates/crd.yaml new file mode 100644 index 000000000..7ec09c616 --- /dev/null +++ b/charts/neuvector-crd/102.0.2+up2.4.5/templates/crd.yaml @@ -0,0 +1,1112 @@ +{{- if .Values.crdwebhook.enabled -}} +{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + group: neuvector.com + names: + kind: NvSecurityRule + listKind: NvSecurityRuleList + plural: nvsecurityrules + singular: nvsecurityrule + scope: Namespaced +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvclustersecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + group: neuvector.com + names: + kind: NvClusterSecurityRule + listKind: NvClusterSecurityRuleList + plural: nvclustersecurityrules + singular: nvclustersecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + egress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + file: + items: + properties: + app: + items: + type: string + type: array + behavior: + enum: + - monitor_change + - block_access + type: string + filter: + type: string + recursive: + type: boolean + required: + - behavior + - filter + type: object + type: array + ingress: + items: + properties: + action: + enum: + - allow + - deny + type: string + applications: + items: + type: string + type: array + name: + type: string + ports: + type: string + priority: + type: integer + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - action + - name + - selector + type: object + type: array + process: + items: + properties: + action: + enum: + - allow + - deny + type: string + allow_update: + type: boolean + name: + type: string + path: + type: string + required: + - action + type: object + type: array + process_profile: + properties: + baseline: + enum: + - default + - shield + - basic + - zero-drift + type: string + type: object + target: + properties: + policymode: + enum: + - Discover + - Monitor + - Protect + - N/A + type: string + selector: + properties: + comment: + type: string + criteria: + items: + properties: + key: + type: string + op: + type: string + value: + type: string + required: + - key + - op + - value + type: object + type: array + name: + type: string + original_name: + type: string + required: + - name + type: object + required: + - selector + type: object + dlp: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + waf: + properties: + settings: + items: + properties: + action: + enum: + - allow + - deny + type: string + name: + type: string + required: + - name + - action + type: object + type: array + status: + type: boolean + type: object + required: + - target + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvdlpsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + group: neuvector.com + names: + kind: NvDlpSecurityRule + listKind: NvDlpSecurityRuleList + plural: nvdlpsecurityrules + singular: nvdlpsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvadmissioncontrolsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + group: neuvector.com + names: + kind: NvAdmissionControlSecurityRule + listKind: NvAdmissionControlSecurityRuleList + plural: nvadmissioncontrolsecurityrules + singular: nvadmissioncontrolsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + config: + properties: + client_mode: + enum: + - service + - url + type: string + enable: + type: boolean + mode: + enum: + - monitor + - protect + type: string + required: + - enable + - mode + - client_mode + type: object + rules: + items: + properties: + action: + enum: + - allow + - deny + type: string + comment: + type: string + criteria: + items: + properties: + name: + type: string + op: + type: string + path: + type: string + sub_criteria: + items: + properties: + name: + type: string + op: + type: string + value: + type: string + required: + - name + - op + - value + type: object + type: array + template_kind: + type: string + type: + type: string + value: + type: string + value_type: + type: string + required: + - name + - op + - value + type: object + type: array + disabled: + type: boolean + id: + type: integer + required: + - action + - criteria + type: object + type: array + type: object + type: object +{{- end }} +--- +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apiextensions.k8s.io/v1 +{{- else }} +apiVersion: apiextensions.k8s.io/v1beta1 +{{- end }} +kind: CustomResourceDefinition +metadata: + name: nvwafsecurityrules.neuvector.com + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + group: neuvector.com + names: + kind: NvWafSecurityRule + listKind: NvWafSecurityRuleList + plural: nvwafsecurityrules + singular: nvwafsecurityrule + scope: Cluster +{{- if (semverCompare "<1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + version: v1 +{{- end }} + versions: + - name: v1 + served: true + storage: true +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + schema: + openAPIV3Schema: + properties: + spec: + properties: + sensor: + properties: + comment: + type: string + name: + type: string + rules: + items: + properties: + name: + type: string + patterns: + items: + properties: + context: + enum: + - url + - header + - body + - packet + type: string + key: + enum: + - pattern + type: string + op: + enum: + - regex + - '!regex' + type: string + value: + type: string + required: + - key + - op + - value + - context + type: object + type: array + required: + - name + - patterns + type: object + type: array + required: + - name + type: object + required: + - sensor + type: object + type: object +{{- end }} +--- +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-crd-webhook + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + - port: 443 + targetPort: 30443 + protocol: TCP + name: crd-webhook + type: {{ .Values.crdwebhook.type }} + selector: + app: neuvector-controller-pod +--- +# ClusterRole for NeuVector to operate CRD +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-customresourcedefinition + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - update + - watch + - create + - get +--- +# ClusterRoleBinding for NeuVector to operate CRD +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-customresourcedefinition + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-customresourcedefinition +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} +--- +# ClusterRole for NeuVector to manager user-created network/process CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-nvsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - neuvector.com + resources: + - nvsecurityrules + - nvclustersecurityrules + verbs: + - list + - delete +--- +# ClusterRoleBinding for NeuVector to manager user-created network/process CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-nvsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-nvsecurityrules +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} +--- +# ClusterRole for NeuVector to manager user-created dlp CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-nvdlpsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - neuvector.com + resources: + - nvdlpsecurityrules + verbs: + - list + - delete +--- +# ClusterRole for NeuVector to manager user-created admission control CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-nvadmissioncontrolsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - neuvector.com + resources: + - nvadmissioncontrolsecurityrules + verbs: + - list + - delete +--- +# ClusterRoleBinding for NeuVector to manager user-created admission control CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-nvdlpsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-nvdlpsecurityrules +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} +--- +# ClusterRoleBinding for NeuVector to manager user-created admission control CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-nvadmissioncontrolsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-nvadmissioncontrolsecurityrules +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} +--- +# ClusterRole for NeuVector to manager user-created waf CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-nvwafsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - neuvector.com + resources: + - nvwafsecurityrules + verbs: + - list + - delete +--- +# ClusterRoleBinding for NeuVector to manager user-created waf CRD rules +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-nvwafsecurityrules + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-nvwafsecurityrules +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} +{{- end }} diff --git a/charts/neuvector-crd/102.0.2+up2.4.5/values.yaml b/charts/neuvector-crd/102.0.2+up2.4.5/values.yaml new file mode 100644 index 000000000..a7bc9a908 --- /dev/null +++ b/charts/neuvector-crd/102.0.2+up2.4.5/values.yaml @@ -0,0 +1,11 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +openshift: false + +serviceAccount: neuvector + +crdwebhook: + type: ClusterIP + enabled: true diff --git a/charts/neuvector/102.0.2+up2.4.5/.helmignore b/charts/neuvector/102.0.2+up2.4.5/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/neuvector/102.0.2+up2.4.5/Chart.yaml b/charts/neuvector/102.0.2+up2.4.5/Chart.yaml new file mode 100644 index 000000000..036e811ba --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/Chart.yaml @@ -0,0 +1,27 @@ +annotations: + catalog.cattle.io/auto-install: neuvector-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.27.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permit-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: neuvector + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.4.5 +apiVersion: v1 +appVersion: 5.1.3 +description: Helm feature chart for NeuVector's core services +home: https://neuvector.com +icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 +keywords: +- security +maintainers: +- email: support@neuvector.com + name: becitsthere +name: neuvector +sources: +- https://github.com/neuvector/neuvector +version: 102.0.2+up2.4.5 diff --git a/charts/neuvector/102.0.2+up2.4.5/README.md b/charts/neuvector/102.0.2+up2.4.5/README.md new file mode 100644 index 000000000..2c971a458 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/README.md @@ -0,0 +1,194 @@ +# NeuVector Helm Chart + +Helm chart for NeuVector container security's core services. + +## CRD +Because the CRD (Custom Resource Definition) policies can be deployed before NeuVector's core product, a new 'crd' helm chart is created. The crd template in the 'core' chart is kept for the backward compatibility. Please set `crdwebhook.enabled` to false, if you use the new 'crd' chart. + +## Choosing container runtime +The NeuVector platform supports docker, cri-o and containerd as the container runtime. For a k3s/rke2, or bottlerocket cluster, they have their own runtime socket path. You should enable their runtime options, `k3s.enabled` and `bottlerocket.enabled`, respectively. + +## Configuration + +The following table lists the configurable parameters of the NeuVector chart and their default values. + +Parameter | Description | Default | Notes +--------- | ----------- | ------- | ----- +`openshift` | If deploying in OpenShift, set this to true | `false` | +`registry` | NeuVector container registry | `docker.io` | +`tag` | image tag for controller enforcer manager | `latest` | +`oem` | OEM release name | `nil` | +`imagePullSecrets` | image pull secret | `nil` | +`rbac` | NeuVector RBAC manifests are installed when rbac is enabled | `true` | +`psp` | NeuVector Pod Security Policy when psp policy is enabled | `false` | +`serviceAccount` | Service account name for NeuVector components | `default` | +`controller.enabled` | If true, create controller | `true` | +`controller.image.repository` | controller image repository | `neuvector/controller` | +`controller.image.hash` | controller image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | +`controller.replicas` | controller replicas | `3` | +`controller.schedulerName` | kubernetes scheduler name | `nil` | +`controller.affinity` | controller affinity rules | ... | spread controllers to different nodes | +`controller.tolerations` | List of node taints to tolerate | `nil` | +`controller.resources` | Add resources requests and limits to controller deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`controller.nodeSelector` | Enable and specify nodeSelector labels | `{}` | +`controller.disruptionbudget` | controller PodDisruptionBudget. 0 to disable. Recommended value: 2. | `0` | +`controller.priorityClassName` | controller priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | +`controller.podLabels` | Specify the pod labels. | `{}` | +`controller.podAnnotations` | Specify the pod annotations. | `{}` | +`controller.env` | User-defined environment variables for controller. | `[]` | +`controller.ranchersso.enabled` | If true, enable Rancher single sign on | `false` | Rancher server address auto configured.| +`controller.pvc.enabled` | If true, enable persistence for controller using PVC | `false` | Require persistent volume type RWX, and storage 1Gi +`controller.pvc.accessModes` | Access modes for the created PVC. | `["ReadWriteMany"]` | +`controller.pvc.existingClaim` | If `false`, a new PVC will be created. If a string is provided, an existing PVC with this name will be used. | `false` | +`controller.pvc.storageClass` | Storage Class to be used | `default` | +`controller.pvc.capacity` | Storage capacity | `1Gi` | +`controller.azureFileShare.enabled` | If true, enable the usage of an existing or statically provisioned Azure File Share | `false` | +`controller.azureFileShare.secretName` | The name of the secret containing the Azure file share storage account name and key | `nil` | +`controller.azureFileShare.shareName` | The name of the Azure file share to use | `nil` | +`controller.apisvc.type` | Controller REST API service type | `nil` | +`controller.apisvc.annotations` | Add annotations to controller REST API service | `{}` | +`controller.apisvc.route.enabled` | If true, create a OpenShift route to expose the Controller REST API service | `false` | +`controller.apisvc.route.termination` | Specify TLS termination for OpenShift route for Controller REST API service. Possible passthrough, edge, reencrypt | `passthrough` | +`controller.apisvc.route.host` | Set controller REST API service hostname | `nil` | +`controller.apisvc.route.tls.key` | Set controller REST API service PEM format key file | `nil` | +`controller.apisvc.route.tls.certificate` | Set controller REST API service PEM format certificate file | `nil` | +`controller.apisvc.route.tls.caCertificate` | Set controller REST API service CA certificate may be required to establish a certificate chain for validation | `nil` | +`controller.apisvc.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate | `nil` | +`controller.certificate.secret` | Replace controller REST API certificate using secret if secret name is specified | `nil` | +`controller.certificate.keyFile` | Replace controller REST API certificate key file | `tls.key` | +`controller.certificate.pemFile` | Replace controller REST API certificate pem file | `tls.pem` | +`controller.federation.mastersvc.type` | Multi-cluster primary cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` | +`controller.federation.mastersvc.annotations` | Add annotations to Multi-cluster primary cluster REST API service | `{}` | +`controller.federation.mastersvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster primary cluster service | `false` | +`controller.federation.mastersvc.route.host` | Set OpenShift route host for primary cluster service | `nil` | +`controller.federation.mastersvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster primary cluster service. Possible passthrough, edge, reencrypt | `passthrough` | +`controller.federation.mastersvc.route.tls.key` | Set PEM format key file for OpenShift route for Multi-cluster primary cluster service | `nil` | +`controller.federation.mastersvc.route.tls.certificate` | Set PEM format key certificate file for OpenShift route for Multi-cluster primary cluster service | `nil` | +`controller.federation.mastersvc.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for Multi-cluster primary cluster service | `nil` | +`controller.federation.mastersvc.route.tls.destinationCACertificate` | Set CA certificate to validate the endpoint certificate for OpenShift route for Multi-cluster primary cluster service | `nil` | +`controller.federation.mastersvc.ingress.enabled` | If true, create ingress for federation master service, must also set ingress host value | `false` | enable this if ingress controller is installed +`controller.federation.mastersvc.ingress.tls` | If true, TLS is enabled for controller federation master ingress service |`false` | If set, the tls-host used is the one set with `controller.federation.mastersvc.ingress.host`. +`controller.federation.mastersvc.ingress.host` | Must set this host value if ingress is enabled | `nil` | +`controller.federation.mastersvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` | +`controller.federation.mastersvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) +`controller.federation.mastersvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. +`controller.federation.mastersvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`controller.federation.managedsvc.type` | Multi-cluster managed cluster service type. If specified, the deployment will be managed by the managed clsuter. Possible values include NodePort, LoadBalancer and ClusterIP. | `nil` | +`controller.federation.managedsvc.annotations` | Add annotations to Multi-cluster managed cluster REST API service | `{}` | +`controller.federation.managedsvc.route.enabled` | If true, create a OpenShift route to expose the Multi-cluster managed cluster service | `false` | +`controller.federation.managedsvc.route.host` | Set OpenShift route host for manageed service | `nil` | +`controller.federation.managedsvc.route.termination` | Specify TLS termination for OpenShift route for Multi-cluster managed cluster service. Possible passthrough, edge, reencrypt | `passthrough` | +`controller.federation.managedsvc.route.tls.key` | Set PEM format key file for OpenShift route for Multi-cluster managed cluster service | `nil` | +`controller.federation.managedsvc.route.tls.certificate` | Set PEM format certificate file for OpenShift route for Multi-cluster managed cluster service | `nil` | +`controller.federation.managedsvc.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for Multi-cluster managed cluster service | `nil` | +`controller.federation.managedsvc.route.tls.destinationCACertificate` | Set CA certificate to validate the endpoint certificate for OpenShift route for Multi-cluster managed cluster service | `nil` | +`controller.federation.managedsvc.ingress.enabled` | If true, create ingress for federation managed service, must also set ingress host value | `false` | enable this if ingress controller is installed +`controller.federation.managedsvc.ingress.tls` | If true, TLS is enabled for controller federation managed ingress service |`false` | If set, the tls-host used is the one set with `controller.federation.managedsvc.ingress.host`. +`controller.federation.managedsvc.ingress.host` | Must set this host value if ingress is enabled | `nil` | +`controller.federation.managedsvc.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` | +`controller.federation.managedsvc.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) +`controller.federation.managedsvc.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. +`controller.federation.managedsvc.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`controller.ingress.enabled` | If true, create ingress for rest api, must also set ingress host value | `false` | enable this if ingress controller is installed +`controller.ingress.tls` | If true, TLS is enabled for controller rest api ingress service |`false` | If set, the tls-host used is the one set with `controller.ingress.host`. +`controller.ingress.host` | Must set this host value if ingress is enabled | `nil` | +`controller.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` | +`controller.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) +`controller.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. +`controller.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`controller.configmap.enabled` | If true, configure NeuVector global settings using a ConfigMap | `false` +`controller.configmap.data` | NeuVector configuration in YAML format | `{}` +`controller.secret.enabled` | If true, configure NeuVector global settings using secrets | `false` +`controller.secret.data` | NeuVector configuration in key/value pair format | `{}` +`enforcer.enabled` | If true, create enforcer | `true` | +`enforcer.image.repository` | enforcer image repository | `neuvector/enforcer` | +`enforcer.image.hash` | enforcer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | +`enforcer.updateStrategy.type` | enforcer update strategy type. | `RollingUpdate` | +`enforcer.priorityClassName` | enforcer priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | +`enforcer.podLabels` | Specify the pod labels. | `{}` | +`enforcer.podAnnotations` | Specify the pod annotations. | `{}` | +`enforcer.env` | User-defined environment variables for enforcers. | `[]` | +`enforcer.tolerations` | List of node taints to tolerate | `- effect: NoSchedule`
`key: node-role.kubernetes.io/master` | other taints can be added after the default +`enforcer.resources` | Add resources requests and limits to enforcer deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`manager.enabled` | If true, create manager | `true` | +`manager.image.repository` | manager image repository | `neuvector/manager` | +`manager.image.hash` | manager image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | +`manager.priorityClassName` | manager priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | +`manager.podLabels` | Specify the pod labels. | `{}` | +`manager.podAnnotations` | Specify the pod annotations. | `{}` | +`manager.env.ssl` | If false, manager will listen on HTTP access instead of HTTPS | `true` | +`manager.svc.type` | set manager service type for native Kubernetes | `NodePort`;
if it is OpenShift platform or ingress is enabled, then default is `ClusterIP` | set to LoadBalancer if using cloud providers, such as Azure, Amazon, Google +`manager.svc.loadBalancerIP` | if manager service type is LoadBalancer, this is used to specify the load balancer's IP | `nil` | +`manager.svc.annotations` | Add annotations to manager service | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`manager.route.enabled` | If true, create a OpenShift route to expose the management console service | `true` | +`manager.route.host` | Set OpenShift route host for management console service | `nil` | +`manager.route.termination` | Specify TLS termination for OpenShift route for management console service. Possible passthrough, edge, reencrypt | `passthrough` | +`manager.route.tls.key` | Set PEM format key file for OpenShift route for management console service | `nil` | +`manager.route.tls.certificate` | Set PEM format certificate file for OpenShift route for management console service | `nil` | +`manager.route.tls.caCertificate` | Set CA certificate may be required to establish a certificate chain for validation for OpenShift route for management console service | `nil` | +`manager.route.tls.destinationCACertificate` | Set controller REST API service CA certificate to validate the endpoint certificate for OpenShift route for management console service | `nil` | +`manager.certificate.secret` | Replace manager UI certificate using secret if secret name is specified | `nil` | +`manager.certificate.keyFile` | Replace manager UI certificate key file | `tls.key` | +`manager.certificate.pemFile` | Replace manager UI certificate pem file | `tls.pem` | +`manager.ingress.enabled` | If true, create ingress, must also set ingress host value | `false` | enable this if ingress controller is installed +`manager.ingress.host` | Must set this host value if ingress is enabled | `nil` | +`manager.ingress.ingressClassName` | To be used instead of the ingress.class annotation if an IngressClass is provisioned | `""` | +`manager.ingress.path` | Set ingress path |`/` | If set, it might be necessary to set a rewrite rule in annotations. Currently only supports `/` +`manager.ingress.annotations` | Add annotations to ingress to influence behavior | `nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`manager.ingress.tls` | If true, TLS is enabled for manager ingress service |`false` | If set, the tls-host used is the one set with `manager.ingress.host`. +`manager.ingress.secretName` | Name of the secret to be used for TLS-encryption | `nil` | Secret must be created separately (Let's encrypt, manually) +`manager.resources` | Add resources requests and limits to manager deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) +`manager.affinity` | manager affinity rules | `{}` | +`manager.tolerations` | List of node taints to tolerate | `nil` | +`manager.nodeSelector` | Enable and specify nodeSelector labels | `{}` | +`manager.runAsUser` | Specify the run as User ID | `nil` | +`cve.updater.enabled` | If true, create cve updater | `true` | +`cve.updater.secure` | If ture, API server's certificate is validated | `false` | +`cve.updater.image.repository` | cve updater image repository | `neuvector/updater` | +`cve.updater.image.tag` | image tag for cve updater | `latest` | +`cve.updater.image.hash` | cve updateer image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | +`cve.updater.priorityClassName` | cve updater priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | +`cve.updater.podLabels` | Specify the pod labels. | `{}` | +`cve.updater.podAnnotations` | Specify the pod annotations. | `{}` | +`cve.updater.schedule` | cronjob cve updater schedule | `0 0 * * *` | +`cve.updater.nodeSelector` | Enable and specify nodeSelector labels | `{}` | +`cve.updater.runAsUser` | Specify the run as User ID | `nil` | +`cve.scanner.enabled` | If true, cve scanners will be deployed | `true` | +`cve.scanner.image.repository` | cve scanner image repository | `neuvector/scanner` | +`cve.scanner.image.tag` | cve scanner image tag | `latest` | +`cve.scanner.image.hash` | cve scanner image hash in the format of sha256:xxxx. If present it overwrites the image tag value. | | +`cve.scanner.priorityClassName` | cve scanner priorityClassName. Must exist prior to helm deployment. Leave empty to disable. | `nil` | +`cve.scanner.podLabels` | Specify the pod labels. | `{}` | +`cve.scanner.podAnnotations` | Specify the pod annotations. | `{}` | +`cve.scanner.env` | User-defined environment variables for scanner. | `[]` | +`cve.scanner.replicas` | external scanner replicas | `3` | +`cve.scanner.dockerPath` | the remote docker socket if CI/CD integration need scan images before they are pushed to the registry | `nil` | +`cve.scanner.resources` | Add resources requests and limits to scanner deployment | `{}` | see examples in [values.yaml](https://github.com/neuvector/neuvector-helm/tree/2.4.5/charts/core/values.yaml) | +`cve.scanner.affinity` | scanner affinity rules | `{}` | +`cve.scanner.tolerations` | List of node taints to tolerate | `nil` | +`cve.scanner.nodeSelector` | Enable and specify nodeSelector labels | `{}` | +`cve.scanner.runAsUser` | Specify the run as User ID | `nil` | +`docker.path` | docker path | `/var/run/docker.sock` | +`containerd.enabled` | Set to true, if the container runtime is containerd | `false` | **Note**: For k3s and rke clusters, set k3s.enabled to true instead +`containerd.path` | If containerd is enabled, this local containerd socket path will be used | `/var/run/containerd/containerd.sock` | +`crio.enabled` | Set to true, if the container runtime is cri-o | `false` | +`crio.path` | If cri-o is enabled, this local cri-o socket path will be used | `/var/run/crio/crio.sock` | +`k3s.enabled` | Set to true for k3s or rke2 | `false` | +`k3s.runtimePath` | If k3s is enabled, this local containerd socket path will be used | `/run/k3s/containerd/containerd.sock` | +`bottlerocket.enabled` | Set to true if using AWS bottlerocket | `false` | +`bottlerocket.runtimePath` | If bottlerocket is enabled, this local containerd socket path will be used | `/run/dockershim.sock` | +`admissionwebhook.type` | admission webhook type | `ClusterIP` | +`crdwebhook.enabled` | Enable crd service and create crd related resources | `true` | +`crdwebhook.type` | crd webhook type | `ClusterIP` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install my-release --namespace neuvector ./neuvector-helm/ --set manager.env.ssl=off +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install my-release --namespace neuvector ./neuvector-helm/ -f values.yaml +``` diff --git a/charts/neuvector/102.0.2+up2.4.5/app-readme.md b/charts/neuvector/102.0.2+up2.4.5/app-readme.md new file mode 100644 index 000000000..a3e31c5e1 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/app-readme.md @@ -0,0 +1,35 @@ +### Run-Time Protection Without Compromise + +NeuVector delivers a complete run-time security solution with container process/file system protection and vulnerability scanning combined with the only true Layer 7 container firewall. Protect sensitive data with a complete container security platform. + +NeuVector integrates tightly with Rancher and Kubernetes to extend the built-in security features for applications that require defense in depth. Security features include: + ++ Build phase vulnerability scanning with Jenkins plug-in and registry scanning ++ Admission control to prevent vulnerable or unauthorized image deployments using Kubernetes admission control webhooks ++ Complete run-time scanning with network, process, and file system monitoring and protection ++ The industry's only layer 7 container firewall for multi-protocol threat detection and automated segmentation ++ Advanced network controls including DLP detection, service mesh integration, connection blocking and packet captures ++ Run-time vulnerability scanning and CIS benchmarks + +Additional Notes: ++ Previous deployments from Rancher, such as from our Partners chart repository or the primary NeuVector Helm chart, must be completely removed in order to update to the new integrated feature chart. See https://github.com/rancher/rancher/issues/37447. ++ Configure correct container runtime and runtime path under container runtime. Enable only one runtime. ++ For deploying on hardened RKE2 and K3s clusters, enable PSP and set user id from other configuration for Manager, Scanner and Updater deployments. User id can be any number other than 0. ++ For deploying on hardened RKE cluster, enable PSP from security settings. + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `global.cattle.psp.enabled` set to `false` if it has been previously set to `true`. + **Note:** + In this chart release, any previous field that was associated with any PSP resources have been removed in favor of a single global field: `global.cattle.psp.enabled`. + + **Note:** + If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** + + If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. + +Upon setting `global.cattle.psp.enabled` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. diff --git a/charts/neuvector/102.0.2+up2.4.5/crds/_helpers.tpl b/charts/neuvector/102.0.2+up2.4.5/crds/_helpers.tpl new file mode 100644 index 000000000..c0cc49294 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/crds/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/neuvector/102.0.2+up2.4.5/questions.yaml b/charts/neuvector/102.0.2+up2.4.5/questions.yaml new file mode 100644 index 000000000..ab478103f --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/questions.yaml @@ -0,0 +1,336 @@ +questions: +#image configurations +- variable: controller.image.repository + default: "neuvector/controller" + description: controller image repository + type: string + label: Controller Image Path + group: "Container Images" +- variable: controller.image.tag + default: "" + description: image tag for controller + type: string + label: Controller Image Tag + group: "Container Images" +- variable: manager.image.repository + default: "neuvector/manager" + description: manager image repository + type: string + label: Manager Image Path + group: "Container Images" +- variable: manager.image.tag + default: "" + description: image tag for manager + type: string + label: Manager Image Tag + group: "Container Images" +- variable: enforcer.image.repository + default: "neuvector/enforcer" + description: enforcer image repository + type: string + label: Enforcer Image Path + group: "Container Images" +- variable: enforcer.image.tag + default: "" + description: image tag for enforcer + type: string + label: Enforcer Image Tag + group: "Container Images" +- variable: cve.scanner.image.repository + default: "neuvector/scanner" + description: scanner image repository + type: string + label: Scanner Image Path + group: "Container Images" +- variable: cve.scanner.image.tag + default: "" + description: image tag for scanner + type: string + label: Scanner Image Tag + group: "Container Images" +- variable: cve.updater.image.repository + default: "neuvector/updater" + description: cve updater image repository + type: string + label: CVE Updater Image Path + group: "Container Images" +- variable: cve.updater.image.tag + default: "" + description: image tag for updater + type: string + label: Updater Image Tag + group: "Container Images" +#Container Runtime configurations +- variable: docker.enabled + default: true + description: Docker runtime. Enable only one runtime + type: boolean + label: Docker Runtime + show_subquestion_if: true + group: "Container Runtime" + subquestions: + - variable: docker.path + default: "/var/run/docker.sock" + description: "Docker Runtime Path" + type: string + label: Runtime Path +- variable: containerd.enabled + default: "false" + description: Containerd runtime. Enable only one runtime + type: boolean + label: Containerd Runtime + show_subquestion_if: true + group: "Container Runtime" + subquestions: + - variable: containerd.path + default: " /var/run/containerd/containerd.sock" + description: "Containerd Runtime Path" + type: string + label: Runtime Path +- variable: crio.enabled + default: "false" + description: CRI-O runtime. Enable only one runtime + type: boolean + label: CRI-O Runtime + show_subquestion_if: true + group: "Container Runtime" + subquestions: + - variable: crio.path + default: "/var/run/crio/crio.sock" + description: "CRI-O Runtime Path" + type: string + label: Runtime Path +- variable: k3s.enabled + default: "false" + description: k3s containerd runtime. Enable only one runtime. Choose this option for RKE2 and K3S based clusters + type: boolean + label: k3s Containerd Runtime + show_subquestion_if: true + group: "Container Runtime" + subquestions: + - variable: k3s.runtimePath + default: " /run/k3s/containerd/containerd.sock" + description: "k3s Containerd Runtime Path" + type: string + label: Runtime Path +#storage configurations +- variable: controller.pvc.enabled + default: false + description: If true, enable persistence for controller using PVC. PVC should support ReadWriteMany(RWX) + type: boolean + label: PVC Status + group: "PVC Configuration" +- variable: controller.pvc.storageClass + default: "" + description: Storage Class to be used + type: string + label: Storage Class Name + group: "PVC Configuration" +#ingress configurations +- variable: manager.ingress.enabled + default: false + description: If true, create ingress, must also set ingress host value + type: boolean + label: Manager Ingress Status + group: "Ingress Configuration" + show_subquestion_if: true + subquestions: + - variable: manager.ingress.host + default: "" + description: Must set this host value if ingress is enabled + type: string + label: Manager Ingress Host + group: "Ingress Configuration" + - variable: manager.ingress.path + default: "/" + description: Set ingress path + type: string + label: Manager Ingress Path + group: "Ingress Configuration" + - variable: manager.ingress.annotations + default: "{}" + description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation + type: string + label: Manager Ingress Annotations + group: "Ingress Configuration" +- variable: controller.ingress.enabled + default: false + description: If true, create ingress for rest api, must also set ingress host value + type: boolean + label: Controller Ingress Status + group: "Ingress Configuration" + show_subquestion_if: true + subquestions: + - variable: controller.ingress.host + default: "" + description: Must set this host value if ingress is enabled + type: string + label: Controller Ingress Host + group: "Ingress Configuration" + - variable: controller.ingress.path + default: "/" + description: Set ingress path + type: string + label: Controller Ingress Path + group: "Ingress Configuration" + - variable: controller.ingress.annotations + default: "{}" + description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation + type: string + label: Controller Ingress Annotations + group: "Ingress Configuration" +- variable: controller.federation.mastersvc.ingress.enabled + default: false + description: If true, create ingress for rest api, must also set ingress host value + type: boolean + label: Controller Federation Master Service Ingress Status + group: "Ingress Configuration" + show_subquestion_if: true + subquestions: + - variable: controller.federation.mastersvc.ingress.tls + default: false + description: If true, TLS is enabled for controller federation master ingress service + type: boolean + label: Controller Federation Master Service Ingress TLS Status + group: "Ingress Configuration" + - variable: controller.federation.mastersvc.ingress.host + default: "" + description: Must set this host value if ingress is enabled + type: string + label: Controller Federation Master Service Ingress Host + group: "Ingress Configuration" + - variable: controller.federation.mastersvc.ingress.path + default: "/" + description: Set ingress path + type: string + label: Controller Federation Master Service Ingress Path + group: "Ingress Configuration" + - variable: controller.federation.mastersvc.ingress.ingressClassName + default: "" + description: To be used instead of the ingress.class annotation if an IngressClass is provisioned + type: string + label: Controller Federation Master Service Ingress IngressClassName + group: "Ingress Configuration" + - variable: controller.federation.mastersvc.ingress.secretName + default: "" + description: Name of the secret to be used for TLS-encryption + type: string + label: Controller Federation Master Service Ingress SecretName + group: "Ingress Configuration" + - variable: controller.federation.mastersvc.ingress.annotations + default: "{}" + description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation + type: string + label: Controller Federation Master Service Ingress Annotations + group: "Ingress Configuration" +- variable: controller.federation.managedsvc.ingress.enabled + default: false + description: If true, create ingress for rest api, must also set ingress host value + type: boolean + label: Controller Federation Managed Service Ingress Status + group: "Ingress Configuration" + show_subquestion_if: true + subquestions: + - variable: controller.federation.managedsvc.ingress.tls + default: false + description: If true, TLS is enabled for controller federation managed ingress service + type: boolean + label: Controller Federation Managed Service Ingress TLS Status + group: "Ingress Configuration" + - variable: controller.federation.managedsvc.ingress.host + default: "" + description: Must set this host value if ingress is enabled + type: string + label: Controller Federation Managed Service Ingress Host + group: "Ingress Configuration" + - variable: controller.federation.managedsvc.ingress.path + default: "/" + description: Set ingress path + type: string + label: Controller Federation Managed Service Ingress Path + group: "Ingress Configuration" + - variable: controller.federation.managedsvc.ingress.ingressClassName + default: "" + description: To be used instead of the ingress.class annotation if an IngressClass is provisioned + type: string + label: Controller Federation Managed Service Ingress IngressClassName + group: "Ingress Configuration" + - variable: controller.federation.managedsvc.ingress.secretName + default: "" + description: Name of the secret to be used for TLS-encryption + type: string + label: Controller Federation Managed Service Ingress SecretName + group: "Ingress Configuration" + - variable: controller.federation.managedsvc.ingress.annotations + default: "{}" + description: Add annotations to ingress to influence behavior. Please use the 'Edit as YAML' feature in the Rancher UI to add single or multiple lines of annotation + type: string + label: Controller Federation Managed Service Ingress Annotations + group: "Ingress Configuration" +#service configurations +- variable: manager.svc.type + default: "NodePort" + description: Set manager service type for native Kubernetes + type: enum + label: Manager Service Type + group: "Service Configuration" + options: + - "NodePort" + - "ClusterIP" + - "LoadBalancer" +- variable: controller.federation.mastersvc.type + default: "" + description: Multi-cluster master cluster service type. If specified, the deployment will be used to manage other clusters. Possible values include NodePort, LoadBalancer and ClusterIP + type: enum + label: Fed Master Service Type + group: "Service Configuration" + options: + - "NodePort" + - "ClusterIP" + - "LoadBalancer" +- variable: controller.federation.managedsvc.type + default: "" + description: Multi-cluster managed cluster service type. If specified, the deployment will be managed by the master clsuter. Possible values include NodePort, LoadBalancer and ClusterIP + type: enum + label: Fed Managed Service Type + group: "Service Configuration" + options: + - "NodePort" + - "ClusterIP" + - "LoadBalancer" +- variable: controller.apisvc.type + default: "NodePort" + description: Controller REST API service type + type: enum + label: Controller REST API Service Type + group: "Service Configuration" + options: + - "NodePort" + - "ClusterIP" + - "LoadBalancer" +#Security Settings +- variable: global.cattle.psp.enabled + default: "false" + description: "Flag to enable or disable the installation of PodSecurityPolicies by this chart in the target cluster. If the cluster is running Kubernetes 1.25+, you must update this value to false." + label: "Enable PodSecurityPolicies" + default: "false" + type: boolean + group: "Security Settings" +- variable: manager.runAsUser + default: "" + description: Specify the run as User ID + type: int + label: Manager runAsUser ID + group: "Security Settings" +- variable: cve.scanner.runAsUser + default: "" + description: Specify the run as User ID + type: int + label: Scanner runAsUser ID + group: "Security Settings" +- variable: cve.updater.runAsUser + default: "" + description: Specify the run as User ID + type: int + label: Updater runAsUser ID + group: "Security Settings" diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/NOTES.txt b/charts/neuvector/102.0.2+up2.4.5/templates/NOTES.txt new file mode 100644 index 000000000..e79b2cc21 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/NOTES.txt @@ -0,0 +1,20 @@ +{{- if and .Values.manager.enabled .Values.manager.ingress.enabled }} +From outside the cluster, the NeuVector URL is: +http://{{ .Values.manager.ingress.host }} +{{- else if not .Values.openshift }} +Get the NeuVector URL by running these commands: +{{- if contains "NodePort" .Values.manager.svc.type }} + NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services neuvector-service-webui) + NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo https://$NODE_IP:$NODE_PORT +{{- else if contains "ClusterIP" .Values.manager.svc.type }} + CLUSTER_IP=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.clusterIP}" services neuvector-service-webui) + echo https://$CLUSTER_IP:8443 +{{- else if contains "LoadBalancer" .Values.manager.svc.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status by running 'kubectl get svc --namespace {{ .Release.Namespace }} -w neuvector-service-webui' + + SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} neuvector-service-webui -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + echo https://$SERVICE_IP:8443 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/_helpers.tpl b/charts/neuvector/102.0.2+up2.4.5/templates/_helpers.tpl new file mode 100644 index 000000000..5d21a1824 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "neuvector.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "neuvector.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "neuvector.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/admission-webhook-service.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/admission-webhook-service.yaml new file mode 100644 index 000000000..8a0a76aaa --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/admission-webhook-service.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-admission-webhook + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + ports: + - port: 443 + targetPort: 20443 + protocol: TCP + name: admission-webhook + type: {{ .Values.admissionwebhook.type }} + selector: + app: neuvector-controller-pod \ No newline at end of file diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/cert-manager-secret.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/cert-manager-secret.yaml new file mode 100644 index 000000000..3692886b4 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/cert-manager-secret.yaml @@ -0,0 +1,33 @@ +{{- if .Values.internal.certmanager.enabled }} +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: {{ .Values.internal.certmanager.secretname }} + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .Values.internal.certmanager.secretname }} + namespace: {{ .Release.Namespace }} +spec: + duration: 17520h # 2 years + subject: + organizations: + - NeuVector + isCA: true + commonName: neuvector.internal + dnsNames: + - neuvector.internal + - NeuVector + secretName: {{ .Values.internal.certmanager.secretname }} + usages: + - digital signature + - key encipherment + issuerRef: + group: cert-manager.io + kind: Issuer + name: {{ .Values.internal.certmanager.secretname }} +{{- end }} \ No newline at end of file diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/clusterrole.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/clusterrole.yaml new file mode 100644 index 000000000..cce7a8254 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/clusterrole.yaml @@ -0,0 +1,121 @@ +{{- if .Values.rbac -}} +{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-app + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - nodes + - pods + - services + - namespaces + verbs: + - get + - list + - watch + - update + +--- + +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-rbac + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +{{- if .Values.openshift }} +- apiGroups: + - image.openshift.io + resources: + - imagestreams + verbs: + - get + - list + - watch +{{- end }} +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + - clusterrolebindings + - clusterroles + verbs: + - get + - list + - watch + +--- + +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRole +metadata: + name: neuvector-binding-admission + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - get + - list + - watch + - create + - update + - delete + +--- + +{{- if $oc4 }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: neuvector-binding-co + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - config.openshift.io + resources: + - clusteroperators + verbs: + - get + - list +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/clusterrolebinding.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..70596a2b3 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/clusterrolebinding.yaml @@ -0,0 +1,147 @@ +{{- if .Values.rbac -}} +{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} + +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-app + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-app +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} + +--- + +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-rbac + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-rbac +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} + +--- + +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-admission + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: neuvector-binding-admission +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} + +--- + +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-view + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: view +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} + +--- + +{{- if $oc4 }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: neuvector-binding-co + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: neuvector-binding-co +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/controller-deployment.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/controller-deployment.yaml new file mode 100644 index 000000000..9eae7671f --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/controller-deployment.yaml @@ -0,0 +1,235 @@ +{{- if .Values.controller.enabled -}} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apps/v1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Deployment +metadata: + name: neuvector-controller-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- with .Values.controller.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + replicas: {{ .Values.controller.replicas }} + minReadySeconds: 60 + strategy: +{{ toYaml .Values.controller.strategy | indent 4 }} + selector: + matchLabels: + app: neuvector-controller-pod + template: + metadata: + labels: + app: neuvector-controller-pod + release: {{ .Release.Name }} + {{- with .Values.controller.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if or .Values.controller.secret.enabled .Values.controller.configmap.enabled .Values.controller.podAnnotations }} + annotations: + {{- if .Values.controller.secret.enabled }} + checksum/init-secret: {{ include (print $.Template.BasePath "/init-secret.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.controller.configmap.enabled }} + checksum/init-configmap: {{ include (print $.Template.BasePath "/init-configmap.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.controller.podAnnotations }} + {{- toYaml .Values.controller.podAnnotations | nindent 8 }} + {{- end }} + {{- end }} + spec: + {{- if .Values.controller.affinity }} + affinity: +{{ toYaml .Values.controller.affinity | indent 8 }} + {{- end }} + {{- if .Values.controller.tolerations }} + tolerations: +{{ toYaml .Values.controller.tolerations | indent 8 }} + {{- end }} + {{- if .Values.controller.nodeSelector }} + nodeSelector: +{{ toYaml .Values.controller.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.controller.schedulerName }} + schedulerName: {{ .Values.controller.schedulerName }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} + serviceAccountName: {{ .Values.serviceAccount }} + serviceAccount: {{ .Values.serviceAccount }} + containers: + - name: neuvector-controller-pod + image: {{ template "system_default_registry" . }}{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }} + securityContext: + privileged: true + resources: + {{- if .Values.controller.resources }} +{{ toYaml .Values.controller.resources | indent 12 }} + {{- else }} +{{ toYaml .Values.resources | indent 12 }} + {{- end }} + readinessProbe: + exec: + command: + - cat + - /tmp/ready + initialDelaySeconds: 5 + periodSeconds: 5 + env: + - name: CLUSTER_JOIN_ADDR + value: neuvector-svc-controller.{{ .Release.Namespace }} + - name: CLUSTER_ADVERTISED_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CLUSTER_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- if .Values.controller.ranchersso.enabled }} + - name: RANCHER_SSO + value: "1" + - name: RANCHER_EP + value: "{{ .Values.global.cattle.url }}" + {{- end }} + {{- if or .Values.controller.pvc.enabled .Values.controller.azureFileShare.enabled }} + - name: CTRL_PERSIST_CONFIG + value: "1" + {{- end }} + {{- with .Values.controller.env }} +{{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + - mountPath: /var/neuvector + name: nv-share + readOnly: false + {{- if .Values.containerd.enabled }} + - mountPath: /var/run/containerd/containerd.sock + {{- else if .Values.k3s.enabled }} + - mountPath: /var/run/containerd/containerd.sock + {{- else if .Values.bottlerocket.enabled }} + - mountPath: /var/run/containerd/containerd.sock + {{- else if .Values.crio.enabled }} + - mountPath: /var/run/crio/crio.sock + {{- else }} + - mountPath: /var/run/docker.sock + {{- end }} + name: runtime-sock + readOnly: true + - mountPath: /host/proc + name: proc-vol + readOnly: true + - mountPath: /host/cgroup + name: cgroup-vol + readOnly: true + - mountPath: /etc/config + name: config-volume + readOnly: true + {{- if .Values.controller.certificate.secret }} + - mountPath: /etc/neuvector/certs/ssl-cert.key + subPath: {{ .Values.controller.certificate.keyFile }} + name: cert + readOnly: true + - mountPath: /etc/neuvector/certs/ssl-cert.pem + subPath: {{ .Values.controller.certificate.pemFile }} + name: cert + readOnly: true + {{- end }} + {{- if .Values.internal.certmanager.enabled }} + - mountPath: /etc/neuvector/certs/internal/cert.key + subPath: {{ .Values.controller.internal.certificate.keyFile }} + name: internal-cert + readOnly: true + - mountPath: /etc/neuvector/certs/internal/cert.pem + subPath: {{ .Values.controller.internal.certificate.pemFile }} + name: internal-cert + readOnly: true + - mountPath: /etc/neuvector/certs/internal/ca.cert + subPath: {{ .Values.controller.internal.certificate.caFile }} + name: internal-cert + readOnly: true + {{- end }} + terminationGracePeriodSeconds: 300 + restartPolicy: Always + volumes: + - name: nv-share + {{- if .Values.controller.pvc.enabled }} + persistentVolumeClaim: + claimName: {{ .Values.controller.pvc.existingClaim | default "neuvector-data" }} + {{- else if .Values.controller.azureFileShare.enabled }} + azureFile: + secretName: {{ .Values.controller.azureFileShare.secretName }} + shareName: {{ .Values.controller.azureFileShare.shareName }} + readOnly: false + {{- else }} + hostPath: + path: /var/neuvector + {{- end }} + - name: runtime-sock + hostPath: + {{- if .Values.containerd.enabled }} + path: {{ .Values.containerd.path }} + {{- else if .Values.crio.enabled }} + path: {{ .Values.crio.path }} + {{- else if .Values.k3s.enabled }} + path: {{ .Values.k3s.runtimePath }} + {{- else if .Values.bottlerocket.enabled }} + path: {{ .Values.bottlerocket.runtimePath }} + {{- else }} + path: {{ .Values.docker.path }} + {{- end }} + - name: proc-vol + hostPath: + path: /proc + - name: cgroup-vol + hostPath: + path: /sys/fs/cgroup + - name: config-volume + projected: + sources: + - configMap: + name: neuvector-init + optional: true + - secret: + name: neuvector-init + optional: true + {{- if .Values.controller.certificate.secret }} + - name: cert + secret: + secretName: {{ .Values.controller.certificate.secret }} + {{- end }} + {{- if .Values.internal.certmanager.enabled }} + - name: internal-cert + secret: + secretName: {{ .Values.controller.internal.certificate.secret }} + {{- end }} +{{- if gt (int .Values.controller.disruptionbudget) 0 }} +--- +{{- if (semverCompare ">=1.21-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: policy/v1 +{{- else }} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: neuvector-controller-pdb + namespace: {{ .Release.Namespace }} +spec: + minAvailable: {{ .Values.controller.disruptionbudget }} + selector: + matchLabels: + app: neuvector-controller-pod +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/controller-ingress.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/controller-ingress.yaml new file mode 100644 index 000000000..b36fbbdc0 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/controller-ingress.yaml @@ -0,0 +1,219 @@ +{{- if .Values.controller.enabled }} +{{- if .Values.controller.ingress.enabled }} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: neuvector-restapi-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.ingress.ingressClassName }} + ingressClassName: {{ .Values.controller.ingress.ingressClassName | quote }} +{{ end }} +{{- if .Values.controller.ingress.tls }} + tls: + - hosts: + - {{ .Values.controller.ingress.host }} +{{- if .Values.controller.ingress.secretName }} + secretName: {{ .Values.controller.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.controller.ingress.host }} + http: + paths: + - path: {{ .Values.controller.ingress.path }} + pathType: Prefix + backend: + service: + name: neuvector-svc-controller-api + port: + number: 10443 +{{- else }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: neuvector-restapi-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.ingress.tls }} + tls: + - hosts: + - {{ .Values.controller.ingress.host }} +{{- if .Values.controller.ingress.secretName }} + secretName: {{ .Values.controller.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.controller.ingress.host }} + http: + paths: + - path: {{ .Values.controller.ingress.path }} + backend: + serviceName: neuvector-svc-controller-api + servicePort: 10443 +{{- end }} +{{- end }} +{{- if .Values.controller.federation.mastersvc.ingress.enabled }} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: neuvector-mastersvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.mastersvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.federation.mastersvc.ingress.ingressClassName }} + ingressClassName: {{ .Values.controller.federation.mastersvc.ingress.ingressClassName | quote }} +{{ end }} +{{- if .Values.controller.federation.mastersvc.ingress.tls }} + tls: + - hosts: + - {{ .Values.controller.federation.mastersvc.ingress.host }} +{{- if .Values.controller.federation.mastersvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.controller.federation.mastersvc.ingress.host }} + http: + paths: + - path: {{ .Values.controller.federation.mastersvc.ingress.path }} + pathType: Prefix + backend: + service: + name: neuvector-svc-controller-fed-master + port: + number: 11443 +{{- else }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: neuvector-mastersvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.mastersvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.federation.mastersvc.ingress.tls }} + tls: + - hosts: + - {{ .Values.controller.federation.mastersvc.ingress.host }} +{{- if .Values.controller.federation.mastersvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.mastersvc.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.controller.federation.mastersvc.ingress.host }} + http: + paths: + - path: {{ .Values.controller.federation.mastersvc.ingress.path }} + backend: + serviceName: neuvector-svc-controller-fed-master + servicePort: 11443 +{{- end }} +{{- end }} +{{- if .Values.controller.federation.managedsvc.ingress.enabled }} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: neuvector-managedsvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.managedsvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.federation.managedsvc.ingress.ingressClassName }} + ingressClassName: {{ .Values.controller.federation.managedsvc.ingress.ingressClassName | quote }} +{{ end }} +{{- if .Values.controller.federation.managedsvc.ingress.tls }} + tls: + - hosts: + - {{ .Values.controller.federation.managedsvc.ingress.host }} +{{- if .Values.controller.federation.managedsvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.controller.federation.managedsvc.ingress.host }} + http: + paths: + - path: {{ .Values.controller.federation.managedsvc.ingress.path }} + pathType: Prefix + backend: + service: + name: neuvector-svc-controller-fed-managed + port: + number: 10443 +{{- else }} +--- +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: neuvector-managedsvc-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.managedsvc.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.federation.managedsvc.ingress.tls }} + tls: + - hosts: + - {{ .Values.controller.federation.managedsvc.ingress.host }} +{{- if .Values.controller.federation.managedsvc.ingress.secretName }} + secretName: {{ .Values.controller.federation.managedsvc.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.controller.federation.managedsvc.ingress.host }} + http: + paths: + - path: {{ .Values.controller.federation.managedsvc.ingress.path }} + backend: + serviceName: neuvector-svc-controller-fed-managed + servicePort: 10443 +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/controller-route.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/controller-route.yaml new file mode 100644 index 000000000..686a77ec4 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/controller-route.yaml @@ -0,0 +1,98 @@ +{{- if .Values.openshift -}} +{{- if .Values.controller.apisvc.route.enabled }} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: route.openshift.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: Route +metadata: + name: neuvector-route-api + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.apisvc.route.host }} + host: {{ .Values.controller.apisvc.route.host }} +{{- end }} + to: + kind: Service + name: neuvector-svc-controller-api + port: + targetPort: controller-api + tls: + termination: {{ .Values.controller.apisvc.route.termination }} +{{- if or (eq .Values.controller.apisvc.route.termination "reencrypt") (eq .Values.controller.apisvc.route.termination "edge") }} +{{- with .Values.controller.apisvc.route.tls }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} + +--- +{{ end -}} +{{- if .Values.controller.federation.mastersvc.route.enabled }} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: route.openshift.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: Route +metadata: + name: neuvector-route-fed-master + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.federation.mastersvc.route.host }} + host: {{ .Values.controller.federation.mastersvc.route.host }} +{{- end }} + to: + kind: Service + name: neuvector-svc-controller-fed-master + port: + targetPort: fed + tls: + termination: {{ .Values.controller.federation.mastersvc.route.termination }} +{{- if or (eq .Values.controller.federation.mastersvc.route.termination "reencrypt") (eq .Values.controller.federation.mastersvc.route.termination "edge") }} +{{- with .Values.controller.federation.mastersvc.route.tls }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} +--- +{{ end -}} +{{- if .Values.controller.federation.managedsvc.route.enabled }} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: route.openshift.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: Route +metadata: + name: neuvector-route-fed-managed + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.controller.federation.managedsvc.route.host }} + host: {{ .Values.controller.federation.managedsvc.route.host }} +{{- end }} + to: + kind: Service + name: neuvector-svc-controller-fed-managed + port: + targetPort: fed + tls: + termination: {{ .Values.controller.federation.managedsvc.route.termination }} +{{- if or (eq .Values.controller.federation.managedsvc.route.termination "reencrypt") (eq .Values.controller.federation.managedsvc.route.termination "edge") }} +{{- with .Values.controller.federation.managedsvc.route.tls }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} +{{ end -}} +{{- end -}} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/controller-service.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/controller-service.yaml new file mode 100644 index 000000000..d4040a78a --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/controller-service.yaml @@ -0,0 +1,97 @@ +{{- if .Values.controller.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-controller + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + clusterIP: None + ports: + - port: 18300 + protocol: "TCP" + name: "cluster-tcp-18300" + - port: 18301 + protocol: "TCP" + name: "cluster-tcp-18301" + - port: 18301 + protocol: "UDP" + name: "cluster-udp-18301" + selector: + app: neuvector-controller-pod +{{- if .Values.controller.apisvc.type }} +--- +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-controller-api + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.apisvc.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.controller.apisvc.type }} + ports: + - port: 10443 + protocol: "TCP" + name: "controller-api" + selector: + app: neuvector-controller-pod +{{ end -}} +{{- if .Values.controller.federation.mastersvc.type }} +--- +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-controller-fed-master + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.mastersvc.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.controller.federation.mastersvc.type }} + ports: + - port: 11443 + name: fed + protocol: TCP + selector: + app: neuvector-controller-pod +{{ end -}} +{{- if .Values.controller.federation.managedsvc.type }} +--- +apiVersion: v1 +kind: Service +metadata: + name: neuvector-svc-controller-fed-managed + namespace: {{ .Release.Namespace }} +{{- with .Values.controller.federation.managedsvc.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.controller.federation.managedsvc.type }} + ports: + - port: 10443 + name: fed + protocol: TCP + selector: + app: neuvector-controller-pod +{{ end -}} +{{- end -}} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/enforcer-daemonset.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/enforcer-daemonset.yaml new file mode 100644 index 000000000..6c53f5583 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/enforcer-daemonset.yaml @@ -0,0 +1,139 @@ +{{- if .Values.enforcer.enabled -}} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apps/v1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: DaemonSet +metadata: + name: neuvector-enforcer-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + updateStrategy: {{- toYaml .Values.enforcer.updateStrategy | nindent 4 }} + selector: + matchLabels: + app: neuvector-enforcer-pod + template: + metadata: + labels: + app: neuvector-enforcer-pod + release: {{ .Release.Name }} + {{- with .Values.enforcer.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.enforcer.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.enforcer.tolerations }} + tolerations: +{{ toYaml .Values.enforcer.tolerations | indent 8 }} + {{- end }} + hostPID: true + {{- if .Values.enforcer.priorityClassName }} + priorityClassName: {{ .Values.enforcer.priorityClassName }} + {{- end }} + serviceAccountName: {{ .Values.serviceAccount }} + serviceAccount: {{ .Values.serviceAccount }} + containers: + - name: neuvector-enforcer-pod + image: {{ template "system_default_registry" . }}{{ .Values.enforcer.image.repository }}:{{ .Values.enforcer.image.tag }} + securityContext: + privileged: true + resources: + {{- if .Values.enforcer.resources }} +{{ toYaml .Values.enforcer.resources | indent 12 }} + {{- else }} +{{ toYaml .Values.resources | indent 12 }} + {{- end }} + env: + - name: CLUSTER_JOIN_ADDR + value: neuvector-svc-controller.{{ .Release.Namespace }} + - name: CLUSTER_ADVERTISED_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: CLUSTER_BIND_ADDR + valueFrom: + fieldRef: + fieldPath: status.podIP + {{- with .Values.enforcer.env }} +{{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.containerd.enabled }} + - mountPath: /var/run/containerd/containerd.sock + {{- else if .Values.k3s.enabled }} + - mountPath: /var/run/containerd/containerd.sock + {{- else if .Values.bottlerocket.enabled }} + - mountPath: /var/run/containerd/containerd.sock + {{- else if .Values.crio.enabled }} + - mountPath: /var/run/crio/crio.sock + {{- else }} + - mountPath: /var/run/docker.sock + {{- end }} + name: runtime-sock + readOnly: true + - mountPath: /host/proc + name: proc-vol + readOnly: true + - mountPath: /host/cgroup + name: cgroup-vol + readOnly: true + - mountPath: /lib/modules + name: modules-vol + readOnly: true + {{- if .Values.internal.certmanager.enabled }} + - mountPath: /etc/neuvector/certs/internal/cert.key + subPath: {{ .Values.enforcer.internal.certificate.keyFile }} + name: internal-cert + readOnly: true + - mountPath: /etc/neuvector/certs/internal/cert.pem + subPath: {{ .Values.enforcer.internal.certificate.pemFile }} + name: internal-cert + readOnly: true + - mountPath: /etc/neuvector/certs/internal/ca.cert + subPath: {{ .Values.enforcer.internal.certificate.caFile }} + name: internal-cert + readOnly: true + {{- end }} + terminationGracePeriodSeconds: 1200 + restartPolicy: Always + volumes: + - name: runtime-sock + hostPath: + {{- if .Values.containerd.enabled }} + path: {{ .Values.containerd.path }} + {{- else if .Values.crio.enabled }} + path: {{ .Values.crio.path }} + {{- else if .Values.k3s.enabled }} + path: {{ .Values.k3s.runtimePath }} + {{- else if .Values.bottlerocket.enabled }} + path: {{ .Values.bottlerocket.runtimePath }} + {{- else }} + path: {{ .Values.docker.path }} + {{- end }} + - name: proc-vol + hostPath: + path: /proc + - name: cgroup-vol + hostPath: + path: /sys/fs/cgroup + - name: modules-vol + hostPath: + path: /lib/modules + {{- if .Values.internal.certmanager.enabled }} + - name: internal-cert + secret: + secretName: {{ .Values.enforcer.internal.certificate.secret }} + {{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/init-configmap.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/init-configmap.yaml new file mode 100644 index 000000000..5cc1bb5c3 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/init-configmap.yaml @@ -0,0 +1,13 @@ +{{- if .Values.controller.configmap.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: neuvector-init + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ toYaml .Values.controller.configmap.data | indent 2 }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/init-secret.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/init-secret.yaml new file mode 100644 index 000000000..8a5081408 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/init-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.controller.secret.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: neuvector-init + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{- range $key, $val := .Values.controller.secret.data }} + {{ $key }}: | {{ toYaml $val | b64enc | nindent 4 }} +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/manager-deployment.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/manager-deployment.yaml new file mode 100644 index 000000000..f2be290b2 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/manager-deployment.yaml @@ -0,0 +1,92 @@ +{{- if .Values.manager.enabled -}} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apps/v1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Deployment +metadata: + name: neuvector-manager-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app: neuvector-manager-pod + template: + metadata: + labels: + app: neuvector-manager-pod + release: {{ .Release.Name }} + {{- with .Values.manager.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.manager.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.manager.affinity }} + affinity: +{{ toYaml .Values.manager.affinity | indent 8 }} + {{- end }} + {{- if .Values.manager.tolerations }} + tolerations: +{{ toYaml .Values.manager.tolerations | indent 8 }} + {{- end }} + {{- if .Values.manager.nodeSelector }} + nodeSelector: +{{ toYaml .Values.manager.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.manager.priorityClassName }} + priorityClassName: {{ .Values.manager.priorityClassName }} + {{- end }} + serviceAccountName: {{ .Values.serviceAccount }} + serviceAccount: {{ .Values.serviceAccount }} + {{- if .Values.manager.runAsUser }} + securityContext: + runAsUser: {{ .Values.manager.runAsUser }} + {{- end }} + containers: + - name: neuvector-manager-pod + image: {{ template "system_default_registry" . }}{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }} + env: + - name: CTRL_SERVER_IP + value: neuvector-svc-controller.{{ .Release.Namespace }} + {{- if not .Values.manager.env.ssl }} + - name: MANAGER_SSL + value: "off" + {{- end }} + volumeMounts: + {{- if .Values.manager.certificate.secret }} + - mountPath: /etc/neuvector/certs/ssl-cert.key + subPath: {{ .Values.manager.certificate.keyFile }} + name: cert + readOnly: true + - mountPath: /etc/neuvector/certs/ssl-cert.pem + subPath: {{ .Values.manager.certificate.pemFile }} + name: cert + readOnly: true + {{- end }} + resources: + {{- if .Values.manager.resources }} +{{ toYaml .Values.manager.resources | indent 12 }} + {{- else }} +{{ toYaml .Values.resources | indent 12 }} + {{- end }} + restartPolicy: Always + volumes: + {{- if .Values.manager.certificate.secret }} + - name: cert + secret: + secretName: {{ .Values.manager.certificate.secret }} + {{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/manager-ingress.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/manager-ingress.yaml new file mode 100644 index 000000000..d6e2e3350 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/manager-ingress.yaml @@ -0,0 +1,71 @@ +{{- if and .Values.manager.enabled .Values.manager.ingress.enabled -}} +{{- if (semverCompare ">=1.19-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: neuvector-webui-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.manager.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.manager.ingress.ingressClassName }} + ingressClassName: {{ .Values.manager.ingress.ingressClassName | quote }} +{{ end }} +{{- if .Values.manager.ingress.tls }} + tls: + - hosts: + - {{ .Values.manager.ingress.host }} +{{- if .Values.manager.ingress.secretName }} + secretName: {{ .Values.manager.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.manager.ingress.host }} + http: + paths: + - path: {{ .Values.manager.ingress.path }} + pathType: Prefix + backend: + service: + name: neuvector-service-webui + port: + number: 8443 +{{- else }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: neuvector-webui-ingress + namespace: {{ .Release.Namespace }} +{{- with .Values.manager.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.manager.ingress.tls }} + tls: + - hosts: + - {{ .Values.manager.ingress.host }} +{{- if .Values.manager.ingress.secretName }} + secretName: {{ .Values.manager.ingress.secretName }} +{{- end }} +{{- end }} + rules: + - host: {{ .Values.manager.ingress.host }} + http: + paths: + - path: {{ .Values.manager.ingress.path }} + backend: + serviceName: neuvector-service-webui + servicePort: 8443 +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/manager-route.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/manager-route.yaml new file mode 100644 index 000000000..784a4ae23 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/manager-route.yaml @@ -0,0 +1,33 @@ +{{- if .Values.openshift -}} +{{- if .Values.manager.route.enabled }} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: route.openshift.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: Route +metadata: + name: neuvector-route-webui + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: +{{- if .Values.manager.route.host }} + host: {{ .Values.manager.route.host }} +{{- end }} + to: + kind: Service + name: neuvector-service-webui + port: + targetPort: manager + tls: + termination: {{ .Values.manager.route.termination }} +{{- if or (eq .Values.manager.route.termination "reencrypt") (eq .Values.manager.route.termination "edge") }} +{{- with .Values.manager.route.tls }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/manager-service.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/manager-service.yaml new file mode 100644 index 000000000..e18e55c35 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/manager-service.yaml @@ -0,0 +1,26 @@ +{{- if .Values.manager.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: neuvector-service-webui + namespace: {{ .Release.Namespace }} +{{- with .Values.manager.svc.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.manager.svc.type }} +{{- if and .Values.manager.svc.loadBalancerIP (eq .Values.manager.svc.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.manager.svc.loadBalancerIP }} +{{- end }} + ports: + - port: 8443 + name: manager + protocol: TCP + selector: + app: neuvector-manager-pod +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/psp.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/psp.yaml new file mode 100644 index 000000000..801d7d48a --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/psp.yaml @@ -0,0 +1,77 @@ +{{- if .Values.global.cattle.psp.enabled -}} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: neuvector-binding-psp + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + labels: + chart: {{ template "neuvector.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + privileged: true + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + allowedCapabilities: + - SYS_ADMIN + - NET_ADMIN + - SYS_PTRACE + - IPC_LOCK + requiredDropCapabilities: + - ALL + volumes: + - '*' + hostNetwork: true + hostPorts: + - min: 0 + max: 65535 + hostIPC: true + hostPID: true + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: neuvector-binding-psp + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +rules: +- apiGroups: + - policy + - extensions + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - neuvector-binding-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: neuvector-binding-psp + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: neuvector-binding-psp +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/pvc.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/pvc.yaml new file mode 100644 index 000000000..3821d0485 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/pvc.yaml @@ -0,0 +1,27 @@ +{{- if not .Values.controller.pvc.existingClaim -}} +{{- if and .Values.controller.enabled .Values.controller.pvc.enabled -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: neuvector-data + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + accessModes: +{{ toYaml .Values.controller.pvc.accessModes | indent 4 }} + volumeMode: Filesystem +{{- if .Values.controller.pvc.storageClass }} + storageClassName: {{ .Values.controller.pvc.storageClass }} +{{- end }} + resources: + requests: +{{- if .Values.controller.pvc.capacity }} + storage: {{ .Values.controller.pvc.capacity }} +{{- else }} + storage: 1Gi +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/rolebinding.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/rolebinding.yaml new file mode 100644 index 000000000..6e6af5b6a --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/rolebinding.yaml @@ -0,0 +1,56 @@ +{{- if .Values.rbac -}} +{{- $oc4 := and .Values.openshift (semverCompare ">=1.12-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} +{{- $oc3 := and .Values.openshift (not $oc4) (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) -}} + +{{- if $oc3 }} +apiVersion: authorization.openshift.io/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: rbac.authorization.k8s.io/v1 +{{- else }} +apiVersion: v1 +{{- end }} +kind: RoleBinding +metadata: + name: neuvector-admin + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: +{{- if not $oc3 }} + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole +{{- end }} + name: admin +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- if $oc3 }} +userNames: +- system:serviceaccount:{{ .Release.Namespace }}:{{ .Values.serviceAccount }} +{{- end }} + +--- + +{{- if $oc4 }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: system:openshift:scc:privileged + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:openshift:scc:privileged +subjects: +- kind: ServiceAccount + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/scanner-deployment.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/scanner-deployment.yaml new file mode 100644 index 000000000..eaa85af5d --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/scanner-deployment.yaml @@ -0,0 +1,97 @@ +{{- if .Values.cve.scanner.enabled -}} +{{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: apps/v1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Deployment +metadata: + name: neuvector-scanner-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + strategy: +{{ toYaml .Values.cve.scanner.strategy | indent 4 }} + replicas: {{ .Values.cve.scanner.replicas }} + selector: + matchLabels: + app: neuvector-scanner-pod + template: + metadata: + labels: + app: neuvector-scanner-pod + {{- with .Values.cve.scanner.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.cve.scanner.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if .Values.cve.scanner.affinity }} + affinity: +{{ toYaml .Values.cve.scanner.affinity | indent 8 }} + {{- end }} + {{- if .Values.cve.scanner.tolerations }} + tolerations: +{{ toYaml .Values.cve.scanner.tolerations | indent 8 }} + {{- end }} + {{- if .Values.cve.scanner.nodeSelector }} + nodeSelector: +{{ toYaml .Values.cve.scanner.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.cve.scanner.priorityClassName }} + priorityClassName: {{ .Values.cve.scanner.priorityClassName }} + {{- end }} + serviceAccountName: {{ .Values.serviceAccount }} + serviceAccount: {{ .Values.serviceAccount }} + {{- if .Values.cve.scanner.runAsUser }} + securityContext: + runAsUser: {{ .Values.cve.scanner.runAsUser }} + {{- end }} + containers: + - name: neuvector-scanner-pod + image: {{ template "system_default_registry" . }}{{ .Values.cve.scanner.image.repository }}:{{ .Values.cve.scanner.image.tag }} + imagePullPolicy: Always + env: + - name: CLUSTER_JOIN_ADDR + value: neuvector-svc-controller.{{ .Release.Namespace }} + {{- if .Values.cve.scanner.dockerPath }} + - name: SCANNER_DOCKER_URL + value: {{ .Values.cve.scanner.dockerPath }} + {{- end }} + {{- with .Values.cve.scanner.env }} +{{- toYaml . | nindent 12 }} + {{- end }} + resources: +{{ toYaml .Values.cve.scanner.resources | indent 12 }} + {{- if .Values.internal.certmanager.enabled }} + volumeMounts: + - mountPath: /etc/neuvector/certs/internal/cert.key + subPath: {{ .Values.cve.scanner.internal.certificate.keyFile }} + name: internal-cert + readOnly: true + - mountPath: /etc/neuvector/certs/internal/cert.pem + subPath: {{ .Values.cve.scanner.internal.certificate.pemFile }} + name: internal-cert + readOnly: true + - mountPath: /etc/neuvector/certs/internal/ca.cert + subPath: {{ .Values.cve.scanner.internal.certificate.caFile }} + name: internal-cert + readOnly: true + {{- end }} + restartPolicy: Always + {{- if .Values.internal.certmanager.enabled }} + volumes: + - name: internal-cert + secret: + secretName: {{ .Values.cve.scanner.internal.certificate.secret }} + {{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/serviceaccount.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/serviceaccount.yaml new file mode 100644 index 000000000..47da190a5 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if not .Values.openshift}} +{{- if ne .Values.serviceAccount "default"}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount }} + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/updater-cronjob.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/updater-cronjob.yaml new file mode 100644 index 000000000..76c700f56 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/updater-cronjob.yaml @@ -0,0 +1,70 @@ +{{- if .Values.cve.updater.enabled -}} +{{- if (semverCompare ">=1.21-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: batch/v1 +{{- else if (semverCompare ">=1.8-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} +apiVersion: batch/v1beta1 +{{- else }} +apiVersion: batch/v2alpha1 +{{- end }} +kind: CronJob +metadata: + name: neuvector-updater-pod + namespace: {{ .Release.Namespace }} + labels: + chart: {{ template "neuvector.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + schedule: {{ .Values.cve.updater.schedule | quote }} + jobTemplate: + spec: + template: + metadata: + labels: + app: neuvector-updater-pod + release: {{ .Release.Name }} + {{- with .Values.cve.updater.podLabels }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.cve.updater.podAnnotations }} + annotations: + {{- toYaml . | nindent 12 }} + {{- end }} + spec: + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + {{- if .Values.cve.updater.nodeSelector }} + nodeSelector: +{{ toYaml .Values.cve.updater.nodeSelector | indent 12 }} + {{- end }} + {{- if .Values.cve.updater.priorityClassName }} + priorityClassName: {{ .Values.cve.updater.priorityClassName }} + {{- end }} + serviceAccountName: {{ .Values.serviceAccount }} + serviceAccount: {{ .Values.serviceAccount }} + {{- if .Values.cve.updater.runAsUser }} + securityContext: + runAsUser: {{ .Values.cve.updater.runAsUser }} + {{- end }} + containers: + - name: neuvector-updater-pod + image: {{ template "system_default_registry" . }}{{ .Values.cve.updater.image.repository }}:{{ .Values.cve.updater.image.tag }} + imagePullPolicy: Always + {{- if .Values.cve.scanner.enabled }} + command: + - /bin/sh + - -c + {{- if (semverCompare ">=1.9-0" (substr 1 -1 .Capabilities.KubeVersion.GitVersion)) }} + {{- if .Values.cve.updater.secure }} + - /usr/bin/curl -v -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' + {{- else }} + - /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/apps/v1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' + {{- end }} + {{- else }} + - /usr/bin/curl -kv -X PATCH -H "Authorization:Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" -H "Content-Type:application/strategic-merge-patch+json" -d '{"spec":{"template":{"metadata":{"annotations":{"kubectl.kubernetes.io/restartedAt":"'`date +%Y-%m-%dT%H:%M:%S%z`'"}}}}}' 'https://kubernetes.default/apis/extensions/v1beta1/namespaces/{{ .Release.Namespace }}/deployments/neuvector-scanner-pod' + {{- end }} + {{- end }} + restartPolicy: Never +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/templates/validate-psp-install.yaml b/charts/neuvector/102.0.2+up2.4.5/templates/validate-psp-install.yaml new file mode 100644 index 000000000..da62c4d18 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/templates/validate-psp-install.yaml @@ -0,0 +1,7 @@ +{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +{{- if .Values.global.cattle.psp.enabled }} +{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/neuvector/102.0.2+up2.4.5/values.yaml b/charts/neuvector/102.0.2+up2.4.5/values.yaml new file mode 100644 index 000000000..228f94475 --- /dev/null +++ b/charts/neuvector/102.0.2+up2.4.5/values.yaml @@ -0,0 +1,414 @@ +# Default values for neuvector. +# This is a YAML-formatted file. +# Declare variables to be passed into the templates. + +global: + cattle: + systemDefaultRegistry: "" + psp: + enabled: false # PSP enablement should default to false + +openshift: false + +registry: docker.io +oem: +rbac: true +serviceAccount: neuvector + +internal: # enable when cert-manager is installed for the internal certificates + certmanager: + enabled: false + secretname: neuvector-internal + +controller: + # If false, controller will not be installed + enabled: true + annotations: {} + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + image: + repository: rancher/mirrored-neuvector-controller + tag: 5.1.3 + hash: + replicas: 3 + disruptionbudget: 0 + schedulerName: + priorityClassName: + podLabels: {} + podAnnotations: {} + env: [] + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - neuvector-controller-pod + topologyKey: "kubernetes.io/hostname" + tolerations: [] + nodeSelector: {} + # key1: value1 + # key2: value2 + apisvc: + type: + annotations: {} + # OpenShift Route configuration + # Controller supports HTTPS only, so edge termination not supported + route: + enabled: false + termination: passthrough + host: + tls: + #certificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #caCertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #destinationCACertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #key: | + # -----BEGIN PRIVATE KEY----- + # -----END PRIVATE KEY----- + ranchersso: + enabled: true + pvc: + enabled: false + existingClaim: false + accessModes: + - ReadWriteMany + storageClass: + capacity: + azureFileShare: + enabled: false + secretName: + shareName: + certificate: + secret: + keyFile: tls.key + pemFile: tls.pem + internal: # this is used for internal communication. Please use the SAME CA for all the components ( controller, scanner, and enforcer ) The cert needs to have a CN of "NeuVector" + certificate: + secret: neuvector-internal + keyFile: tls.key + pemFile: tls.crt + caFile: ca.crt # must be the same CA for all internal. + federation: + mastersvc: + type: + # Federation Master Ingress + ingress: + enabled: false + host: # MUST be set, if ingress is enabled + ingressClassName: "" + path: "/" # or this could be "/api", but might need "rewrite-target" annotation + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # ingress.kubernetes.io/rewrite-target: / + tls: false + secretName: + annotations: {} + # OpenShift Route configuration + # Controller supports HTTPS only, so edge termination not supported + route: + enabled: false + termination: passthrough + host: + tls: + #certificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #caCertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #destinationCACertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #key: | + # -----BEGIN PRIVATE KEY----- + # -----END PRIVATE KEY----- + managedsvc: + type: + # Federation Managed Ingress + ingress: + enabled: false + host: # MUST be set, if ingress is enabled + ingressClassName: "" + path: "/" # or this could be "/api", but might need "rewrite-target" annotation + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # ingress.kubernetes.io/rewrite-target: / + tls: false + secretName: + annotations: {} + # OpenShift Route configuration + # Controller supports HTTPS only, so edge termination not supported + route: + enabled: false + termination: passthrough + host: + tls: + #certificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #caCertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #destinationCACertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #key: | + # -----BEGIN PRIVATE KEY----- + # -----END PRIVATE KEY----- + ingress: + enabled: false + host: # MUST be set, if ingress is enabled + ingressClassName: "" + path: "/" # or this could be "/api", but might need "rewrite-target" annotation + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # ingress.kubernetes.io/rewrite-target: / + tls: false + secretName: + resources: {} + # limits: + # cpu: 400m + # memory: 2792Mi + # requests: + # cpu: 100m + # memory: 2280Mi + configmap: + enabled: false + data: + # passwordprofileinitcfg.yaml: | + # ... + # roleinitcfg.yaml: | + # ... + # ldapinitcfg.yaml: | + # ... + # oidcinitcfg.yaml: | + # ... + # samlinitcfg.yaml: | + # ... + # sysinitcfg.yaml: | + # ... + # userinitcfg.yaml: | + # ... + secret: + # NOTE: files defined here have preferrence over the ones defined in the configmap section + enabled: false + data: {} + # passwordprofileinitcfg.yaml: | + # ... + # roleinitcfg.yaml: | + # ... + # ldapinitcfg.yaml: + # directory: OpenLDAP + # ... + # oidcinitcfg.yaml: + # Issuer: https://... + # ... + # samlinitcfg.yaml: + # ... + # sysinitcfg.yaml: + # ... + # userinitcfg.yaml: + # ... + +enforcer: + # If false, enforcer will not be installed + enabled: true + image: + repository: rancher/mirrored-neuvector-enforcer + tag: 5.1.3 + hash: + updateStrategy: + type: RollingUpdate + priorityClassName: + podLabels: {} + podAnnotations: {} + env: [] + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + resources: {} + # limits: + # cpu: 400m + # memory: 2792Mi + # requests: + # cpu: 100m + # memory: 2280Mi + internal: # this is used for internal communication. Please use the SAME CA for all the components ( controller, scanner, and enforcer ) The cert needs to have a CN of "NeuVector" + certificate: + secret: neuvector-internal + keyFile: tls.key + pemFile: tls.crt + caFile: ca.crt # must be the same CA for all internal. + +manager: + # If false, manager will not be installed + enabled: true + image: + repository: rancher/mirrored-neuvector-manager + tag: 5.1.3 + hash: + priorityClassName: + env: + ssl: true + svc: + type: NodePort # should be set to - ClusterIP + loadBalancerIP: + annotations: {} + # azure + # service.beta.kubernetes.io/azure-load-balancer-internal: "true" + # service.beta.kubernetes.io/azure-load-balancer-internal-subnet: "apps-subnet" + # OpenShift Route configuration + # Make sure manager env ssl is false for edge termination + route: + enabled: true + termination: passthrough + host: + tls: + #certificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #caCertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #destinationCACertificate: | + # -----BEGIN CERTIFICATE----- + # -----END CERTIFICATE----- + #key: | + # -----BEGIN PRIVATE KEY----- + # -----END PRIVATE KEY----- + certificate: + secret: + keyFile: tls.key + pemFile: tls.pem + ingress: + enabled: false + host: # MUST be set, if ingress is enabled + ingressClassName: "" + path: "/" + annotations: + nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + # kubernetes.io/ingress.class: my-nginx + # nginx.ingress.kubernetes.io/whitelist-source-range: "1.1.1.1" + # nginx.ingress.kubernetes.io/rewrite-target: / + # nginx.ingress.kubernetes.io/enable-rewrite-log: "true" + # only for end-to-end tls conf - ingress-nginx accepts backend self-signed cert + tls: false + secretName: # my-tls-secret + resources: {} + # limits: + # cpu: 400m + # memory: 2792Mi + # requests: + # cpu: 100m + # memory: 2280Mi + affinity: {} + podLabels: {} + podAnnotations: {} + tolerations: [] + nodeSelector: {} + # key1: value1 + # key2: value2 + runAsUser: # MUST be set for Rancher hardened cluster + +cve: + updater: + # If false, cve updater will not be installed + enabled: true + secure: false + image: + repository: rancher/mirrored-neuvector-updater + tag: latest + hash: + schedule: "0 0 * * *" + priorityClassName: + podLabels: {} + podAnnotations: {} + nodeSelector: {} + # key1: value1 + # key2: value2 + runAsUser: # MUST be set for Rancher hardened cluster + scanner: + enabled: true + replicas: 3 + dockerPath: "" + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + image: + repository: rancher/mirrored-neuvector-scanner + tag: latest + hash: + priorityClassName: + resources: {} + # limits: + # cpu: 400m + # memory: 2792Mi + # requests: + # cpu: 100m + # memory: 2280Mi + affinity: {} + podLabels: {} + podAnnotations: {} + env: [] + tolerations: [] + nodeSelector: {} + # key1: value1 + # key2: value2 + runAsUser: # MUST be set for Rancher hardened cluster + internal: # this is used for internal communication. Please use the SAME CA for all the components ( controller, scanner, and enforcer ) The cert needs to have a CN of "NeuVector" + certificate: + secret: neuvector-internal + keyFile: tls.key + pemFile: tls.crt + caFile: ca.crt # must be the same CA for all internal. + +docker: + path: /var/run/docker.sock + +resources: {} + # limits: + # cpu: 400m + # memory: 2792Mi + # requests: + # cpu: 100m + # memory: 2280Mi + +k3s: + enabled: false + runtimePath: /run/k3s/containerd/containerd.sock + +bottlerocket: + enabled: false + runtimePath: /run/dockershim.sock + +containerd: + enabled: false + path: /var/run/containerd/containerd.sock + +crio: + enabled: false + path: /var/run/crio/crio.sock + +admissionwebhook: + type: ClusterIP + +crdwebhook: + enabled: true + type: ClusterIP diff --git a/index.yaml b/index.yaml index 3cd893b06..0303a70a9 100755 --- a/index.yaml +++ b/index.yaml @@ -3314,6 +3314,37 @@ entries: - assets/longhorn-crd/longhorn-crd-1.0.200.tgz version: 1.0.200 neuvector: + - annotations: + catalog.cattle.io/auto-install: neuvector-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: NeuVector + catalog.cattle.io/kube-version: '>=1.18.0-0 < 1.27.0-0' + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/os: linux + catalog.cattle.io/permit-os: linux + catalog.cattle.io/provides-gvr: neuvector.com/v1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: neuvector + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 2.4.5 + apiVersion: v1 + appVersion: 5.1.3 + created: "2023-05-20T00:51:34.05666439Z" + description: Helm feature chart for NeuVector's core services + digest: 8f3b302360d8ad7e69a798cbdfea85d9046bdbb4155f92c732287c543c86dea5 + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + keywords: + - security + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector + sources: + - https://github.com/neuvector/neuvector + urls: + - assets/neuvector/neuvector-102.0.2+up2.4.5.tgz + version: 102.0.2+up2.4.5 - annotations: catalog.cattle.io/auto-install: neuvector-crd=match catalog.cattle.io/certified: rancher @@ -3569,6 +3600,26 @@ entries: - assets/neuvector/neuvector-100.0.0+up2.2.0.tgz version: 100.0.0+up2.2.0 neuvector-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-neuvector-system + catalog.cattle.io/release-name: neuvector-crd + apiVersion: v1 + appVersion: 5.1.3 + created: "2023-05-20T00:51:34.063201383Z" + description: Helm chart for NeuVector's CRD services + digest: 4c4921030a76b424e13ba79b776dcb7e5f7cbeab734226f3c8fa80b3d12b75a7 + home: https://neuvector.com + icon: https://avatars2.githubusercontent.com/u/19367275?s=200&v=4 + maintainers: + - email: support@neuvector.com + name: becitsthere + name: neuvector-crd + type: application + urls: + - assets/neuvector-crd/neuvector-crd-102.0.2+up2.4.5.tgz + version: 102.0.2+up2.4.5 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" From d8348844567133bd2c0fde94c1ebd62c5e811425 Mon Sep 17 00:00:00 2001 From: selvamt94 Date: Sat, 20 May 2023 00:51:36 +0000 Subject: [PATCH 03/18] Update release.yaml --- release.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/release.yaml b/release.yaml index 37e312022..e54bd6966 100644 --- a/release.yaml +++ b/release.yaml @@ -1,2 +1,4 @@ -rancher-webhook: - - 2.0.4+up0.3.4 +neuvector: + - 102.0.2+up2.4.5 +neuvector-crd: + - 102.0.2+up2.4.5 From aafa933908b83eccdd3c23f5d26490af456910a9 Mon Sep 17 00:00:00 2001 From: Ray Chang Date: Mon, 15 May 2023 09:58:04 +0800 Subject: [PATCH 04/18] make prepare/patch: release longhorn v1.4.2 into Rancher 2.7 Longhorn 5864 Signed-off-by: Ray Chang --- .../longhorn-1.4/charts/Chart.yaml | 11 + .../longhorn-1.4/charts/README.md | 2 + .../charts/templates/_helpers.tpl | 66 + .../longhorn-1.4/charts/templates/crds.yaml | 3469 +++++++++++++++++ .../generated-changes/exclude/questions.yaml | 27 +- .../exclude/templates/default-setting.yaml | 1 + .../generated-changes/exclude/values.yaml | 17 +- .../generated-changes/patch/Chart.yaml.patch | 4 +- .../longhorn-crd/longhorn-1.4/package.yaml | 4 +- .../longhorn/longhorn-1.4/charts/.helmignore | 21 + .../longhorn/longhorn-1.4/charts/Chart.yaml | 40 + .../longhorn/longhorn-1.4/charts/README.md | 49 + .../longhorn-1.4/charts/app-readme.md | 27 + .../longhorn-1.4/charts/questions.yaml | 850 ++++ .../longhorn-1.4/charts/templates/NOTES.txt | 5 + .../charts/templates/_helpers.tpl | 66 + .../charts/templates/clusterrole.yaml | 60 + .../charts/templates/clusterrolebinding.yaml | 27 + .../charts/templates/daemonset-sa.yaml | 147 + .../charts/templates/default-setting.yaml | 80 + .../charts/templates/deployment-driver.yaml | 118 + .../deployment-recovery-backend.yaml | 83 + .../charts/templates/deployment-ui.yaml | 114 + .../charts/templates/deployment-webhook.yaml | 166 + .../charts/templates/ingress.yaml | 48 + .../charts/templates/postupgrade-job.yaml | 58 + .../longhorn-1.4/charts/templates/psp.yaml | 66 + .../charts/templates/registry-secret.yaml | 13 + .../charts/templates/serviceaccount.yaml | 21 + .../charts/templates/services.yaml | 74 + .../charts/templates/storageclass.yaml | 44 + .../charts/templates/tls-secrets.yaml | 16 + .../charts/templates/uninstall-job.yaml | 59 + .../charts/templates/userroles.yaml | 50 + .../templates/validate-install-crd.yaml | 33 + .../templates/validate-psp-install.yaml | 7 + .../longhorn/longhorn-1.4/charts/values.yaml | 333 ++ .../exclude/templates/crds.yaml | 8 +- .../generated-changes/patch/Chart.yaml.patch | 4 +- .../patch/questions.yaml.patch | 9 +- .../generated-changes/patch/values.yaml.patch | 14 +- packages/longhorn/longhorn-1.4/package.yaml | 4 +- 42 files changed, 6276 insertions(+), 39 deletions(-) create mode 100755 packages/longhorn-crd/longhorn-1.4/charts/Chart.yaml create mode 100755 packages/longhorn-crd/longhorn-1.4/charts/README.md create mode 100755 packages/longhorn-crd/longhorn-1.4/charts/templates/_helpers.tpl create mode 100755 packages/longhorn-crd/longhorn-1.4/charts/templates/crds.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/.helmignore create mode 100755 packages/longhorn/longhorn-1.4/charts/Chart.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/README.md create mode 100755 packages/longhorn/longhorn-1.4/charts/app-readme.md create mode 100755 packages/longhorn/longhorn-1.4/charts/questions.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/NOTES.txt create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/_helpers.tpl create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/clusterrole.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/clusterrolebinding.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/daemonset-sa.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/default-setting.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/deployment-driver.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/deployment-recovery-backend.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/deployment-ui.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/deployment-webhook.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/ingress.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/postupgrade-job.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/psp.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/registry-secret.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/serviceaccount.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/services.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/storageclass.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/tls-secrets.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/uninstall-job.yaml create mode 100644 packages/longhorn/longhorn-1.4/charts/templates/userroles.yaml create mode 100644 packages/longhorn/longhorn-1.4/charts/templates/validate-install-crd.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/templates/validate-psp-install.yaml create mode 100755 packages/longhorn/longhorn-1.4/charts/values.yaml diff --git a/packages/longhorn-crd/longhorn-1.4/charts/Chart.yaml b/packages/longhorn-crd/longhorn-1.4/charts/Chart.yaml new file mode 100755 index 000000000..5a2070253 --- /dev/null +++ b/packages/longhorn-crd/longhorn-1.4/charts/Chart.yaml @@ -0,0 +1,11 @@ +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd +apiVersion: v1 +appVersion: v1.4.2 +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application +version: 1.4.2 diff --git a/packages/longhorn-crd/longhorn-1.4/charts/README.md b/packages/longhorn-crd/longhorn-1.4/charts/README.md new file mode 100755 index 000000000..d9f7f14b3 --- /dev/null +++ b/packages/longhorn-crd/longhorn-1.4/charts/README.md @@ -0,0 +1,2 @@ +# longhorn-crd +A Rancher chart that installs the CRDs used by longhorn. diff --git a/packages/longhorn-crd/longhorn-1.4/charts/templates/_helpers.tpl b/packages/longhorn-crd/longhorn-1.4/charts/templates/_helpers.tpl new file mode 100755 index 000000000..3fbc2ac02 --- /dev/null +++ b/packages/longhorn-crd/longhorn-1.4/charts/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/packages/longhorn-crd/longhorn-1.4/charts/templates/crds.yaml b/packages/longhorn-crd/longhorn-1.4/charts/templates/crds.yaml new file mode 100755 index 000000000..3338c6095 --- /dev/null +++ b/packages/longhorn-crd/longhorn-1.4/charts/templates/crds.yaml @@ -0,0 +1,3469 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: backingimagedatasources.longhorn.io +spec: + group: longhorn.io + names: + kind: BackingImageDataSource + listKind: BackingImageDataSourceList + plural: backingimagedatasources + shortNames: + - lhbids + singular: backingimagedatasource + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The current state of the pod used to provision the backing image file from source + jsonPath: .status.currentState + name: State + type: string + - description: The data source type + jsonPath: .spec.sourceType + name: SourceType + type: string + - description: The node the backing image file will be prepared on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The disk the backing image file will be prepared on + jsonPath: .spec.diskUUID + name: DiskUUID + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BackingImageDataSource is where Longhorn stores backing image data source object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The system generated UUID of the provisioned backing image file + jsonPath: .spec.uuid + name: UUID + type: string + - description: The current state of the pod used to provision the backing image file from source + jsonPath: .status.currentState + name: State + type: string + - description: The data source type + jsonPath: .spec.sourceType + name: SourceType + type: string + - description: The backing image file size + jsonPath: .status.size + name: Size + type: string + - description: The node the backing image file will be prepared on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The disk the backing image file will be prepared on + jsonPath: .spec.diskUUID + name: DiskUUID + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: BackingImageDataSource is where Longhorn stores backing image data source object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackingImageDataSourceSpec defines the desired state of the Longhorn backing image data source + properties: + checksum: + type: string + diskPath: + type: string + diskUUID: + type: string + fileTransferred: + type: boolean + nodeID: + type: string + parameters: + additionalProperties: + type: string + type: object + sourceType: + enum: + - download + - upload + - export-from-volume + type: string + uuid: + type: string + type: object + status: + description: BackingImageDataSourceStatus defines the observed state of the Longhorn backing image data source + properties: + checksum: + type: string + currentState: + type: string + ip: + type: string + message: + type: string + ownerID: + type: string + progress: + type: integer + runningParameters: + additionalProperties: + type: string + nullable: true + type: object + size: + format: int64 + type: integer + storageIP: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: backingimagemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: BackingImageManager + listKind: BackingImageManagerList + plural: backingimagemanagers + shortNames: + - lhbim + singular: backingimagemanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The current state of the manager + jsonPath: .status.currentState + name: State + type: string + - description: The image the manager pod will use + jsonPath: .spec.image + name: Image + type: string + - description: The node the manager is on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The disk the manager is responsible for + jsonPath: .spec.diskUUID + name: DiskUUID + type: string + - description: The disk path the manager is using + jsonPath: .spec.diskPath + name: DiskPath + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BackingImageManager is where Longhorn stores backing image manager object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The current state of the manager + jsonPath: .status.currentState + name: State + type: string + - description: The image the manager pod will use + jsonPath: .spec.image + name: Image + type: string + - description: The node the manager is on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The disk the manager is responsible for + jsonPath: .spec.diskUUID + name: DiskUUID + type: string + - description: The disk path the manager is using + jsonPath: .spec.diskPath + name: DiskPath + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: BackingImageManager is where Longhorn stores backing image manager object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackingImageManagerSpec defines the desired state of the Longhorn backing image manager + properties: + backingImages: + additionalProperties: + type: string + type: object + diskPath: + type: string + diskUUID: + type: string + image: + type: string + nodeID: + type: string + type: object + status: + description: BackingImageManagerStatus defines the observed state of the Longhorn backing image manager + properties: + apiMinVersion: + type: integer + apiVersion: + type: integer + backingImageFileMap: + additionalProperties: + properties: + currentChecksum: + type: string + directory: + description: 'Deprecated: This field is useless.' + type: string + downloadProgress: + description: 'Deprecated: This field is renamed to `Progress`.' + type: integer + message: + type: string + name: + type: string + progress: + type: integer + senderManagerAddress: + type: string + sendingReference: + type: integer + size: + format: int64 + type: integer + state: + type: string + url: + description: 'Deprecated: This field is useless now. The manager of backing image files doesn''t care if a file is downloaded and how.' + type: string + uuid: + type: string + type: object + nullable: true + type: object + currentState: + type: string + ip: + type: string + ownerID: + type: string + storageIP: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: backingimages.longhorn.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} + path: /v1/webhook/conversion + port: 9443 + conversionReviewVersions: + - v1beta2 + - v1beta1 + group: longhorn.io + names: + kind: BackingImage + listKind: BackingImageList + plural: backingimages + shortNames: + - lhbi + singular: backingimage + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The backing image name + jsonPath: .spec.image + name: Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: BackingImage is where Longhorn stores backing image object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The system generated UUID + jsonPath: .status.uuid + name: UUID + type: string + - description: The source of the backing image file data + jsonPath: .spec.sourceType + name: SourceType + type: string + - description: The backing image file size in each disk + jsonPath: .status.size + name: Size + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: BackingImage is where Longhorn stores backing image object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackingImageSpec defines the desired state of the Longhorn backing image + properties: + checksum: + type: string + disks: + additionalProperties: + type: string + type: object + imageURL: + description: 'Deprecated: This kind of info will be included in the related BackingImageDataSource.' + type: string + sourceParameters: + additionalProperties: + type: string + type: object + sourceType: + enum: + - download + - upload + - export-from-volume + type: string + type: object + status: + description: BackingImageStatus defines the observed state of the Longhorn backing image status + properties: + checksum: + type: string + diskDownloadProgressMap: + additionalProperties: + type: integer + description: 'Deprecated: Replaced by field `Progress` in `DiskFileStatusMap`.' + nullable: true + type: object + diskDownloadStateMap: + additionalProperties: + description: BackingImageDownloadState is replaced by BackingImageState. + type: string + description: 'Deprecated: Replaced by field `State` in `DiskFileStatusMap`.' + nullable: true + type: object + diskFileStatusMap: + additionalProperties: + properties: + lastStateTransitionTime: + type: string + message: + type: string + progress: + type: integer + state: + type: string + type: object + nullable: true + type: object + diskLastRefAtMap: + additionalProperties: + type: string + nullable: true + type: object + ownerID: + type: string + size: + format: int64 + type: integer + uuid: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: backups.longhorn.io +spec: + group: longhorn.io + names: + kind: Backup + listKind: BackupList + plural: backups + shortNames: + - lhb + singular: backup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The snapshot name + jsonPath: .status.snapshotName + name: SnapshotName + type: string + - description: The snapshot size + jsonPath: .status.size + name: SnapshotSize + type: string + - description: The snapshot creation time + jsonPath: .status.snapshotCreatedAt + name: SnapshotCreatedAt + type: string + - description: The backup state + jsonPath: .status.state + name: State + type: string + - description: The backup last synced time + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: Backup is where Longhorn stores backup object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The snapshot name + jsonPath: .status.snapshotName + name: SnapshotName + type: string + - description: The snapshot size + jsonPath: .status.size + name: SnapshotSize + type: string + - description: The snapshot creation time + jsonPath: .status.snapshotCreatedAt + name: SnapshotCreatedAt + type: string + - description: The backup state + jsonPath: .status.state + name: State + type: string + - description: The backup last synced time + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Backup is where Longhorn stores backup object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupSpec defines the desired state of the Longhorn backup + properties: + labels: + additionalProperties: + type: string + description: The labels of snapshot backup. + type: object + snapshotName: + description: The snapshot name. + type: string + syncRequestedAt: + description: The time to request run sync the remote backup. + format: date-time + nullable: true + type: string + type: object + status: + description: BackupStatus defines the observed state of the Longhorn backup + properties: + backupCreatedAt: + description: The snapshot backup upload finished time. + type: string + error: + description: The error message when taking the snapshot backup. + type: string + labels: + additionalProperties: + type: string + description: The labels of snapshot backup. + nullable: true + type: object + lastSyncedAt: + description: The last time that the backup was synced with the remote backup target. + format: date-time + nullable: true + type: string + messages: + additionalProperties: + type: string + description: The error messages when calling longhorn engine on listing or inspecting backups. + nullable: true + type: object + ownerID: + description: The node ID on which the controller is responsible to reconcile this backup CR. + type: string + progress: + description: The snapshot backup progress. + type: integer + replicaAddress: + description: The address of the replica that runs snapshot backup. + type: string + size: + description: The snapshot size. + type: string + snapshotCreatedAt: + description: The snapshot creation time. + type: string + snapshotName: + description: The snapshot name. + type: string + state: + description: The backup creation state. Can be "", "InProgress", "Completed", "Error", "Unknown". + type: string + url: + description: The snapshot backup URL. + type: string + volumeBackingImageName: + description: The volume's backing image name. + type: string + volumeCreated: + description: The volume creation time. + type: string + volumeName: + description: The volume name. + type: string + volumeSize: + description: The volume size. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: backuptargets.longhorn.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} + path: /v1/webhook/conversion + port: 9443 + conversionReviewVersions: + - v1beta2 + - v1beta1 + group: longhorn.io + names: + kind: BackupTarget + listKind: BackupTargetList + plural: backuptargets + shortNames: + - lhbt + singular: backuptarget + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The backup target URL + jsonPath: .spec.backupTargetURL + name: URL + type: string + - description: The backup target credential secret + jsonPath: .spec.credentialSecret + name: Credential + type: string + - description: The backup target poll interval + jsonPath: .spec.pollInterval + name: LastBackupAt + type: string + - description: Indicate whether the backup target is available or not + jsonPath: .status.available + name: Available + type: boolean + - description: The backup target last synced time + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BackupTarget is where Longhorn stores backup target object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The backup target URL + jsonPath: .spec.backupTargetURL + name: URL + type: string + - description: The backup target credential secret + jsonPath: .spec.credentialSecret + name: Credential + type: string + - description: The backup target poll interval + jsonPath: .spec.pollInterval + name: LastBackupAt + type: string + - description: Indicate whether the backup target is available or not + jsonPath: .status.available + name: Available + type: boolean + - description: The backup target last synced time + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: BackupTarget is where Longhorn stores backup target object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupTargetSpec defines the desired state of the Longhorn backup target + properties: + backupTargetURL: + description: The backup target URL. + type: string + credentialSecret: + description: The backup target credential secret. + type: string + pollInterval: + description: The interval that the cluster needs to run sync with the backup target. + type: string + syncRequestedAt: + description: The time to request run sync the remote backup target. + format: date-time + nullable: true + type: string + type: object + status: + description: BackupTargetStatus defines the observed state of the Longhorn backup target + properties: + available: + description: Available indicates if the remote backup target is available or not. + type: boolean + conditions: + description: Records the reason on why the backup target is unavailable. + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + lastSyncedAt: + description: The last time that the controller synced with the remote backup target. + format: date-time + nullable: true + type: string + ownerID: + description: The node ID on which the controller is responsible to reconcile this backup target CR. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: backupvolumes.longhorn.io +spec: + group: longhorn.io + names: + kind: BackupVolume + listKind: BackupVolumeList + plural: backupvolumes + shortNames: + - lhbv + singular: backupvolume + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The backup volume creation time + jsonPath: .status.createdAt + name: CreatedAt + type: string + - description: The backup volume last backup name + jsonPath: .status.lastBackupName + name: LastBackupName + type: string + - description: The backup volume last backup time + jsonPath: .status.lastBackupAt + name: LastBackupAt + type: string + - description: The backup volume last synced time + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: BackupVolume is where Longhorn stores backup volume object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The backup volume creation time + jsonPath: .status.createdAt + name: CreatedAt + type: string + - description: The backup volume last backup name + jsonPath: .status.lastBackupName + name: LastBackupName + type: string + - description: The backup volume last backup time + jsonPath: .status.lastBackupAt + name: LastBackupAt + type: string + - description: The backup volume last synced time + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: BackupVolume is where Longhorn stores backup volume object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: BackupVolumeSpec defines the desired state of the Longhorn backup volume + properties: + syncRequestedAt: + description: The time to request run sync the remote backup volume. + format: date-time + nullable: true + type: string + type: object + status: + description: BackupVolumeStatus defines the observed state of the Longhorn backup volume + properties: + backingImageChecksum: + description: the backing image checksum. + type: string + backingImageName: + description: The backing image name. + type: string + createdAt: + description: The backup volume creation time. + type: string + dataStored: + description: The backup volume block count. + type: string + labels: + additionalProperties: + type: string + description: The backup volume labels. + nullable: true + type: object + lastBackupAt: + description: The latest volume backup time. + type: string + lastBackupName: + description: The latest volume backup name. + type: string + lastModificationTime: + description: The backup volume config last modification time. + format: date-time + nullable: true + type: string + lastSyncedAt: + description: The last time that the backup volume was synced into the cluster. + format: date-time + nullable: true + type: string + messages: + additionalProperties: + type: string + description: The error messages when call longhorn engine on list or inspect backup volumes. + nullable: true + type: object + ownerID: + description: The node ID on which the controller is responsible to reconcile this backup volume CR. + type: string + size: + description: The backup volume size. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: engineimages.longhorn.io +spec: + preserveUnknownFields: false + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} + path: /v1/webhook/conversion + port: 9443 + conversionReviewVersions: + - v1beta2 + - v1beta1 + group: longhorn.io + names: + kind: EngineImage + listKind: EngineImageList + plural: engineimages + shortNames: + - lhei + singular: engineimage + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: State of the engine image + jsonPath: .status.state + name: State + type: string + - description: The Longhorn engine image + jsonPath: .spec.image + name: Image + type: string + - description: Number of resources using the engine image + jsonPath: .status.refCount + name: RefCount + type: integer + - description: The build date of the engine image + jsonPath: .status.buildDate + name: BuildDate + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: EngineImage is where Longhorn stores engine image object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: State of the engine image + jsonPath: .status.state + name: State + type: string + - description: The Longhorn engine image + jsonPath: .spec.image + name: Image + type: string + - description: Number of resources using the engine image + jsonPath: .status.refCount + name: RefCount + type: integer + - description: The build date of the engine image + jsonPath: .status.buildDate + name: BuildDate + type: date + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: EngineImage is where Longhorn stores engine image object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EngineImageSpec defines the desired state of the Longhorn engine image + properties: + image: + minLength: 1 + type: string + required: + - image + type: object + status: + description: EngineImageStatus defines the observed state of the Longhorn engine image + properties: + buildDate: + type: string + cliAPIMinVersion: + type: integer + cliAPIVersion: + type: integer + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + controllerAPIMinVersion: + type: integer + controllerAPIVersion: + type: integer + dataFormatMinVersion: + type: integer + dataFormatVersion: + type: integer + gitCommit: + type: string + noRefSince: + type: string + nodeDeploymentMap: + additionalProperties: + type: boolean + nullable: true + type: object + ownerID: + type: string + refCount: + type: integer + state: + type: string + version: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: engines.longhorn.io +spec: + group: longhorn.io + names: + kind: Engine + listKind: EngineList + plural: engines + shortNames: + - lhe + singular: engine + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The current state of the engine + jsonPath: .status.currentState + name: State + type: string + - description: The node that the engine is on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The instance manager of the engine + jsonPath: .status.instanceManagerName + name: InstanceManager + type: string + - description: The current image of the engine + jsonPath: .status.currentImage + name: Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Engine is where Longhorn stores engine object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The current state of the engine + jsonPath: .status.currentState + name: State + type: string + - description: The node that the engine is on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The instance manager of the engine + jsonPath: .status.instanceManagerName + name: InstanceManager + type: string + - description: The current image of the engine + jsonPath: .status.currentImage + name: Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Engine is where Longhorn stores engine object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: EngineSpec defines the desired state of the Longhorn engine + properties: + active: + type: boolean + backupVolume: + type: string + desireState: + type: string + disableFrontend: + type: boolean + engineImage: + type: string + frontend: + enum: + - blockdev + - iscsi + - "" + type: string + logRequested: + type: boolean + nodeID: + type: string + replicaAddressMap: + additionalProperties: + type: string + type: object + requestedBackupRestore: + type: string + requestedDataSource: + type: string + revisionCounterDisabled: + type: boolean + salvageRequested: + type: boolean + unmapMarkSnapChainRemovedEnabled: + type: boolean + upgradedReplicaAddressMap: + additionalProperties: + type: string + type: object + volumeName: + type: string + volumeSize: + format: int64 + type: string + type: object + status: + description: EngineStatus defines the observed state of the Longhorn engine + properties: + backupStatus: + additionalProperties: + properties: + backupURL: + type: string + error: + type: string + progress: + type: integer + replicaAddress: + type: string + snapshotName: + type: string + state: + type: string + type: object + nullable: true + type: object + cloneStatus: + additionalProperties: + properties: + error: + type: string + fromReplicaAddress: + type: string + isCloning: + type: boolean + progress: + type: integer + snapshotName: + type: string + state: + type: string + type: object + nullable: true + type: object + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + currentImage: + type: string + currentReplicaAddressMap: + additionalProperties: + type: string + nullable: true + type: object + currentSize: + format: int64 + type: string + currentState: + type: string + endpoint: + type: string + instanceManagerName: + type: string + ip: + type: string + isExpanding: + type: boolean + lastExpansionError: + type: string + lastExpansionFailedAt: + type: string + lastRestoredBackup: + type: string + logFetched: + type: boolean + ownerID: + type: string + port: + type: integer + purgeStatus: + additionalProperties: + properties: + error: + type: string + isPurging: + type: boolean + progress: + type: integer + state: + type: string + type: object + nullable: true + type: object + rebuildStatus: + additionalProperties: + properties: + error: + type: string + fromReplicaAddress: + type: string + isRebuilding: + type: boolean + progress: + type: integer + state: + type: string + type: object + nullable: true + type: object + replicaModeMap: + additionalProperties: + type: string + nullable: true + type: object + restoreStatus: + additionalProperties: + properties: + backupURL: + type: string + currentRestoringBackup: + type: string + error: + type: string + filename: + type: string + isRestoring: + type: boolean + lastRestored: + type: string + progress: + type: integer + state: + type: string + type: object + nullable: true + type: object + salvageExecuted: + type: boolean + snapshots: + additionalProperties: + properties: + children: + additionalProperties: + type: boolean + nullable: true + type: object + created: + type: string + labels: + additionalProperties: + type: string + nullable: true + type: object + name: + type: string + parent: + type: string + removed: + type: boolean + size: + type: string + usercreated: + type: boolean + type: object + nullable: true + type: object + snapshotsError: + type: string + started: + type: boolean + storageIP: + type: string + unmapMarkSnapChainRemovedEnabled: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: instancemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: InstanceManager + listKind: InstanceManagerList + plural: instancemanagers + shortNames: + - lhim + singular: instancemanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The state of the instance manager + jsonPath: .status.currentState + name: State + type: string + - description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + name: Type + type: string + - description: The node that the instance manager is running on + jsonPath: .spec.nodeID + name: Node + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: InstanceManager is where Longhorn stores instance manager object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The state of the instance manager + jsonPath: .status.currentState + name: State + type: string + - description: The type of the instance manager (engine or replica) + jsonPath: .spec.type + name: Type + type: string + - description: The node that the instance manager is running on + jsonPath: .spec.nodeID + name: Node + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: InstanceManager is where Longhorn stores instance manager object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: InstanceManagerSpec defines the desired state of the Longhorn instancer manager + properties: + engineImage: + description: 'Deprecated: This field is useless.' + type: string + image: + type: string + nodeID: + type: string + type: + enum: + - engine + - replica + type: string + type: object + status: + description: InstanceManagerStatus defines the observed state of the Longhorn instance manager + properties: + apiMinVersion: + type: integer + apiVersion: + type: integer + proxyApiMinVersion: + type: integer + proxyApiVersion: + type: integer + currentState: + type: string + instances: + additionalProperties: + properties: + spec: + properties: + name: + type: string + type: object + status: + properties: + endpoint: + type: string + errorMsg: + type: string + listen: + type: string + portEnd: + format: int32 + type: integer + portStart: + format: int32 + type: integer + resourceVersion: + format: int64 + type: integer + state: + type: string + type: + type: string + type: object + type: object + nullable: true + type: object + ip: + type: string + ownerID: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: nodes.longhorn.io +spec: + preserveUnknownFields: false + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} + path: /v1/webhook/conversion + port: 9443 + conversionReviewVersions: + - v1beta2 + - v1beta1 + group: longhorn.io + names: + kind: Node + listKind: NodeList + plural: nodes + shortNames: + - lhn + singular: node + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Indicate whether the node is ready + jsonPath: .status.conditions['Ready']['status'] + name: Ready + type: string + - description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + name: AllowScheduling + type: boolean + - description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions['Schedulable']['status'] + name: Schedulable + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Node is where Longhorn stores Longhorn node object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Indicate whether the node is ready + jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - description: Indicate whether the user disabled/enabled replica scheduling for the node + jsonPath: .spec.allowScheduling + name: AllowScheduling + type: boolean + - description: Indicate whether Longhorn can schedule replicas on the node + jsonPath: .status.conditions[?(@.type=='Schedulable')].status + name: Schedulable + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Node is where Longhorn stores Longhorn node object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NodeSpec defines the desired state of the Longhorn node + properties: + allowScheduling: + type: boolean + disks: + additionalProperties: + properties: + allowScheduling: + type: boolean + evictionRequested: + type: boolean + path: + type: string + storageReserved: + format: int64 + type: integer + tags: + items: + type: string + type: array + type: object + type: object + engineManagerCPURequest: + type: integer + evictionRequested: + type: boolean + name: + type: string + replicaManagerCPURequest: + type: integer + tags: + items: + type: string + type: array + type: object + status: + description: NodeStatus defines the observed state of the Longhorn node + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + diskStatus: + additionalProperties: + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + diskUUID: + type: string + scheduledReplica: + additionalProperties: + format: int64 + type: integer + nullable: true + type: object + storageAvailable: + format: int64 + type: integer + storageMaximum: + format: int64 + type: integer + storageScheduled: + format: int64 + type: integer + type: object + nullable: true + type: object + region: + type: string + snapshotCheckStatus: + properties: + lastPeriodicCheckedAt: + format: date-time + type: string + snapshotCheckState: + type: string + type: object + zone: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: orphans.longhorn.io +spec: + group: longhorn.io + names: + kind: Orphan + listKind: OrphanList + plural: orphans + shortNames: + - lho + singular: orphan + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The type of the orphan + jsonPath: .spec.orphanType + name: Type + type: string + - description: The node that the orphan is on + jsonPath: .spec.nodeID + name: Node + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: Orphan is where Longhorn stores orphan object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: OrphanSpec defines the desired state of the Longhorn orphaned data + properties: + nodeID: + description: The node ID on which the controller is responsible to reconcile this orphan CR. + type: string + orphanType: + description: The type of the orphaned data. Can be "replica". + type: string + parameters: + additionalProperties: + type: string + description: The parameters of the orphaned data + type: object + type: object + status: + description: OrphanStatus defines the observed state of the Longhorn orphaned data + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + ownerID: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: + longhorn-manager: "" + name: recurringjobs.longhorn.io +spec: + group: longhorn.io + names: + kind: RecurringJob + listKind: RecurringJobList + plural: recurringjobs + shortNames: + - lhrj + singular: recurringjob + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume + jsonPath: .spec.groups + name: Groups + type: string + - description: Should be one of "backup" or "snapshot" + jsonPath: .spec.task + name: Task + type: string + - description: The cron expression represents recurring job scheduling + jsonPath: .spec.cron + name: Cron + type: string + - description: The number of snapshots/backups to keep for the volume + jsonPath: .spec.retain + name: Retain + type: integer + - description: The concurrent job to run by each cron job + jsonPath: .spec.concurrency + name: Concurrency + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Specify the labels + jsonPath: .spec.labels + name: Labels + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: RecurringJob is where Longhorn stores recurring job object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Sets groupings to the jobs. When set to "default" group will be added to the volume label when no other job label exist in volume + jsonPath: .spec.groups + name: Groups + type: string + - description: Should be one of "snapshot", "snapshot-force-create", "snapshot-cleanup", "snapshot-delete", "backup" or "backup-force-create" + jsonPath: .spec.task + name: Task + type: string + - description: The cron expression represents recurring job scheduling + jsonPath: .spec.cron + name: Cron + type: string + - description: The number of snapshots/backups to keep for the volume + jsonPath: .spec.retain + name: Retain + type: integer + - description: The concurrent job to run by each cron job + jsonPath: .spec.concurrency + name: Concurrency + type: integer + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + - description: Specify the labels + jsonPath: .spec.labels + name: Labels + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: RecurringJob is where Longhorn stores recurring job object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RecurringJobSpec defines the desired state of the Longhorn recurring job + properties: + concurrency: + description: The concurrency of taking the snapshot/backup. + type: integer + cron: + description: The cron setting. + type: string + groups: + description: The recurring job group. + items: + type: string + type: array + labels: + additionalProperties: + type: string + description: The label of the snapshot/backup. + type: object + name: + description: The recurring job name. + type: string + retain: + description: The retain count of the snapshot/backup. + type: integer + task: + description: The recurring job task. Can be "snapshot", "snapshot-force-create", "snapshot-cleanup", "snapshot-delete", "backup" or "backup-force-create". + enum: + - snapshot + - snapshot-force-create + - snapshot-cleanup + - snapshot-delete + - backup + - backup-force-create + type: string + type: object + status: + description: RecurringJobStatus defines the observed state of the Longhorn recurring job + properties: + ownerID: + description: The owner ID which is responsible to reconcile this recurring job CR. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: replicas.longhorn.io +spec: + group: longhorn.io + names: + kind: Replica + listKind: ReplicaList + plural: replicas + shortNames: + - lhr + singular: replica + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The current state of the replica + jsonPath: .status.currentState + name: State + type: string + - description: The node that the replica is on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The disk that the replica is on + jsonPath: .spec.diskID + name: Disk + type: string + - description: The instance manager of the replica + jsonPath: .status.instanceManagerName + name: InstanceManager + type: string + - description: The current image of the replica + jsonPath: .status.currentImage + name: Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Replica is where Longhorn stores replica object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The current state of the replica + jsonPath: .status.currentState + name: State + type: string + - description: The node that the replica is on + jsonPath: .spec.nodeID + name: Node + type: string + - description: The disk that the replica is on + jsonPath: .spec.diskID + name: Disk + type: string + - description: The instance manager of the replica + jsonPath: .status.instanceManagerName + name: InstanceManager + type: string + - description: The current image of the replica + jsonPath: .status.currentImage + name: Image + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Replica is where Longhorn stores replica object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ReplicaSpec defines the desired state of the Longhorn replica + properties: + active: + type: boolean + backingImage: + type: string + baseImage: + description: Deprecated. Rename to BackingImage + type: string + dataDirectoryName: + type: string + dataPath: + description: Deprecated + type: string + desireState: + type: string + diskID: + type: string + diskPath: + type: string + engineImage: + type: string + engineName: + type: string + failedAt: + type: string + hardNodeAffinity: + type: string + healthyAt: + type: string + logRequested: + type: boolean + nodeID: + type: string + rebuildRetryCount: + type: integer + revisionCounterDisabled: + type: boolean + salvageRequested: + type: boolean + unmapMarkDiskChainRemovedEnabled: + type: boolean + volumeName: + type: string + volumeSize: + format: int64 + type: string + type: object + status: + description: ReplicaStatus defines the observed state of the Longhorn replica + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + currentImage: + type: string + currentState: + type: string + evictionRequested: + type: boolean + instanceManagerName: + type: string + ip: + type: string + logFetched: + type: boolean + ownerID: + type: string + port: + type: integer + salvageExecuted: + type: boolean + started: + type: boolean + storageIP: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: settings.longhorn.io +spec: + group: longhorn.io + names: + kind: Setting + listKind: SettingList + plural: settings + shortNames: + - lhs + singular: setting + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The value of the setting + jsonPath: .value + name: Value + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Setting is where Longhorn stores setting object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + value: + type: string + required: + - value + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The value of the setting + jsonPath: .value + name: Value + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Setting is where Longhorn stores setting object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + value: + type: string + required: + - value + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: sharemanagers.longhorn.io +spec: + group: longhorn.io + names: + kind: ShareManager + listKind: ShareManagerList + plural: sharemanagers + shortNames: + - lhsm + singular: sharemanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The state of the share manager + jsonPath: .status.state + name: State + type: string + - description: The node that the share manager is owned by + jsonPath: .status.ownerID + name: Node + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: ShareManager is where Longhorn stores share manager object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The state of the share manager + jsonPath: .status.state + name: State + type: string + - description: The node that the share manager is owned by + jsonPath: .status.ownerID + name: Node + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: ShareManager is where Longhorn stores share manager object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ShareManagerSpec defines the desired state of the Longhorn share manager + properties: + image: + type: string + type: object + status: + description: ShareManagerStatus defines the observed state of the Longhorn share manager + properties: + endpoint: + type: string + ownerID: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: snapshots.longhorn.io +spec: + group: longhorn.io + names: + kind: Snapshot + listKind: SnapshotList + plural: snapshots + shortNames: + - lhsnap + singular: snapshot + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The volume that this snapshot belongs to + jsonPath: .spec.volume + name: Volume + type: string + - description: Timestamp when the point-in-time snapshot was taken + jsonPath: .status.creationTime + name: CreationTime + type: string + - description: Indicates if the snapshot is ready to be used to restore/backup a volume + jsonPath: .status.readyToUse + name: ReadyToUse + type: boolean + - description: Represents the minimum size of volume required to rehydrate from this snapshot + jsonPath: .status.restoreSize + name: RestoreSize + type: string + - description: The actual size of the snapshot + jsonPath: .status.size + name: Size + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Snapshot is the Schema for the snapshots API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SnapshotSpec defines the desired state of Longhorn Snapshot + properties: + createSnapshot: + description: require creating a new snapshot + type: boolean + labels: + additionalProperties: + type: string + description: The labels of snapshot + nullable: true + type: object + volume: + description: the volume that this snapshot belongs to. This field is immutable after creation. Required + type: string + required: + - volume + type: object + status: + description: SnapshotStatus defines the observed state of Longhorn Snapshot + properties: + checksum: + type: string + children: + additionalProperties: + type: boolean + nullable: true + type: object + creationTime: + type: string + error: + type: string + labels: + additionalProperties: + type: string + nullable: true + type: object + markRemoved: + type: boolean + ownerID: + type: string + parent: + type: string + readyToUse: + type: boolean + restoreSize: + format: int64 + type: integer + size: + format: int64 + type: integer + userCreated: + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: supportbundles.longhorn.io +spec: + group: longhorn.io + names: + kind: SupportBundle + listKind: SupportBundleList + plural: supportbundles + shortNames: + - lhbundle + singular: supportbundle + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The state of the support bundle + jsonPath: .status.state + name: State + type: string + - description: The issue URL + jsonPath: .spec.issueURL + name: Issue + type: string + - description: A brief description of the issue + jsonPath: .spec.description + name: Description + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: SupportBundle is where Longhorn stores support bundle object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SupportBundleSpec defines the desired state of the Longhorn SupportBundle + properties: + description: + description: A brief description of the issue + type: string + issueURL: + description: The issue URL + nullable: true + type: string + nodeID: + description: The preferred responsible controller node ID. + type: string + required: + - description + type: object + status: + description: SupportBundleStatus defines the observed state of the Longhorn SupportBundle + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + type: array + filename: + type: string + filesize: + format: int64 + type: integer + image: + description: The support bundle manager image + type: string + managerIP: + description: The support bundle manager IP + type: string + ownerID: + description: The current responsible controller node ID + type: string + progress: + type: integer + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: systembackups.longhorn.io +spec: + group: longhorn.io + names: + kind: SystemBackup + listKind: SystemBackupList + plural: systembackups + shortNames: + - lhsb + singular: systembackup + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The system backup Longhorn version + jsonPath: .status.version + name: Version + type: string + - description: The system backup state + jsonPath: .status.state + name: State + type: string + - description: The system backup creation time + jsonPath: .status.createdAt + name: Created + type: string + - description: The last time that the system backup was synced into the cluster + jsonPath: .status.lastSyncedAt + name: LastSyncedAt + type: string + name: v1beta2 + schema: + openAPIV3Schema: + description: SystemBackup is where Longhorn stores system backup object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SystemBackupSpec defines the desired state of the Longhorn SystemBackup + type: object + status: + description: SystemBackupStatus defines the observed state of the Longhorn SystemBackup + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + createdAt: + description: The system backup creation time. + format: date-time + type: string + gitCommit: + description: The saved Longhorn manager git commit. + nullable: true + type: string + lastSyncedAt: + description: The last time that the system backup was synced into the cluster. + format: date-time + nullable: true + type: string + managerImage: + description: The saved manager image. + type: string + ownerID: + description: The node ID of the responsible controller to reconcile this SystemBackup. + type: string + state: + description: The system backup state. + type: string + version: + description: The saved Longhorn version. + nullable: true + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: systemrestores.longhorn.io +spec: + group: longhorn.io + names: + kind: SystemRestore + listKind: SystemRestoreList + plural: systemrestores + shortNames: + - lhsr + singular: systemrestore + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The system restore state + jsonPath: .status.state + name: State + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: SystemRestore is where Longhorn stores system restore object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SystemRestoreSpec defines the desired state of the Longhorn SystemRestore + properties: + systemBackup: + description: The system backup name in the object store. + type: string + required: + - systemBackup + type: object + status: + description: SystemRestoreStatus defines the observed state of the Longhorn SystemRestore + properties: + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + ownerID: + description: The node ID of the responsible controller to reconcile this SystemRestore. + type: string + sourceURL: + description: The source system backup URL. + type: string + state: + description: The system restore state. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + labels: {{- include "longhorn.labels" . | nindent 4 }} + longhorn-manager: "" + name: volumes.longhorn.io +spec: + preserveUnknownFields: false + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} + path: /v1/webhook/conversion + port: 9443 + conversionReviewVersions: + - v1beta2 + - v1beta1 + group: longhorn.io + names: + kind: Volume + listKind: VolumeList + plural: volumes + shortNames: + - lhv + singular: volume + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: The state of the volume + jsonPath: .status.state + name: State + type: string + - description: The robustness of the volume + jsonPath: .status.robustness + name: Robustness + type: string + - description: The scheduled condition of the volume + jsonPath: .status.conditions['scheduled']['status'] + name: Scheduled + type: string + - description: The size of the volume + jsonPath: .spec.size + name: Size + type: string + - description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + name: Node + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: Volume is where Longhorn stores volume object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + x-kubernetes-preserve-unknown-fields: true + status: + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: The state of the volume + jsonPath: .status.state + name: State + type: string + - description: The robustness of the volume + jsonPath: .status.robustness + name: Robustness + type: string + - description: The scheduled condition of the volume + jsonPath: .status.conditions[?(@.type=='Schedulable')].status + name: Scheduled + type: string + - description: The size of the volume + jsonPath: .spec.size + name: Size + type: string + - description: The node that the volume is currently attaching to + jsonPath: .status.currentNodeID + name: Node + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta2 + schema: + openAPIV3Schema: + description: Volume is where Longhorn stores volume object. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: VolumeSpec defines the desired state of the Longhorn volume + properties: + Standby: + type: boolean + accessMode: + enum: + - rwo + - rwx + type: string + backingImage: + type: string + baseImage: + description: Deprecated. Rename to BackingImage + type: string + dataLocality: + enum: + - disabled + - best-effort + - strict-local + type: string + dataSource: + type: string + disableFrontend: + type: boolean + diskSelector: + items: + type: string + type: array + encrypted: + type: boolean + engineImage: + type: string + fromBackup: + type: string + restoreVolumeRecurringJob: + enum: + - ignored + - enabled + - disabled + type: string + frontend: + enum: + - blockdev + - iscsi + - "" + type: string + lastAttachedBy: + type: string + migratable: + type: boolean + migrationNodeID: + type: string + nodeID: + type: string + nodeSelector: + items: + type: string + type: array + numberOfReplicas: + type: integer + recurringJobs: + description: Deprecated. Replaced by a separate resource named "RecurringJob" + items: + description: 'Deprecated: This field is useless and has been replaced by the RecurringJob CRD' + properties: + concurrency: + type: integer + cron: + type: string + groups: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + retain: + type: integer + task: + enum: + - snapshot + - snapshot-force-create + - snapshot-cleanup + - snapshot-delete + - backup + - backup-force-create + type: string + type: object + type: array + replicaAutoBalance: + enum: + - ignored + - disabled + - least-effort + - best-effort + type: string + revisionCounterDisabled: + type: boolean + size: + format: int64 + type: string + snapshotDataIntegrity: + enum: + - ignored + - disabled + - enabled + - fast-check + type: string + staleReplicaTimeout: + type: integer + unmapMarkSnapChainRemoved: + enum: + - ignored + - disabled + - enabled + type: string + type: object + status: + description: VolumeStatus defines the observed state of the Longhorn volume + properties: + actualSize: + format: int64 + type: integer + cloneStatus: + properties: + snapshot: + type: string + sourceVolume: + type: string + state: + type: string + type: object + conditions: + items: + properties: + lastProbeTime: + description: Last time we probed the condition. + type: string + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + type: string + message: + description: Human-readable message indicating details about last transition. + type: string + reason: + description: Unique, one-word, CamelCase reason for the condition's last transition. + type: string + status: + description: Status is the status of the condition. Can be True, False, Unknown. + type: string + type: + description: Type is the type of the condition. + type: string + type: object + nullable: true + type: array + currentImage: + type: string + currentNodeID: + type: string + expansionRequired: + type: boolean + frontendDisabled: + type: boolean + isStandby: + type: boolean + kubernetesStatus: + properties: + lastPVCRefAt: + type: string + lastPodRefAt: + type: string + namespace: + description: determine if PVC/Namespace is history or not + type: string + pvName: + type: string + pvStatus: + type: string + pvcName: + type: string + workloadsStatus: + description: determine if Pod/Workload is history or not + items: + properties: + podName: + type: string + podStatus: + type: string + workloadName: + type: string + workloadType: + type: string + type: object + nullable: true + type: array + type: object + lastBackup: + type: string + lastBackupAt: + type: string + lastDegradedAt: + type: string + ownerID: + type: string + pendingNodeID: + type: string + remountRequestedAt: + type: string + restoreInitiated: + type: boolean + restoreRequired: + type: boolean + robustness: + type: string + shareEndpoint: + type: string + shareState: + type: string + state: + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/questions.yaml b/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/questions.yaml index b4ae9def3..3352e2962 100644 --- a/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/questions.yaml +++ b/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/questions.yaml @@ -17,7 +17,7 @@ questions: label: Longhorn Manager Image Repository group: "Longhorn Images Settings" - variable: image.longhorn.manager.tag - default: v1.4.1 + default: v1.4.2 description: "Specify Longhorn Manager Image Tag" type: string label: Longhorn Manager Image Tag @@ -29,7 +29,7 @@ questions: label: Longhorn Engine Image Repository group: "Longhorn Images Settings" - variable: image.longhorn.engine.tag - default: v1.4.1 + default: v1.4.2 description: "Specify Longhorn Engine Image Tag" type: string label: Longhorn Engine Image Tag @@ -41,7 +41,7 @@ questions: label: Longhorn UI Image Repository group: "Longhorn Images Settings" - variable: image.longhorn.ui.tag - default: v1.4.1 + default: v1.4.2 description: "Specify Longhorn UI Image Tag" type: string label: Longhorn UI Image Tag @@ -53,7 +53,7 @@ questions: label: Longhorn Instance Manager Image Repository group: "Longhorn Images Settings" - variable: image.longhorn.instanceManager.tag - default: v1.4.1 + default: v1.4.2 description: "Specify Longhorn Instance Manager Image Tag" type: string label: Longhorn Instance Manager Image Tag @@ -65,7 +65,7 @@ questions: label: Longhorn Share Manager Image Repository group: "Longhorn Images Settings" - variable: image.longhorn.shareManager.tag - default: v1.4.1 + default: v1.4.2 description: "Specify Longhorn Share Manager Image Tag" type: string label: Longhorn Share Manager Image Tag @@ -77,7 +77,7 @@ questions: label: Longhorn Backing Image Manager Image Repository group: "Longhorn Images Settings" - variable: image.longhorn.backingImageManager.tag - default: v1.4.1 + default: v1.4.2 description: "Specify Longhorn Backing Image Manager Image Tag" type: string label: Longhorn Backing Image Manager Image Tag @@ -89,7 +89,7 @@ questions: label: Longhorn Support Bundle Kit Image Repository group: "Longhorn Images Settings" - variable: image.longhorn.supportBundleKit.tag - default: v0.0.17 + default: v0.0.24 description: "Specify Longhorn Support Bundle Manager Image Tag" type: string label: Longhorn Support Bundle Kit Image Tag @@ -446,6 +446,19 @@ If this setting is enabled, Longhorn will **not** block `kubectl drain` action o group: "Longhorn Default Settings" type: boolean default: "false" + - variable: defaultSettings.nodeDrainPolicy + label: Node Drain Policy + description: "Define the policy to use when a node with the last healthy replica of a volume is drained. +- **block-if-contains-last-replica** Longhorn will block the drain when the node contains the last healthy replica of a volume. +- **allow-if-replica-is-stopped** Longhorn will allow the drain when the node contains the last healthy replica of a volume but the replica is stopped. WARNING: possible data loss if the node is removed after draining. Select this option if you want to drain the node and do in-place upgrade/maintenance. +- **always-allow** Longhorn will allow the drain even though the node contains the last healthy replica of a volume. WARNING: possible data loss if the node is removed after draining. Also possible data corruption if the last replica was running during the draining." + group: "Longhorn Default Settings" + type: enum + options: + - "block-if-contains-last-replica" + - "allow-if-replica-is-stopped" + - "always-allow" + default: "block-if-contains-last-replica" - variable: defaultSettings.mkfsExt4Parameters label: Custom mkfs.ext4 parameters description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." diff --git a/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/templates/default-setting.yaml b/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/templates/default-setting.yaml index 49870a4ef..f65b7f1e5 100644 --- a/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/templates/default-setting.yaml +++ b/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/templates/default-setting.yaml @@ -52,6 +52,7 @@ data: {{ if not (kindIs "invalid" .Values.defaultSettings.replicaZoneSoftAntiAffinity) }}replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }}{{ end }} {{ if not (kindIs "invalid" .Values.defaultSettings.nodeDownPodDeletionPolicy) }}node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }}{{ end }} {{ if not (kindIs "invalid" .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica) }}allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.nodeDrainPolicy) }}node-drain-policy: {{ .Values.defaultSettings.nodeDrainPolicy }}{{ end }} {{ if not (kindIs "invalid" .Values.defaultSettings.mkfsExt4Parameters) }}mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }}{{ end }} {{ if not (kindIs "invalid" .Values.defaultSettings.disableReplicaRebuild) }}disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }}{{ end }} {{ if not (kindIs "invalid" .Values.defaultSettings.replicaReplenishmentWaitInterval) }}replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }}{{ end }} diff --git a/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/values.yaml b/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/values.yaml index 3ded6cd92..be0eae214 100644 --- a/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/values.yaml +++ b/packages/longhorn-crd/longhorn-1.4/generated-changes/exclude/values.yaml @@ -25,25 +25,25 @@ image: longhorn: engine: repository: longhornio/longhorn-engine - tag: v1.4.1 + tag: v1.4.2 manager: repository: longhornio/longhorn-manager - tag: v1.4.1 + tag: v1.4.2 ui: repository: longhornio/longhorn-ui - tag: v1.4.1 + tag: v1.4.2 instanceManager: repository: longhornio/longhorn-instance-manager - tag: v1.4.1 + tag: v1.4.2 shareManager: repository: longhornio/longhorn-share-manager - tag: v1.4.1 + tag: v1.4.2 backingImageManager: repository: longhornio/backing-image-manager - tag: v1.4.1 + tag: v1.4.2 supportBundleKit: repository: longhornio/support-bundle-kit - tag: v0.0.19 + tag: v0.0.24 csi: attacher: repository: longhornio/csi-attacher @@ -94,7 +94,7 @@ persistence: expectedChecksum: ~ defaultNodeSelector: enable: false # disable by default - selector: [] + selector: "" removeSnapshotsDuringFilesystemTrim: ignored # "enabled" or "disabled" otherwise csi: @@ -133,6 +133,7 @@ defaultSettings: replicaZoneSoftAntiAffinity: ~ nodeDownPodDeletionPolicy: ~ allowNodeDrainWithLastHealthyReplica: ~ + nodeDrainPolicy : ~ mkfsExt4Parameters: ~ disableReplicaRebuild: ~ replicaReplenishmentWaitInterval: ~ diff --git a/packages/longhorn-crd/longhorn-1.4/generated-changes/patch/Chart.yaml.patch b/packages/longhorn-crd/longhorn-1.4/generated-changes/patch/Chart.yaml.patch index 19e70056e..e0a211971 100644 --- a/packages/longhorn-crd/longhorn-1.4/generated-changes/patch/Chart.yaml.patch +++ b/packages/longhorn-crd/longhorn-1.4/generated-changes/patch/Chart.yaml.patch @@ -7,7 +7,7 @@ + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd apiVersion: v1 - appVersion: v1.4.1 + appVersion: v1.4.2 -description: Longhorn is a distributed block storage system for Kubernetes. -home: https://github.com/longhorn/longhorn -icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png @@ -36,4 +36,4 @@ +description: Installs the CRDs for longhorn. +name: longhorn-crd +type: application - version: 1.4.1 + version: 1.4.2 diff --git a/packages/longhorn-crd/longhorn-1.4/package.yaml b/packages/longhorn-crd/longhorn-1.4/package.yaml index 42995b62b..520d19944 100644 --- a/packages/longhorn-crd/longhorn-1.4/package.yaml +++ b/packages/longhorn-crd/longhorn-1.4/package.yaml @@ -1,4 +1,4 @@ url: https://github.com/longhorn/charts.git subdirectory: charts/longhorn -commit: bfe0af06880e84148d41770eaa398e56dc5ad510 -version: 102.2.0 +commit: d619e47374e19d69e6f97747078c2b275087341c +version: 102.2.1 diff --git a/packages/longhorn/longhorn-1.4/charts/.helmignore b/packages/longhorn/longhorn-1.4/charts/.helmignore new file mode 100755 index 000000000..f0c131944 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/packages/longhorn/longhorn-1.4/charts/Chart.yaml b/packages/longhorn/longhorn-1.4/charts/Chart.yaml new file mode 100755 index 000000000..23219850e --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/Chart.yaml @@ -0,0 +1,40 @@ +annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/kube-version: '>= 1.21.0-0' + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 1.4.2 +apiVersion: v1 +appVersion: v1.4.2 +description: Longhorn is a distributed block storage system for Kubernetes. +home: https://github.com/longhorn/longhorn +icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png +keywords: +- longhorn +- storage +- distributed +- block +- device +- iscsi +- nfs +kubeVersion: '>=1.21.0-0' +maintainers: +- email: maintainers@longhorn.io + name: Longhorn maintainers +name: longhorn +sources: +- https://github.com/longhorn/longhorn +- https://github.com/longhorn/longhorn-engine +- https://github.com/longhorn/longhorn-instance-manager +- https://github.com/longhorn/longhorn-share-manager +- https://github.com/longhorn/longhorn-manager +- https://github.com/longhorn/longhorn-ui +- https://github.com/longhorn/longhorn-tests +- https://github.com/longhorn/backing-image-manager +version: 1.4.2 diff --git a/packages/longhorn/longhorn-1.4/charts/README.md b/packages/longhorn/longhorn-1.4/charts/README.md new file mode 100755 index 000000000..60595a86b --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/README.md @@ -0,0 +1,49 @@ +# Longhorn Chart + +> **Important**: Please install the Longhorn chart in the `longhorn-system` namespace only. + +> **Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +## Source Code + +Longhorn is 100% open source software. Project source code is spread across a number of repos: + +1. Longhorn Engine -- Core controller/replica logic https://github.com/longhorn/longhorn-engine +2. Longhorn Instance Manager -- Controller/replica instance lifecycle management https://github.com/longhorn/longhorn-instance-manager +3. Longhorn Share Manager -- NFS provisioner that exposes Longhorn volumes as ReadWriteMany volumes. https://github.com/longhorn/longhorn-share-manager +4. Backing Image Manager -- Backing image file lifecycle management. https://github.com/longhorn/backing-image-manager +5. Longhorn Manager -- Longhorn orchestration, includes CSI driver for Kubernetes https://github.com/longhorn/longhorn-manager +6. Longhorn UI -- Dashboard https://github.com/longhorn/longhorn-ui + +## Prerequisites + +1. A container runtime compatible with Kubernetes (Docker v1.13+, containerd v1.3.7+, etc.) +2. Kubernetes >= v1.21 +3. Make sure `bash`, `curl`, `findmnt`, `grep`, `awk` and `blkid` has been installed in all nodes of the Kubernetes cluster. +4. Make sure `open-iscsi` has been installed, and the `iscsid` daemon is running on all nodes of the Kubernetes cluster. For GKE, recommended Ubuntu as guest OS image since it contains `open-iscsi` already. + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `enablePSP` set to `false` if it has been previously set to `true`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, you may have to clean up your Helm release secrets. +Upon setting `enablePSP` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Longhorn docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. + +## Uninstallation + +To prevent Longhorn from being accidentally uninstalled (which leads to data lost), we introduce a new setting, deleting-confirmation-flag. If this flag is **false**, the Longhorn uninstallation job will fail. Set this flag to **true** to allow Longhorn uninstallation. You can set this flag using setting page in Longhorn UI or `kubectl -n longhorn-system patch -p '{"value": "true"}' --type=merge lhs deleting-confirmation-flag` + +To prevent damage to the Kubernetes cluster, we recommend deleting all Kubernetes workloads using Longhorn volumes (PersistentVolume, PersistentVolumeClaim, StorageClass, Deployment, StatefulSet, DaemonSet, etc). + +From Rancher Cluster Explorer UI, navigate to Apps page, delete app `longhorn` then app `longhorn-crd` in Installed Apps tab. + + +--- +Please see [link](https://github.com/longhorn/longhorn) for more information. diff --git a/packages/longhorn/longhorn-1.4/charts/app-readme.md b/packages/longhorn/longhorn-1.4/charts/app-readme.md new file mode 100755 index 000000000..321e5193c --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/app-readme.md @@ -0,0 +1,27 @@ +# Longhorn + +Longhorn is a lightweight, reliable and easy to use distributed block storage system for Kubernetes. Once deployed, users can leverage persistent volumes provided by Longhorn. + +Longhorn creates a dedicated storage controller for each volume and synchronously replicates the volume across multiple replicas stored on multiple nodes. The storage controller and replicas are themselves orchestrated using Kubernetes. Longhorn supports snapshots, backups and even allows you to schedule recurring snapshots and backups! + +**Important**: Please install Longhorn chart in `longhorn-system` namespace only. + +**Warning**: Longhorn doesn't support downgrading from a higher version to a lower version. + +[Chart Documentation](https://github.com/longhorn/longhorn/blob/master/chart/README.md) + + +## Upgrading to Kubernetes v1.25+ + +Starting in Kubernetes v1.25, [Pod Security Policies](https://kubernetes.io/docs/concepts/security/pod-security-policy/) have been removed from the Kubernetes API. + +As a result, **before upgrading to Kubernetes v1.25** (or on a fresh install in a Kubernetes v1.25+ cluster), users are expected to perform an in-place upgrade of this chart with `enablePSP` set to `false` if it has been previously set to `true`. + +> **Note:** +> If you upgrade your cluster to Kubernetes v1.25+ before removing PSPs via a `helm upgrade` (even if you manually clean up resources), **it will leave the Helm release in a broken state within the cluster such that further Helm operations will not work (`helm uninstall`, `helm upgrade`, etc.).** +> +> If your charts get stuck in this state, please consult the Rancher docs on how to clean up your Helm release secrets. + +Upon setting `enablePSP` to false, the chart will remove any PSP resources deployed on its behalf from the cluster. This is the default setting for this chart. + +As a replacement for PSPs, [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) should be used. Please consult the Rancher docs for more details on how to configure your chart release namespaces to work with the new Pod Security Admission and apply Pod Security Standards. \ No newline at end of file diff --git a/packages/longhorn/longhorn-1.4/charts/questions.yaml b/packages/longhorn/longhorn-1.4/charts/questions.yaml new file mode 100755 index 000000000..806a6714c --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/questions.yaml @@ -0,0 +1,850 @@ +categories: +- storage +namespace: longhorn-system +questions: +- variable: image.defaultImage + default: "true" + description: "Use default Longhorn images" + label: Use Default Images + type: boolean + show_subquestion_if: false + group: "Longhorn Images" + subquestions: + - variable: image.longhorn.manager.repository + default: rancher/mirrored-longhornio-longhorn-manager + description: "Specify Longhorn Manager Image Repository" + type: string + label: Longhorn Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.manager.tag + default: v1.4.2 + description: "Specify Longhorn Manager Image Tag" + type: string + label: Longhorn Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.repository + default: rancher/mirrored-longhornio-longhorn-engine + description: "Specify Longhorn Engine Image Repository" + type: string + label: Longhorn Engine Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.engine.tag + default: v1.4.2 + description: "Specify Longhorn Engine Image Tag" + type: string + label: Longhorn Engine Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.repository + default: rancher/mirrored-longhornio-longhorn-ui + description: "Specify Longhorn UI Image Repository" + type: string + label: Longhorn UI Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.ui.tag + default: v1.4.2 + description: "Specify Longhorn UI Image Tag" + type: string + label: Longhorn UI Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.repository + default: rancher/mirrored-longhornio-longhorn-instance-manager + description: "Specify Longhorn Instance Manager Image Repository" + type: string + label: Longhorn Instance Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.instanceManager.tag + default: v1.4.2 + description: "Specify Longhorn Instance Manager Image Tag" + type: string + label: Longhorn Instance Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.repository + default: rancher/mirrored-longhornio-longhorn-share-manager + description: "Specify Longhorn Share Manager Image Repository" + type: string + label: Longhorn Share Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.shareManager.tag + default: v1.4.2 + description: "Specify Longhorn Share Manager Image Tag" + type: string + label: Longhorn Share Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.repository + default: rancher/mirrored-longhornio-backing-image-manager + description: "Specify Longhorn Backing Image Manager Image Repository" + type: string + label: Longhorn Backing Image Manager Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.backingImageManager.tag + default: v1.4.2 + description: "Specify Longhorn Backing Image Manager Image Tag" + type: string + label: Longhorn Backing Image Manager Image Tag + group: "Longhorn Images Settings" + - variable: image.longhorn.supportBundleKit.repository + default: rancher/mirrored-longhornio-support-bundle-kit + description: "Specify Longhorn Support Bundle Manager Image Repository" + type: string + label: Longhorn Support Bundle Kit Image Repository + group: "Longhorn Images Settings" + - variable: image.longhorn.supportBundleKit.tag + default: v0.0.24 + description: "Specify Longhorn Support Bundle Manager Image Tag" + type: string + label: Longhorn Support Bundle Kit Image Tag + group: "Longhorn Images Settings" + - variable: image.csi.attacher.repository + default: rancher/mirrored-longhornio-csi-attacher + description: "Specify CSI attacher image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.attacher.tag + default: v3.4.0 + description: "Specify CSI attacher image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Attacher Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.repository + default: rancher/mirrored-longhornio-csi-provisioner + description: "Specify CSI provisioner image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.provisioner.tag + default: v2.1.2 + description: "Specify CSI provisioner image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Provisioner Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.repository + default: rancher/mirrored-longhornio-csi-node-driver-registrar + description: "Specify CSI Node Driver Registrar image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.nodeDriverRegistrar.tag + default: v2.5.0 + description: "Specify CSI Node Driver Registrar image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Node Driver Registrar Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.repository + default: rancher/mirrored-longhornio-csi-resizer + description: "Specify CSI Driver Resizer image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.resizer.tag + default: v1.3.0 + description: "Specify CSI Driver Resizer image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Resizer Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.repository + default: rancher/mirrored-longhornio-csi-snapshotter + description: "Specify CSI Driver Snapshotter image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.snapshotter.tag + default: v5.0.1 + description: "Specify CSI Driver Snapshotter image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Driver Snapshotter Image Tag + group: "Longhorn CSI Driver Images" + - variable: image.csi.livenessProbe.repository + default: rancher/mirrored-longhornio-livenessprobe + description: "Specify CSI liveness probe image repository. Leave blank to autodetect." + type: string + label: Longhorn CSI Liveness Probe Image Repository + group: "Longhorn CSI Driver Images" + - variable: image.csi.livenessProbe.tag + default: v2.8.0 + description: "Specify CSI liveness probe image tag. Leave blank to autodetect." + type: string + label: Longhorn CSI Liveness Probe Image Tag + group: "Longhorn CSI Driver Images" +- variable: privateRegistry.registryUrl + label: Private registry URL + description: "URL of private registry. Leave blank to apply system default registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.registrySecret + label: Private registry secret name + description: "If create a new private registry secret is true, create a Kubernetes secret with this name; else use the existing secret of this name. Use it to pull images from your private registry." + group: "Private Registry Settings" + type: string + default: "" +- variable: privateRegistry.createSecret + default: "true" + description: "Create a new private registry secret" + type: boolean + group: "Private Registry Settings" + label: Create Secret for Private Registry Settings + show_subquestion_if: true + subquestions: + - variable: privateRegistry.registryUser + label: Private registry user + description: "User used to authenticate to private registry." + type: string + default: "" + - variable: privateRegistry.registryPasswd + label: Private registry password + description: "Password used to authenticate to private registry." + type: password + default: "" +- variable: longhorn.default_setting + default: "false" + description: "Customize the default settings before installing Longhorn for the first time. This option will only work if the cluster hasn't installed Longhorn." + label: "Customize Default Settings" + type: boolean + show_subquestion_if: true + group: "Longhorn Default Settings" + subquestions: + - variable: csi.kubeletRootDir + default: + description: "Specify kubelet root-dir. Leave blank to autodetect." + type: string + label: Kubelet Root Directory + group: "Longhorn CSI Driver Settings" + - variable: csi.attacherReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Attacher. By default 3." + label: Longhorn CSI Attacher replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.provisionerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Provisioner. By default 3." + label: Longhorn CSI Provisioner replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.resizerReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Resizer. By default 3." + label: Longhorn CSI Resizer replica count + group: "Longhorn CSI Driver Settings" + - variable: csi.snapshotterReplicaCount + type: int + default: 3 + min: 1 + max: 10 + description: "Specify replica count of CSI Snapshotter. By default 3." + label: Longhorn CSI Snapshotter replica count + group: "Longhorn CSI Driver Settings" + - variable: defaultSettings.backupTarget + label: Backup Target + description: "The endpoint used to access the backupstore. NFS and S3 are supported." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.backupTargetCredentialSecret + label: Backup Target Credential Secret + description: "The name of the Kubernetes secret associated with the backup target." + group: "Longhorn Default Settings" + type: string + default: + - variable: defaultSettings.allowRecurringJobWhileVolumeDetached + label: Allow Recurring Job While Volume Is Detached + description: 'If this setting is enabled, Longhorn will automatically attaches the volume and takes snapshot/backup when it is the time to do recurring snapshot/backup. +Note that the volume is not ready for workload during the period when the volume was automatically attached. Workload will have to wait until the recurring job finishes.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.createDefaultDiskLabeledNodes + label: Create Default Disk on Labeled Nodes + description: 'Create default Disk automatically only on Nodes with the label "node.longhorn.io/create-default-disk=true" if no other disks exist. If disabled, the default disk will be created on all new nodes when each node is first added.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.defaultDataPath + label: Default Data Path + description: 'Default path to use for storing data on a host. By default "/var/lib/longhorn/"' + group: "Longhorn Default Settings" + type: string + default: "/var/lib/longhorn/" + - variable: defaultSettings.defaultDataLocality + label: Default Data Locality + description: 'We say a Longhorn volume has data locality if there is a local replica of the volume on the same node as the pod which is using the volume. +This setting specifies the default data locality when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `dataLocality` in the StorageClass +The available modes are: +- **disabled**. This is the default option. There may or may not be a replica on the same node as the attached volume (workload) +- **best-effort**. This option instructs Longhorn to try to keep a replica on the same node as the attached volume (workload). Longhorn will not stop the volume, even if it cannot keep a replica local to the attached volume (workload) due to environment limitation, e.g. not enough disk space, incompatible disk tags, etc.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" + - variable: defaultSettings.replicaSoftAntiAffinity + label: Replica Node Level Soft Anti-Affinity + description: 'Allow scheduling on nodes with existing healthy replicas of the same volume. By default false.' + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaAutoBalance + label: Replica Auto Balance + description: 'Enable this setting automatically rebalances replicas when discovered an available node. +The available global options are: +- **disabled**. This is the default option. No replica auto-balance will be done. +- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy. +- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy. +Longhorn also support individual volume setting. The setting can be specified in volume.spec.replicaAutoBalance, this overrules the global setting. +The available volume spec options are: +- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting. +- **disabled**. This option instructs Longhorn no replica auto-balance should be done. +- **least-effort**. This option instructs Longhorn to balance replicas for minimal redundancy. +- **best-effort**. This option instructs Longhorn to balance replicas for even redundancy.' + group: "Longhorn Default Settings" + type: enum + options: + - "disabled" + - "least-effort" + - "best-effort" + default: "disabled" + - variable: defaultSettings.storageOverProvisioningPercentage + label: Storage Over Provisioning Percentage + description: "The over-provisioning percentage defines how much storage can be allocated relative to the hard drive's capacity. By default 200." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 200 + - variable: defaultSettings.storageMinimalAvailablePercentage + label: Storage Minimal Available Percentage + description: "If the minimum available disk capacity exceeds the actual percentage of available disk capacity, the disk becomes unschedulable until more space is freed up. By default 25." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 100 + default: 25 + - variable: defaultSettings.upgradeChecker + label: Enable Upgrade Checker + description: 'Upgrade Checker will check for new Longhorn version periodically. When there is a new version available, a notification will appear in the UI. By default true.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.defaultReplicaCount + label: Default Replica Count + description: "The default number of replicas when a volume is created from the Longhorn UI. For Kubernetes configuration, update the `numberOfReplicas` in the StorageClass. By default 3." + group: "Longhorn Default Settings" + type: int + min: 1 + max: 20 + default: 3 + - variable: defaultSettings.defaultLonghornStaticStorageClass + label: Default Longhorn Static StorageClass Name + description: "The 'storageClassName' is given to PVs and PVCs that are created for an existing Longhorn volume. The StorageClass name can also be used as a label, so it is possible to use a Longhorn StorageClass to bind a workload to an existing PV without creating a Kubernetes StorageClass object. By default 'longhorn-static'." + group: "Longhorn Default Settings" + type: string + default: "longhorn-static" + - variable: defaultSettings.backupstorePollInterval + label: Backupstore Poll Interval + description: "In seconds. The backupstore poll interval determines how often Longhorn checks the backupstore for new backups. Set to 0 to disable the polling. By default 300." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.failedBackupTTL + label: Failed Backup Time to Live + description: "In minutes. This setting determines how long Longhorn will keep the backup resource that was failed. Set to 0 to disable the auto-deletion. +Failed backups will be checked and cleaned up during backupstore polling which is controlled by **Backupstore Poll Interval** setting. +Hence this value determines the minimal wait interval of the cleanup. And the actual cleanup interval is multiple of **Backupstore Poll Interval**. +Disabling **Backupstore Poll Interval** also means to disable failed backup auto-deletion." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1440 + - variable: defaultSettings.restoreVolumeRecurringJobs + label: Restore Volume Recurring Jobs + description: "Restore recurring jobs from the backup volume on the backup target and create recurring jobs if not exist during a backup restoration. +Longhorn also supports individual volume setting. The setting can be specified on Backup page when making a backup restoration, this overrules the global setting. +The available volume setting options are: +- **ignored**. This is the default option that instructs Longhorn to inherit from the global setting. +- **enabled**. This option instructs Longhorn to restore recurring jobs/groups from the backup target forcibly. +- **disabled**. This option instructs Longhorn no restoring recurring jobs/groups should be done." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.recurringSuccessfulJobsHistoryLimit + label: Cronjob Successful Jobs History Limit + description: "This setting specifies how many successful backup or snapshot job histories should be retained. History will not be retained if the value is 0." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.recurringFailedJobsHistoryLimit + label: Cronjob Failed Jobs History Limit + description: "This setting specifies how many failed backup or snapshot job histories should be retained. History will not be retained if the value is 0." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.supportBundleFailedHistoryLimit + label: SupportBundle Failed History Limit + description: "This setting specifies how many failed support bundles can exist in the cluster. +The retained failed support bundle is for analysis purposes and needs to clean up manually. +Set this value to **0** to have Longhorn automatically purge all failed support bundles." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 1 + - variable: defaultSettings.autoSalvage + label: Automatic salvage + description: "If enabled, volumes will be automatically salvaged when all the replicas become faulty e.g. due to network disconnection. Longhorn will try to figure out which replica(s) are usable, then use them for the volume. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly + label: Automatically Delete Workload Pod when The Volume Is Detached Unexpectedly + description: 'If enabled, Longhorn will automatically delete the workload pod that is managed by a controller (e.g. deployment, statefulset, daemonset, etc...) when Longhorn volume is detached unexpectedly (e.g. during Kubernetes upgrade, Docker reboot, or network disconnect). By deleting the pod, its controller restarts the pod and Kubernetes handles volume reattachment and remount. +If disabled, Longhorn will not delete the workload pod that is managed by a controller. You will have to manually restart the pod to reattach and remount the volume. +**Note:** This setting does not apply to the workload pods that do not have a controller. Longhorn never deletes them.' + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.disableSchedulingOnCordonedNode + label: Disable Scheduling On Cordoned Node + description: "Disable Longhorn manager to schedule replica on Kubernetes cordoned node. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.replicaZoneSoftAntiAffinity + label: Replica Zone Level Soft Anti-Affinity + description: "Allow scheduling new Replicas of Volume to the Nodes in the same Zone as existing healthy Replicas. Nodes don't belong to any Zone will be treated as in the same Zone. Notice that Longhorn relies on label `topology.kubernetes.io/zone=` in the Kubernetes node object to identify the zone. By default true." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.nodeDownPodDeletionPolicy + label: Pod Deletion Policy When Node is Down + description: "Defines the Longhorn action when a Volume is stuck with a StatefulSet/Deployment Pod on a node that is down. +- **do-nothing** is the default Kubernetes behavior of never force deleting StatefulSet/Deployment terminating pods. Since the pod on the node that is down isn't removed, Longhorn volumes are stuck on nodes that are down. +- **delete-statefulset-pod** Longhorn will force delete StatefulSet terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-deployment-pod** Longhorn will force delete Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods. +- **delete-both-statefulset-and-deployment-pod** Longhorn will force delete StatefulSet/Deployment terminating pods on nodes that are down to release Longhorn volumes so that Kubernetes can spin up replacement pods." + group: "Longhorn Default Settings" + type: enum + options: + - "do-nothing" + - "delete-statefulset-pod" + - "delete-deployment-pod" + - "delete-both-statefulset-and-deployment-pod" + default: "do-nothing" + - variable: defaultSettings.allowNodeDrainWithLastHealthyReplica + label: Allow Node Drain with the Last Healthy Replica + description: "By default, Longhorn will block `kubectl drain` action on a node if the node contains the last healthy replica of a volume. +If this setting is enabled, Longhorn will **not** block `kubectl drain` action on a node even if the node contains the last healthy replica of a volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.nodeDrainPolicy + label: Node Drain Policy + description: "Define the policy to use when a node with the last healthy replica of a volume is drained. +- **block-if-contains-last-replica** Longhorn will block the drain when the node contains the last healthy replica of a volume. +- **allow-if-replica-is-stopped** Longhorn will allow the drain when the node contains the last healthy replica of a volume but the replica is stopped. WARNING: possible data loss if the node is removed after draining. Select this option if you want to drain the node and do in-place upgrade/maintenance. +- **always-allow** Longhorn will allow the drain even though the node contains the last healthy replica of a volume. WARNING: possible data loss if the node is removed after draining. Also possible data corruption if the last replica was running during the draining." + group: "Longhorn Default Settings" + type: enum + options: + - "block-if-contains-last-replica" + - "allow-if-replica-is-stopped" + - "always-allow" + default: "block-if-contains-last-replica" + - variable: defaultSettings.mkfsExt4Parameters + label: Custom mkfs.ext4 parameters + description: "Allows setting additional filesystem creation parameters for ext4. For older host kernels it might be necessary to disable the optional ext4 metadata_csum feature by specifying `-O ^64bit,^metadata_csum`." + group: "Longhorn Default Settings" + type: string + - variable: defaultSettings.disableReplicaRebuild + label: Disable Replica Rebuild + description: "This setting disable replica rebuild cross the whole cluster, eviction and data locality feature won't work if this setting is true. But doesn't have any impact to any current replica rebuild and restore disaster recovery volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.replicaReplenishmentWaitInterval + label: Replica Replenishment Wait Interval + description: "In seconds. The interval determines how long Longhorn will wait at least in order to reuse the existing data on a failed replica rather than directly creating a new replica for a degraded volume. +Warning: This option works only when there is a failed replica in the volume. And this option may block the rebuilding for a while in the case." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 600 + - variable: defaultSettings.concurrentReplicaRebuildPerNodeLimit + label: Concurrent Replica Rebuild Per Node Limit + description: "This setting controls how many replicas on a node can be rebuilt simultaneously. +Typically, Longhorn can block the replica starting once the current rebuilding count on a node exceeds the limit. But when the value is 0, it means disabling the replica rebuilding. +WARNING: +- The old setting \"Disable Replica Rebuild\" is replaced by this setting. +- Different from relying on replica starting delay to limit the concurrent rebuilding, if the rebuilding is disabled, replica object replenishment will be directly skipped. +- When the value is 0, the eviction and data locality feature won't work. But this shouldn't have any impact to any current replica rebuild and backup restore." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 5 + - variable: defaultSettings.concurrentVolumeBackupRestorePerNodeLimit + label: Concurrent Volume Backup Restore Per Node Limit + description: "This setting controls how many volumes on a node can restore the backup concurrently. +Longhorn blocks the backup restore once the restoring volume count exceeds the limit. +Set the value to **0** to disable backup restore." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 5 + - variable: defaultSettings.disableRevisionCounter + label: Disable Revision Counter + description: "This setting is only for volumes created by UI. By default, this is false meaning there will be a reivision counter file to track every write to the volume. During salvage recovering Longhorn will pick the replica with largest reivision counter as candidate to recover the whole volume. If revision counter is disabled, Longhorn will not track every write to the volume. During the salvage recovering, Longhorn will use the 'volume-head-xxx.img' file last modification time and file size to pick the replica candidate to recover the whole volume." + group: "Longhorn Default Settings" + type: boolean + default: "false" + - variable: defaultSettings.systemManagedPodsImagePullPolicy + label: System Managed Pod Image Pull Policy + description: "This setting defines the Image Pull Policy of Longhorn system managed pods, e.g. instance manager, engine image, CSI driver, etc. The new Image Pull Policy will only apply after the system managed pods restart." + group: "Longhorn Default Settings" + type: enum + options: + - "if-not-present" + - "always" + - "never" + default: "if-not-present" + - variable: defaultSettings.allowVolumeCreationWithDegradedAvailability + label: Allow Volume Creation with Degraded Availability + description: "This setting allows user to create and attach a volume that doesn't have all the replicas scheduled at the time of creation." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.autoCleanupSystemGeneratedSnapshot + label: Automatically Cleanup System Generated Snapshot + description: "This setting enables Longhorn to automatically cleanup the system generated snapshot after replica rebuild is done." + group: "Longhorn Default Settings" + type: boolean + default: "true" + - variable: defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit + label: Concurrent Automatic Engine Upgrade Per Node Limit + description: "This setting controls how Longhorn automatically upgrades volumes' engines to the new default engine image after upgrading Longhorn manager. The value of this setting specifies the maximum number of engines per node that are allowed to upgrade to the default engine image at the same time. If the value is 0, Longhorn will not automatically upgrade volumes' engines to default version." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 0 + - variable: defaultSettings.backingImageCleanupWaitInterval + label: Backing Image Cleanup Wait Interval + description: "This interval in minutes determines how long Longhorn will wait before cleaning up the backing image file when there is no replica in the disk using it." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 60 + - variable: defaultSettings.backingImageRecoveryWaitInterval + label: Backing Image Recovery Wait Interval + description: "This interval in seconds determines how long Longhorn will wait before re-downloading the backing image file when all disk files of this backing image become failed or unknown. + WARNING: + - This recovery only works for the backing image of which the creation type is \"download\". + - File state \"unknown\" means the related manager pods on the pod is not running or the node itself is down/disconnected." + group: "Longhorn Default Settings" + type: int + min: 0 + default: 300 + - variable: defaultSettings.guaranteedEngineManagerCPU + label: Guaranteed Engine Manager CPU + description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each engine manager Pod. For example, 10 means 10% of the total CPU on a node will be allocated to each engine manager pod on this node. This will help maintain engine stability during high node workload. + In order to prevent unexpected volume engine crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting: + Guaranteed Engine Manager CPU = The estimated max Longhorn volume engine count on a node * 0.1 / The total allocatable CPUs on the node * 100. + The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. + If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes. + WARNING: + - Value 0 means unsetting CPU requests for engine manager pods. + - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Engine Manager CPU' should not be greater than 40. + - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then. + - This global setting will be ignored for a node if the field \"EngineManagerCPURequest\" on the node is set. + - After this setting is changed, all engine manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 40 + default: 12 + - variable: defaultSettings.guaranteedReplicaManagerCPU + label: Guaranteed Replica Manager CPU + description: "This integer value indicates how many percentage of the total allocatable CPU on each node will be reserved for each replica manager Pod. 10 means 10% of the total CPU on a node will be allocated to each replica manager pod on this node. This will help maintain replica stability during high node workload. + In order to prevent unexpected volume replica crash as well as guarantee a relative acceptable IO performance, you can use the following formula to calculate a value for this setting: + Guaranteed Replica Manager CPU = The estimated max Longhorn volume replica count on a node * 0.1 / The total allocatable CPUs on the node * 100. + The result of above calculation doesn't mean that's the maximum CPU resources the Longhorn workloads require. To fully exploit the Longhorn volume I/O performance, you can allocate/guarantee more CPU resources via this setting. + If it's hard to estimate the usage now, you can leave it with the default value, which is 12%. Then you can tune it when there is no running workload using Longhorn volumes. + WARNING: + - Value 0 means unsetting CPU requests for replica manager pods. + - Considering the possible new instance manager pods in the further system upgrade, this integer value is range from 0 to 40. And the sum with setting 'Guaranteed Replica Manager CPU' should not be greater than 40. + - One more set of instance manager pods may need to be deployed when the Longhorn system is upgraded. If current available CPUs of the nodes are not enough for the new instance manager pods, you need to detach the volumes using the oldest instance manager pods so that Longhorn can clean up the old pods automatically and release the CPU resources. And the new pods with the latest instance manager image will be launched then. + - This global setting will be ignored for a node if the field \"ReplicaManagerCPURequest\" on the node is set. + - After this setting is changed, all replica manager pods using this global setting on all the nodes will be automatically restarted. In other words, DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES." + group: "Longhorn Default Settings" + type: int + min: 0 + max: 40 + default: 12 +- variable: defaultSettings.kubernetesClusterAutoscalerEnabled + label: Kubernetes Cluster Autoscaler Enabled (Experimental) + description: "Enabling this setting will notify Longhorn that the cluster is using Kubernetes Cluster Autoscaler. + Longhorn prevents data loss by only allowing the Cluster Autoscaler to scale down a node that met all conditions: + - No volume attached to the node. + - Is not the last node containing the replica of any volume. + - Is not running backing image components pod. + - Is not running share manager components pod." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.orphanAutoDeletion + label: Orphaned Data Cleanup + description: "This setting allows Longhorn to delete the orphan resource and its corresponding orphaned data automatically like stale replicas. Orphan resources on down or unknown nodes will not be cleaned up automatically." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.storageNetwork + label: Storage Network + description: "Longhorn uses the storage network for in-cluster data traffic. Leave this blank to use the Kubernetes cluster network. + To segregate the storage network, input the pre-existing NetworkAttachmentDefinition in \"/\" format. + WARNING: + - The cluster must have pre-existing Multus installed, and NetworkAttachmentDefinition IPs are reachable between nodes. + - DO NOT CHANGE THIS SETTING WITH ATTACHED VOLUMES. Longhorn will try to block this setting update when there are attached volumes. + - When applying the setting, Longhorn will restart all manager, instance-manager, and backing-image-manager pods." + group: "Longhorn Default Settings" + type: string + default: +- variable: defaultSettings.deletingConfirmationFlag + label: Deleting Confirmation Flag + description: "This flag is designed to prevent Longhorn from being accidentally uninstalled which will lead to data lost. + Set this flag to **true** to allow Longhorn uninstallation. + If this flag **false**, Longhorn uninstallation job will fail. " + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.engineReplicaTimeout + label: Timeout between Engine and Replica + description: "In seconds. The setting specifies the timeout between the engine and replica(s), and the value should be between 8 to 30 seconds. The default value is 8 seconds." + group: "Longhorn Default Settings" + type: int + default: "8" +- variable: defaultSettings.snapshotDataIntegrity + label: Snapshot Data Integrity + description: "This setting allows users to enable or disable snapshot hashing and data integrity checking. + Available options are + - **disabled**: Disable snapshot disk file hashing and data integrity checking. + - **enabled**: Enables periodic snapshot disk file hashing and data integrity checking. To detect the filesystem-unaware corruption caused by bit rot or other issues in snapshot disk files, Longhorn system periodically hashes files and finds corrupted ones. Hence, the system performance will be impacted during the periodical checking. + - **fast-check**: Enable snapshot disk file hashing and fast data integrity checking. Longhorn system only hashes snapshot disk files if their are not hashed or the modification time are changed. In this mode, filesystem-unaware corruption cannot be detected, but the impact on system performance can be minimized." + group: "Longhorn Default Settings" + type: string + default: "disabled" +- variable: defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation + label: Immediate Snapshot Data Integrity Check After Creating a Snapshot + description: "Hashing snapshot disk files impacts the performance of the system. The immediate snapshot hashing and checking can be disabled to minimize the impact after creating a snapshot." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.snapshotDataIntegrityCronjob + label: Snapshot Data Integrity Check CronJob + description: "Unix-cron string format. The setting specifies when Longhorn checks the data integrity of snapshot disk files. + Warning: Hashing snapshot disk files impacts the performance of the system. It is recommended to run data integrity checks during off-peak times and to reduce the frequency of checks." + group: "Longhorn Default Settings" + type: string + default: "0 0 */7 * *" +- variable: defaultSettings.removeSnapshotsDuringFilesystemTrim + label: Remove Snapshots During Filesystem Trim + description: "This setting allows Longhorn filesystem trim feature to automatically mark the latest snapshot and its ancestors as removed and stops at the snapshot containing multiple children.\n\n + Since Longhorn filesystem trim feature can be applied to the volume head and the followed continuous removed or system snapshots only.\n\n + Notice that trying to trim a removed files from a valid snapshot will do nothing but the filesystem will discard this kind of in-memory trimmable file info.\n\n + Later on if you mark the snapshot as removed and want to retry the trim, you may need to unmount and remount the filesystem so that the filesystem can recollect the trimmable file info." + group: "Longhorn Default Settings" + type: boolean + default: "false" +- variable: defaultSettings.fastReplicaRebuildEnabled + label: Fast Replica Rebuild Enabled + description: "This feature supports the fast replica rebuilding. It relies on the checksum of snapshot disk files, so setting the snapshot-data-integrity to **enable** or **fast-check** is a prerequisite." + group: "Longhorn Default Settings" + type: boolean + default: false +- variable: defaultSettings.replicaFileSyncHttpClientTimeout + label: Timeout of HTTP Client to Replica File Sync Server + description: "In seconds. The setting specifies the HTTP client timeout to the file sync server." + group: "Longhorn Default Settings" + type: int + default: "30" +- variable: persistence.defaultClass + default: "true" + description: "Set as default StorageClass for Longhorn" + label: Default Storage Class + group: "Longhorn Storage Class Settings" + required: true + type: boolean +- variable: persistence.reclaimPolicy + label: Storage Class Retain Policy + description: "Define reclaim policy (Retain or Delete)" + group: "Longhorn Storage Class Settings" + required: true + type: enum + options: + - "Delete" + - "Retain" + default: "Delete" +- variable: persistence.defaultClassReplicaCount + description: "Set replica count for Longhorn StorageClass" + label: Default Storage Class Replica Count + group: "Longhorn Storage Class Settings" + type: int + min: 1 + max: 10 + default: 3 +- variable: persistence.defaultDataLocality + description: "Set data locality for Longhorn StorageClass" + label: Default Storage Class Data Locality + group: "Longhorn Storage Class Settings" + type: enum + options: + - "disabled" + - "best-effort" + default: "disabled" +- variable: persistence.recurringJobSelector.enable + description: "Enable recurring job selector for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Recurring Job Selector + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.recurringJobSelector.jobList + description: 'Recurring job selector list for Longhorn StorageClass. Please be careful of quotes of input. e.g., [{"name":"backup", "isGroup":true}]' + label: Storage Class Recurring Job Selector List + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: defaultSettings.defaultNodeSelector.enable + description: "Enable recurring Node selector for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Enable Storage Class Node Selector + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: defaultSettings.defaultNodeSelector.selector + label: Storage Class Node Selector + description: 'We use NodeSelector when we want to bind PVC via StorageClass into desired mountpoint on the nodes tagged whith its value' + group: "Longhorn Default Settings" + type: string + default: +- variable: persistence.backingImage.enable + description: "Set backing image for Longhorn StorageClass" + group: "Longhorn Storage Class Settings" + label: Default Storage Class Backing Image + type: boolean + default: false + show_subquestion_if: true + subquestions: + - variable: persistence.backingImage.name + description: 'Specify a backing image that will be used by Longhorn volumes in Longhorn StorageClass. If not exists, the backing image data source type and backing image data source parameters should be specified so that Longhorn will create the backing image before using it.' + label: Storage Class Backing Image Name + group: "Longhorn Storage Class Settings" + type: string + default: + - variable: persistence.backingImage.expectedChecksum + description: 'Specify the expected SHA512 checksum of the selected backing image in Longhorn StorageClass. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - It is not recommended to set this field if the data source type is \"export-from-volume\".' + label: Storage Class Backing Image Expected SHA512 Checksum + group: "Longhorn Storage Class Settings" + type: string + default: + - variable: persistence.backingImage.dataSourceType + description: 'Specify the data source type for the backing image used in Longhorn StorageClass. + If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - As for backing image creation with data source type \"upload\", it is recommended to do it via UI rather than StorageClass here. Uploading requires file data sending to the Longhorn backend after the object creation, which is complicated if you want to handle it manually.' + label: Storage Class Backing Image Data Source Type + group: "Longhorn Storage Class Settings" + type: enum + options: + - "" + - "download" + - "upload" + - "export-from-volume" + default: "" + - variable: persistence.backingImage.dataSourceParameters + description: "Specify the data source parameters for the backing image used in Longhorn StorageClass. + If the backing image does not exists, Longhorn will use this field to create a backing image. Otherwise, Longhorn will use it to verify the selected backing image. + This option accepts a json string of a map. e.g., '{\"url\":\"https://backing-image-example.s3-region.amazonaws.com/test-backing-image\"}'. + WARNING: + - If the backing image name is not specified, setting this field is meaningless. + - Be careful of the quotes here." + label: Storage Class Backing Image Data Source Parameters + group: "Longhorn Storage Class Settings" + type: string + default: +- variable: persistence.removeSnapshotsDuringFilesystemTrim + description: "Allow automatically removing snapshots during filesystem trim for Longhorn StorageClass" + label: Default Storage Class Remove Snapshots During Filesystem Trim + group: "Longhorn Storage Class Settings" + type: enum + options: + - "ignored" + - "enabled" + - "disabled" + default: "ignored" +- variable: ingress.enabled + default: "false" + description: "Expose app using Layer 7 Load Balancer - ingress" + type: boolean + group: "Services and Load Balancing" + label: Expose app using Layer 7 Load Balancer + show_subquestion_if: true + subquestions: + - variable: ingress.host + default: "xip.io" + description: "layer 7 Load Balancer hostname" + type: hostname + required: true + label: Layer 7 Load Balancer Hostname + - variable: ingress.path + default: "/" + description: "If ingress is enabled you can set the default ingress path" + type: string + required: true + label: Ingress Path +- variable: service.ui.type + default: "Rancher-Proxy" + description: "Define Longhorn UI service type" + type: enum + options: + - "ClusterIP" + - "NodePort" + - "LoadBalancer" + - "Rancher-Proxy" + label: Longhorn UI Service + show_if: "ingress.enabled=false" + group: "Services and Load Balancing" + show_subquestion_if: "NodePort" + subquestions: + - variable: service.ui.nodePort + default: "" + description: "NodePort port number(to set explicitly, choose port between 30000-32767)" + type: int + min: 30000 + max: 32767 + show_if: "service.ui.type=NodePort||service.ui.type=LoadBalancer" + label: UI Service NodePort number +- variable: enablePSP + default: "false" + description: "Setup a pod security policy for Longhorn workloads." + label: Pod Security Policy + type: boolean + group: "Other Settings" +- variable: global.cattle.windowsCluster.enabled + default: "false" + description: "Enable this to allow Longhorn to run on the Rancher deployed Windows cluster." + label: Rancher Windows Cluster + type: boolean + group: "Other Settings" diff --git a/packages/longhorn/longhorn-1.4/charts/templates/NOTES.txt b/packages/longhorn/longhorn-1.4/charts/templates/NOTES.txt new file mode 100755 index 000000000..cca7cd77b --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/NOTES.txt @@ -0,0 +1,5 @@ +Longhorn is now installed on the cluster! + +Please wait a few minutes for other Longhorn components such as CSI deployments, Engine Images, and Instance Managers to be initialized. + +Visit our documentation at https://longhorn.io/docs/ diff --git a/packages/longhorn/longhorn-1.4/charts/templates/_helpers.tpl b/packages/longhorn/longhorn-1.4/charts/templates/_helpers.tpl new file mode 100755 index 000000000..3fbc2ac02 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "longhorn.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "longhorn.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "longhorn.managerIP" -}} +{{- $fullname := (include "longhorn.fullname" .) -}} +{{- printf "http://%s-backend:9500" $fullname | trunc 63 | trimSuffix "-" -}} +{{- end -}} + + +{{- define "secret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registryPasswd | b64enc) | b64enc }} +{{- end }} + +{{- /* +longhorn.labels generates the standard Helm labels. +*/ -}} +{{- define "longhorn.labels" -}} +app.kubernetes.io/name: {{ template "longhorn.name" . }} +helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{- end -}} + + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{- define "registry_url" -}} +{{- if .Values.privateRegistry.registryUrl -}} +{{- printf "%s/" .Values.privateRegistry.registryUrl -}} +{{- else -}} +{{ include "system_default_registry" . }} +{{- end -}} +{{- end -}} + +{{- /* + define the longhorn release namespace +*/ -}} +{{- define "release_namespace" -}} +{{- if .Values.namespaceOverride -}} +{{- .Values.namespaceOverride -}} +{{- else -}} +{{- .Release.Namespace -}} +{{- end -}} +{{- end -}} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/clusterrole.yaml b/packages/longhorn/longhorn-1.4/charts/templates/clusterrole.yaml new file mode 100755 index 000000000..bf28a4785 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/clusterrole.yaml @@ -0,0 +1,60 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: longhorn-role + labels: {{- include "longhorn.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: [""] + resources: ["pods", "events", "persistentvolumes", "persistentvolumeclaims","persistentvolumeclaims/status", "nodes", "proxy/nodes", "pods/log", "secrets", "services", "endpoints", "configmaps", "serviceaccounts"] + verbs: ["*"] +- apiGroups: [""] + resources: ["namespaces"] + verbs: ["get", "list"] +- apiGroups: ["apps"] + resources: ["daemonsets", "statefulsets", "deployments"] + verbs: ["*"] +- apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] +- apiGroups: ["policy"] + resources: ["poddisruptionbudgets", "podsecuritypolicies"] + verbs: ["*"] +- apiGroups: ["scheduling.k8s.io"] + resources: ["priorityclasses"] + verbs: ["watch", "list"] +- apiGroups: ["storage.k8s.io"] + resources: ["storageclasses", "volumeattachments", "volumeattachments/status", "csinodes", "csidrivers"] + verbs: ["*"] +- apiGroups: ["snapshot.storage.k8s.io"] + resources: ["volumesnapshotclasses", "volumesnapshots", "volumesnapshotcontents", "volumesnapshotcontents/status"] + verbs: ["*"] +- apiGroups: ["longhorn.io"] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status"] + verbs: ["*"] +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: ["*"] +- apiGroups: ["metrics.k8s.io"] + resources: ["pods", "nodes"] + verbs: ["get", "list"] +- apiGroups: ["apiregistration.k8s.io"] + resources: ["apiservices"] + verbs: ["list", "watch"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "create", "patch", "delete"] +- apiGroups: ["rbac.authorization.k8s.io"] + resources: ["roles", "rolebindings", "clusterrolebindings", "clusterroles"] + verbs: ["*"] diff --git a/packages/longhorn/longhorn-1.4/charts/templates/clusterrolebinding.yaml b/packages/longhorn/longhorn-1.4/charts/templates/clusterrolebinding.yaml new file mode 100755 index 000000000..8ab944b23 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/clusterrolebinding.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-bind + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: longhorn-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: longhorn-support-bundle + labels: {{- include "longhorn.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: longhorn-support-bundle + namespace: {{ include "release_namespace" . }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/daemonset-sa.yaml b/packages/longhorn/longhorn-1.4/charts/templates/daemonset-sa.yaml new file mode 100755 index 000000000..63f98cd12 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/daemonset-sa.yaml @@ -0,0 +1,147 @@ +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-manager + namespace: {{ include "release_namespace" . }} +spec: + selector: + matchLabels: + app: longhorn-manager + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-manager + {{- with .Values.annotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + initContainers: + - name: wait-longhorn-admission-webhook + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-admission-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + command: + - longhorn-manager + - -d + {{- if eq .Values.longhornManager.log.format "json" }} + - -j + {{- end }} + - daemon + - --engine-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.engine.repository }}:{{ .Values.image.longhorn.engine.tag }}" + - --instance-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.instanceManager.repository }}:{{ .Values.image.longhorn.instanceManager.tag }}" + - --share-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.shareManager.repository }}:{{ .Values.image.longhorn.shareManager.tag }}" + - --backing-image-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.backingImageManager.repository }}:{{ .Values.image.longhorn.backingImageManager.tag }}" + - --support-bundle-manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.supportBundleKit.repository }}:{{ .Values.image.longhorn.supportBundleKit.tag }}" + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --service-account + - longhorn-service-account + ports: + - containerPort: 9500 + name: manager + readinessProbe: + tcpSocket: + port: 9500 + volumeMounts: + - name: dev + mountPath: /host/dev/ + - name: proc + mountPath: /host/proc/ + - name: longhorn + mountPath: /var/lib/longhorn/ + mountPropagation: Bidirectional + - name: longhorn-grpc-tls + mountPath: /tls-files/ + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + volumes: + - name: dev + hostPath: + path: /dev/ + - name: proc + hostPath: + path: /proc/ + - name: longhorn + hostPath: + path: /var/lib/longhorn/ + - name: longhorn-grpc-tls + secret: + secretName: longhorn-grpc-tls + optional: true + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.tolerations }} +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account + updateStrategy: + rollingUpdate: + maxUnavailable: "100%" +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-manager + name: longhorn-backend + namespace: {{ include "release_namespace" . }} + {{- if .Values.longhornManager.serviceAnnotations }} + annotations: +{{ toYaml .Values.longhornManager.serviceAnnotations | indent 4 }} + {{- end }} +spec: + type: {{ .Values.service.manager.type }} + sessionAffinity: ClientIP + selector: + app: longhorn-manager + ports: + - name: manager + port: 9500 + targetPort: manager + {{- if .Values.service.manager.nodePort }} + nodePort: {{ .Values.service.manager.nodePort }} + {{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/default-setting.yaml b/packages/longhorn/longhorn-1.4/charts/templates/default-setting.yaml new file mode 100755 index 000000000..f65b7f1e5 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/default-setting.yaml @@ -0,0 +1,80 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-default-setting + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + default-setting.yaml: |- + {{ if not (kindIs "invalid" .Values.defaultSettings.backupTarget) }}backup-target: {{ .Values.defaultSettings.backupTarget }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.backupTargetCredentialSecret) }}backup-target-credential-secret: {{ .Values.defaultSettings.backupTargetCredentialSecret }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.allowRecurringJobWhileVolumeDetached) }}allow-recurring-job-while-volume-detached: {{ .Values.defaultSettings.allowRecurringJobWhileVolumeDetached }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.createDefaultDiskLabeledNodes) }}create-default-disk-labeled-nodes: {{ .Values.defaultSettings.createDefaultDiskLabeledNodes }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.defaultDataPath) }}default-data-path: {{ .Values.defaultSettings.defaultDataPath }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.replicaSoftAntiAffinity) }}replica-soft-anti-affinity: {{ .Values.defaultSettings.replicaSoftAntiAffinity }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.replicaAutoBalance) }}replica-auto-balance: {{ .Values.defaultSettings.replicaAutoBalance }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.storageOverProvisioningPercentage) }}storage-over-provisioning-percentage: {{ .Values.defaultSettings.storageOverProvisioningPercentage }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.storageMinimalAvailablePercentage) }}storage-minimal-available-percentage: {{ .Values.defaultSettings.storageMinimalAvailablePercentage }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.upgradeChecker) }}upgrade-checker: {{ .Values.defaultSettings.upgradeChecker }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.defaultReplicaCount) }}default-replica-count: {{ .Values.defaultSettings.defaultReplicaCount }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.defaultDataLocality) }}default-data-locality: {{ .Values.defaultSettings.defaultDataLocality }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.defaultLonghornStaticStorageClass) }}default-longhorn-static-storage-class: {{ .Values.defaultSettings.defaultLonghornStaticStorageClass }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.backupstorePollInterval) }}backupstore-poll-interval: {{ .Values.defaultSettings.backupstorePollInterval }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.failedBackupTTL) }}failed-backup-ttl: {{ .Values.defaultSettings.failedBackupTTL }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.restoreVolumeRecurringJobs) }}restore-volume-recurring-jobs: {{ .Values.defaultSettings.restoreVolumeRecurringJobs }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit) }}recurring-successful-jobs-history-limit: {{ .Values.defaultSettings.recurringSuccessfulJobsHistoryLimit }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.recurringFailedJobsHistoryLimit) }}recurring-failed-jobs-history-limit: {{ .Values.defaultSettings.recurringFailedJobsHistoryLimit }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.supportBundleFailedHistoryLimit) }}support-bundle-failed-history-limit: {{ .Values.defaultSettings.supportBundleFailedHistoryLimit }}{{ end }} + {{- if or (not (kindIs "invalid" .Values.defaultSettings.taintToleration)) (.Values.global.cattle.windowsCluster.enabled) }} + taint-toleration: {{ $windowsDefaultSettingTaintToleration := list }}{{ $defaultSettingTaintToleration := list -}} + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}} + {{- $windowsDefaultSettingTaintToleration = .Values.global.cattle.windowsCluster.defaultSetting.taintToleration -}} + {{- end -}} + {{- if not (kindIs "invalid" .Values.defaultSettings.taintToleration) -}} + {{- $defaultSettingTaintToleration = .Values.defaultSettings.taintToleration -}} + {{- end -}} + {{- $taintToleration := list $windowsDefaultSettingTaintToleration $defaultSettingTaintToleration }}{{ join ";" (compact $taintToleration) -}} + {{- end }} + {{- if or (not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector)) (.Values.global.cattle.windowsCluster.enabled) }} + system-managed-components-node-selector: {{ $windowsDefaultSettingNodeSelector := list }}{{ $defaultSettingNodeSelector := list -}} + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}} + {{ $windowsDefaultSettingNodeSelector = .Values.global.cattle.windowsCluster.defaultSetting.systemManagedComponentsNodeSelector -}} + {{- end -}} + {{- if not (kindIs "invalid" .Values.defaultSettings.systemManagedComponentsNodeSelector) -}} + {{- $defaultSettingNodeSelector = .Values.defaultSettings.systemManagedComponentsNodeSelector -}} + {{- end -}} + {{- $nodeSelector := list $windowsDefaultSettingNodeSelector $defaultSettingNodeSelector }}{{ join ";" (compact $nodeSelector) -}} + {{- end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.priorityClass) }}priority-class: {{ .Values.defaultSettings.priorityClass }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.autoSalvage) }}auto-salvage: {{ .Values.defaultSettings.autoSalvage }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly) }}auto-delete-pod-when-volume-detached-unexpectedly: {{ .Values.defaultSettings.autoDeletePodWhenVolumeDetachedUnexpectedly }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.disableSchedulingOnCordonedNode) }}disable-scheduling-on-cordoned-node: {{ .Values.defaultSettings.disableSchedulingOnCordonedNode }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.replicaZoneSoftAntiAffinity) }}replica-zone-soft-anti-affinity: {{ .Values.defaultSettings.replicaZoneSoftAntiAffinity }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.nodeDownPodDeletionPolicy) }}node-down-pod-deletion-policy: {{ .Values.defaultSettings.nodeDownPodDeletionPolicy }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica) }}allow-node-drain-with-last-healthy-replica: {{ .Values.defaultSettings.allowNodeDrainWithLastHealthyReplica }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.nodeDrainPolicy) }}node-drain-policy: {{ .Values.defaultSettings.nodeDrainPolicy }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.mkfsExt4Parameters) }}mkfs-ext4-parameters: {{ .Values.defaultSettings.mkfsExt4Parameters }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.disableReplicaRebuild) }}disable-replica-rebuild: {{ .Values.defaultSettings.disableReplicaRebuild }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.replicaReplenishmentWaitInterval) }}replica-replenishment-wait-interval: {{ .Values.defaultSettings.replicaReplenishmentWaitInterval }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit) }}concurrent-replica-rebuild-per-node-limit: {{ .Values.defaultSettings.concurrentReplicaRebuildPerNodeLimit }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit) }}concurrent-volume-backup-restore-per-node-limit: {{ .Values.defaultSettings.concurrentVolumeBackupRestorePerNodeLimit }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.disableRevisionCounter) }}disable-revision-counter: {{ .Values.defaultSettings.disableRevisionCounter }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.systemManagedPodsImagePullPolicy) }}system-managed-pods-image-pull-policy: {{ .Values.defaultSettings.systemManagedPodsImagePullPolicy }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability) }}allow-volume-creation-with-degraded-availability: {{ .Values.defaultSettings.allowVolumeCreationWithDegradedAvailability }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot) }}auto-cleanup-system-generated-snapshot: {{ .Values.defaultSettings.autoCleanupSystemGeneratedSnapshot }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit) }}concurrent-automatic-engine-upgrade-per-node-limit: {{ .Values.defaultSettings.concurrentAutomaticEngineUpgradePerNodeLimit }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.backingImageCleanupWaitInterval) }}backing-image-cleanup-wait-interval: {{ .Values.defaultSettings.backingImageCleanupWaitInterval }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.backingImageRecoveryWaitInterval) }}backing-image-recovery-wait-interval: {{ .Values.defaultSettings.backingImageRecoveryWaitInterval }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.guaranteedEngineManagerCPU) }}guaranteed-engine-manager-cpu: {{ .Values.defaultSettings.guaranteedEngineManagerCPU }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.guaranteedReplicaManagerCPU) }}guaranteed-replica-manager-cpu: {{ .Values.defaultSettings.guaranteedReplicaManagerCPU }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.kubernetesClusterAutoscalerEnabled) }}kubernetes-cluster-autoscaler-enabled: {{ .Values.defaultSettings.kubernetesClusterAutoscalerEnabled }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.orphanAutoDeletion) }}orphan-auto-deletion: {{ .Values.defaultSettings.orphanAutoDeletion }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.storageNetwork) }}storage-network: {{ .Values.defaultSettings.storageNetwork }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.deletingConfirmationFlag) }}deleting-confirmation-flag: {{ .Values.defaultSettings.deletingConfirmationFlag }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.engineReplicaTimeout) }}engine-replica-timeout: {{ .Values.defaultSettings.engineReplicaTimeout }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrity) }}snapshot-data-integrity: {{ .Values.defaultSettings.snapshotDataIntegrity }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation) }}snapshot-data-integrity-immediate-check-after-snapshot-creation: {{ .Values.defaultSettings.snapshotDataIntegrityImmediateCheckAfterSnapshotCreation }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.snapshotDataIntegrityCronjob) }}snapshot-data-integrity-cronjob: {{ .Values.defaultSettings.snapshotDataIntegrityCronjob }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim) }}remove-snapshots-during-filesystem-trim: {{ .Values.defaultSettings.removeSnapshotsDuringFilesystemTrim }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.fastReplicaRebuildEnabled) }}fast-replica-rebuild-enabled: {{ .Values.defaultSettings.fastReplicaRebuildEnabled }}{{ end }} + {{ if not (kindIs "invalid" .Values.defaultSettings.replicaFileSyncHttpClientTimeout) }}replica-file-sync-http-client-timeout: {{ .Values.defaultSettings.replicaFileSyncHttpClientTimeout }}{{ end }} \ No newline at end of file diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-driver.yaml b/packages/longhorn/longhorn-1.4/charts/templates/deployment-driver.yaml new file mode 100755 index 000000000..f162fbf79 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/deployment-driver.yaml @@ -0,0 +1,118 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: longhorn-driver-deployer + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: longhorn-driver-deployer + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-driver-deployer + spec: + initContainers: + - name: wait-longhorn-manager + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" http://longhorn-backend:9500/v1) != "200" ]; do echo waiting; sleep 2; done'] + containers: + - name: longhorn-driver-deployer + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - longhorn-manager + - -d + - deploy-driver + - --manager-image + - "{{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }}" + - --manager-url + - http://longhorn-backend:9500/v1 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + {{- if .Values.csi.kubeletRootDir }} + - name: KUBELET_ROOT_DIR + value: {{ .Values.csi.kubeletRootDir }} + {{- end }} + {{- if and .Values.image.csi.attacher.repository .Values.image.csi.attacher.tag }} + - name: CSI_ATTACHER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.attacher.repository }}:{{ .Values.image.csi.attacher.tag }}" + {{- end }} + {{- if and .Values.image.csi.provisioner.repository .Values.image.csi.provisioner.tag }} + - name: CSI_PROVISIONER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.provisioner.repository }}:{{ .Values.image.csi.provisioner.tag }}" + {{- end }} + {{- if and .Values.image.csi.nodeDriverRegistrar.repository .Values.image.csi.nodeDriverRegistrar.tag }} + - name: CSI_NODE_DRIVER_REGISTRAR_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.nodeDriverRegistrar.repository }}:{{ .Values.image.csi.nodeDriverRegistrar.tag }}" + {{- end }} + {{- if and .Values.image.csi.resizer.repository .Values.image.csi.resizer.tag }} + - name: CSI_RESIZER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.resizer.repository }}:{{ .Values.image.csi.resizer.tag }}" + {{- end }} + {{- if and .Values.image.csi.snapshotter.repository .Values.image.csi.snapshotter.tag }} + - name: CSI_SNAPSHOTTER_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.snapshotter.repository }}:{{ .Values.image.csi.snapshotter.tag }}" + {{- end }} + {{- if and .Values.image.csi.livenessProbe.repository .Values.image.csi.livenessProbe.tag }} + - name: CSI_LIVENESS_PROBE_IMAGE + value: "{{ template "registry_url" . }}{{ .Values.image.csi.livenessProbe.repository }}:{{ .Values.image.csi.livenessProbe.tag }}" + {{- end }} + {{- if .Values.csi.attacherReplicaCount }} + - name: CSI_ATTACHER_REPLICA_COUNT + value: {{ .Values.csi.attacherReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.provisionerReplicaCount }} + - name: CSI_PROVISIONER_REPLICA_COUNT + value: {{ .Values.csi.provisionerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.resizerReplicaCount }} + - name: CSI_RESIZER_REPLICA_COUNT + value: {{ .Values.csi.resizerReplicaCount | quote }} + {{- end }} + {{- if .Values.csi.snapshotterReplicaCount }} + - name: CSI_SNAPSHOTTER_REPLICA_COUNT + value: {{ .Values.csi.snapshotterReplicaCount | quote }} + {{- end }} + + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornDriver.priorityClass }} + priorityClassName: {{ .Values.longhornDriver.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornDriver.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornDriver.tolerations }} +{{ toYaml .Values.longhornDriver.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornDriver.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornDriver.nodeSelector }} +{{ toYaml .Values.longhornDriver.nodeSelector | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account + securityContext: + runAsUser: 0 diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-recovery-backend.yaml b/packages/longhorn/longhorn-1.4/charts/templates/deployment-recovery-backend.yaml new file mode 100755 index 000000000..81c8abad5 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/deployment-recovery-backend.yaml @@ -0,0 +1,83 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-recovery-backend + name: longhorn-recovery-backend + namespace: {{ include "release_namespace" . }} +spec: + replicas: {{ .Values.longhornRecoveryBackend.replicas }} + selector: + matchLabels: + app: longhorn-recovery-backend + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-recovery-backend + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-recovery-backend + topologyKey: kubernetes.io/hostname + containers: + - name: longhorn-recovery-backend + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 2000 + command: + - longhorn-manager + - recovery-backend + - --service-account + - longhorn-service-account + ports: + - containerPort: 9600 + name: recov-backend + readinessProbe: + tcpSocket: + port: 9600 + initialDelaySeconds: 3 + periodSeconds: 5 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornRecoveryBackend.priorityClass }} + priorityClassName: {{ .Values.longhornRecoveryBackend.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornRecoveryBackend.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornRecoveryBackend.tolerations }} +{{ toYaml .Values.longhornRecoveryBackend.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornRecoveryBackend.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornRecoveryBackend.nodeSelector }} +{{ toYaml .Values.longhornRecoveryBackend.nodeSelector | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-ui.yaml b/packages/longhorn/longhorn-1.4/charts/templates/deployment-ui.yaml new file mode 100755 index 000000000..6bad5cd4e --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/deployment-ui.yaml @@ -0,0 +1,114 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + name: longhorn-ui + namespace: {{ include "release_namespace" . }} +spec: + replicas: {{ .Values.longhornUI.replicas }} + selector: + matchLabels: + app: longhorn-ui + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-ui + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-ui + topologyKey: kubernetes.io/hostname + containers: + - name: longhorn-ui + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.ui.repository }}:{{ .Values.image.longhorn.ui.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name : nginx-cache + mountPath: /var/cache/nginx/ + - name : nginx-config + mountPath: /var/config/nginx/ + - name: var-run + mountPath: /var/run/ + ports: + - containerPort: 8000 + name: http + env: + - name: LONGHORN_MANAGER_IP + value: "http://longhorn-backend:9500" + - name: LONGHORN_UI_PORT + value: "8000" + volumes: + - emptyDir: {} + name: nginx-cache + - emptyDir: {} + name: nginx-config + - emptyDir: {} + name: var-run + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornUI.priorityClass }} + priorityClassName: {{ .Values.longhornUI.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornUI.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornUI.tolerations }} +{{ toYaml .Values.longhornUI.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornUI.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornUI.nodeSelector }} +{{ toYaml .Values.longhornUI.nodeSelector | indent 8 }} + {{- end }} + {{- end }} +--- +kind: Service +apiVersion: v1 +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ui + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + kubernetes.io/cluster-service: "true" + {{- end }} + name: longhorn-frontend + namespace: {{ include "release_namespace" . }} +spec: + {{- if eq .Values.service.ui.type "Rancher-Proxy" }} + type: ClusterIP + {{- else }} + type: {{ .Values.service.ui.type }} + {{- end }} + {{- if and .Values.service.ui.loadBalancerIP (eq .Values.service.ui.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.ui.loadBalancerIP }} + {{- end }} + {{- if and (eq .Values.service.ui.type "LoadBalancer") .Values.service.ui.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{- toYaml .Values.service.ui.loadBalancerSourceRanges | nindent 4 }} + {{- end }} + selector: + app: longhorn-ui + ports: + - name: http + port: 80 + targetPort: http + {{- if .Values.service.ui.nodePort }} + nodePort: {{ .Values.service.ui.nodePort }} + {{- else }} + nodePort: null + {{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-webhook.yaml b/packages/longhorn/longhorn-1.4/charts/templates/deployment-webhook.yaml new file mode 100755 index 000000000..c4d353a90 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/deployment-webhook.yaml @@ -0,0 +1,166 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-conversion-webhook + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} +spec: + replicas: {{ .Values.longhornConversionWebhook.replicas }} + selector: + matchLabels: + app: longhorn-conversion-webhook + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-conversion-webhook + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-conversion-webhook + topologyKey: kubernetes.io/hostname + containers: + - name: longhorn-conversion-webhook + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 2000 + command: + - longhorn-manager + - conversion-webhook + - --service-account + - longhorn-service-account + ports: + - containerPort: 9443 + name: conversion-wh + readinessProbe: + tcpSocket: + port: 9443 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornConversionWebhook.priorityClass }} + priorityClassName: {{ .Values.longhornConversionWebhook.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornConversionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornConversionWebhook.tolerations }} +{{ toYaml .Values.longhornConversionWebhook.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornConversionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornConversionWebhook.nodeSelector }} +{{ toYaml .Values.longhornConversionWebhook.nodeSelector | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-admission-webhook + name: longhorn-admission-webhook + namespace: {{ include "release_namespace" . }} +spec: + replicas: {{ .Values.longhornAdmissionWebhook.replicas }} + selector: + matchLabels: + app: longhorn-admission-webhook + template: + metadata: + labels: {{- include "longhorn.labels" . | nindent 8 }} + app: longhorn-admission-webhook + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - longhorn-admission-webhook + topologyKey: kubernetes.io/hostname + initContainers: + - name: wait-longhorn-conversion-webhook + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + command: ['sh', '-c', 'while [ $(curl -m 1 -s -o /dev/null -w "%{http_code}" -k https://longhorn-conversion-webhook:9443/v1/healthz) != "200" ]; do echo waiting; sleep 2; done'] + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 2000 + containers: + - name: longhorn-admission-webhook + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 2000 + command: + - longhorn-manager + - admission-webhook + - --service-account + - longhorn-service-account + ports: + - containerPort: 9443 + name: admission-wh + readinessProbe: + tcpSocket: + port: 9443 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornAdmissionWebhook.priorityClass }} + priorityClassName: {{ .Values.longhornAdmissionWebhook.priorityClass | quote }} + {{- end }} + {{- if or .Values.longhornAdmissionWebhook.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornAdmissionWebhook.tolerations }} +{{ toYaml .Values.longhornAdmissionWebhook.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornAdmissionWebhook.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornAdmissionWebhook.nodeSelector }} +{{ toYaml .Values.longhornAdmissionWebhook.nodeSelector | indent 8 }} + {{- end }} + {{- end }} + serviceAccountName: longhorn-service-account diff --git a/packages/longhorn/longhorn-1.4/charts/templates/ingress.yaml b/packages/longhorn/longhorn-1.4/charts/templates/ingress.yaml new file mode 100755 index 000000000..ee47f8b8d --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/ingress.yaml @@ -0,0 +1,48 @@ +{{- if .Values.ingress.enabled }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} +apiVersion: networking.k8s.io/v1 +{{- else -}} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: longhorn-ingress + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-ingress + annotations: + {{- if .Values.ingress.secureBackends }} + ingress.kubernetes.io/secure-backends: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + {{- if and .Values.ingress.ingressClassName (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} + ingressClassName: {{ .Values.ingress.ingressClassName }} + {{- end }} + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ default "" .Values.ingress.path }} + {{- if (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} + pathType: ImplementationSpecific + {{- end }} + backend: + {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + service: + name: longhorn-frontend + port: + number: 80 + {{- else }} + serviceName: longhorn-frontend + servicePort: 80 + {{- end }} +{{- if .Values.ingress.tls }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tlsSecret }} +{{- end }} +{{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/postupgrade-job.yaml b/packages/longhorn/longhorn-1.4/charts/templates/postupgrade-job.yaml new file mode 100755 index 000000000..b9b2eeb21 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/postupgrade-job.yaml @@ -0,0 +1,58 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation + name: longhorn-post-upgrade + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-post-upgrade + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-post-upgrade + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + command: + - longhorn-manager + - post-upgrade + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.tolerations }} +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.longhornManager.nodeSelector }} +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + {{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/psp.yaml b/packages/longhorn/longhorn-1.4/charts/templates/psp.yaml new file mode 100755 index 000000000..a2dfc05be --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/psp.yaml @@ -0,0 +1,66 @@ +{{- if .Values.enablePSP }} +apiVersion: policy/v1beta1 +kind: PodSecurityPolicy +metadata: + name: longhorn-psp + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + privileged: true + allowPrivilegeEscalation: true + requiredDropCapabilities: + - NET_RAW + allowedCapabilities: + - SYS_ADMIN + hostNetwork: false + hostIPC: false + hostPID: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + fsGroup: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - configMap + - downwardAPI + - emptyDir + - secret + - projected + - hostPath +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: longhorn-psp-role + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +rules: +- apiGroups: + - policy + resources: + - podsecuritypolicies + verbs: + - use + resourceNames: + - longhorn-psp +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: longhorn-psp-binding + labels: {{- include "longhorn.labels" . | nindent 4 }} + namespace: {{ include "release_namespace" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: longhorn-psp-role +subjects: +- kind: ServiceAccount + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} +- kind: ServiceAccount + name: default + namespace: {{ include "release_namespace" . }} +{{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/registry-secret.yaml b/packages/longhorn/longhorn-1.4/charts/templates/registry-secret.yaml new file mode 100755 index 000000000..3c6b1dc51 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/registry-secret.yaml @@ -0,0 +1,13 @@ +{{- if .Values.privateRegistry.createSecret }} +{{- if .Values.privateRegistry.registrySecret }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.privateRegistry.registrySecret }} + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "secret" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/longhorn/longhorn-1.4/charts/templates/serviceaccount.yaml b/packages/longhorn/longhorn-1.4/charts/templates/serviceaccount.yaml new file mode 100755 index 000000000..a563d68ca --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/serviceaccount.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-service-account + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: longhorn-support-bundle + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} \ No newline at end of file diff --git a/packages/longhorn/longhorn-1.4/charts/templates/services.yaml b/packages/longhorn/longhorn-1.4/charts/templates/services.yaml new file mode 100755 index 000000000..cd008db04 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/services.yaml @@ -0,0 +1,74 @@ +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-conversion-webhook + name: longhorn-conversion-webhook + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + sessionAffinity: ClientIP + selector: + app: longhorn-conversion-webhook + ports: + - name: conversion-webhook + port: 9443 + targetPort: conversion-wh +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-admission-webhook + name: longhorn-admission-webhook + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + sessionAffinity: ClientIP + selector: + app: longhorn-admission-webhook + ports: + - name: admission-webhook + port: 9443 + targetPort: admission-wh +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + app: longhorn-recovery-backend + name: longhorn-recovery-backend + namespace: {{ include "release_namespace" . }} +spec: + type: ClusterIP + sessionAffinity: ClientIP + selector: + app: longhorn-recovery-backend + ports: + - name: recovery-backend + port: 9600 + targetPort: recov-backend +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + name: longhorn-engine-manager + namespace: {{ include "release_namespace" . }} +spec: + clusterIP: None + selector: + longhorn.io/component: instance-manager + longhorn.io/instance-manager-type: engine +--- +apiVersion: v1 +kind: Service +metadata: + labels: {{- include "longhorn.labels" . | nindent 4 }} + name: longhorn-replica-manager + namespace: {{ include "release_namespace" . }} +spec: + clusterIP: None + selector: + longhorn.io/component: instance-manager + longhorn.io/instance-manager-type: replica diff --git a/packages/longhorn/longhorn-1.4/charts/templates/storageclass.yaml b/packages/longhorn/longhorn-1.4/charts/templates/storageclass.yaml new file mode 100755 index 000000000..68325177e --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/storageclass.yaml @@ -0,0 +1,44 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: longhorn-storageclass + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +data: + storageclass.yaml: | + kind: StorageClass + apiVersion: storage.k8s.io/v1 + metadata: + name: longhorn + annotations: + storageclass.kubernetes.io/is-default-class: {{ .Values.persistence.defaultClass | quote }} + provisioner: driver.longhorn.io + allowVolumeExpansion: true + reclaimPolicy: "{{ .Values.persistence.reclaimPolicy }}" + volumeBindingMode: Immediate + parameters: + numberOfReplicas: "{{ .Values.persistence.defaultClassReplicaCount }}" + staleReplicaTimeout: "30" + fromBackup: "" + {{- if .Values.persistence.defaultFsType }} + fsType: "{{ .Values.persistence.defaultFsType }}" + {{- end }} + {{- if .Values.persistence.defaultMkfsParams }} + mkfsParams: "{{ .Values.persistence.defaultMkfsParams }}" + {{- end }} + {{- if .Values.persistence.migratable }} + migratable: "{{ .Values.persistence.migratable }}" + {{- end }} + {{- if .Values.persistence.backingImage.enable }} + backingImage: {{ .Values.persistence.backingImage.name }} + backingImageDataSourceType: {{ .Values.persistence.backingImage.dataSourceType }} + backingImageDataSourceParameters: {{ .Values.persistence.backingImage.dataSourceParameters }} + backingImageChecksum: {{ .Values.persistence.backingImage.expectedChecksum }} + {{- end }} + {{- if .Values.persistence.recurringJobSelector.enable }} + recurringJobSelector: '{{ .Values.persistence.recurringJobSelector.jobList }}' + {{- end }} + dataLocality: {{ .Values.persistence.defaultDataLocality | quote }} + {{- if .Values.persistence.defaultNodeSelector.enable }} + nodeSelector: "{{ .Values.persistence.defaultNodeSelector.selector }}" + {{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/tls-secrets.yaml b/packages/longhorn/longhorn-1.4/charts/templates/tls-secrets.yaml new file mode 100755 index 000000000..74c43426d --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/tls-secrets.yaml @@ -0,0 +1,16 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "release_namespace" $ }} + labels: {{- include "longhorn.labels" $ | nindent 4 }} + app: longhorn +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/uninstall-job.yaml b/packages/longhorn/longhorn-1.4/charts/templates/uninstall-job.yaml new file mode 100755 index 000000000..989933d96 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/uninstall-job.yaml @@ -0,0 +1,59 @@ +apiVersion: batch/v1 +kind: Job +metadata: + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + name: longhorn-uninstall + namespace: {{ include "release_namespace" . }} + labels: {{- include "longhorn.labels" . | nindent 4 }} +spec: + activeDeadlineSeconds: 900 + backoffLimit: 1 + template: + metadata: + name: longhorn-uninstall + labels: {{- include "longhorn.labels" . | nindent 8 }} + spec: + containers: + - name: longhorn-uninstall + image: {{ template "registry_url" . }}{{ .Values.image.longhorn.manager.repository }}:{{ .Values.image.longhorn.manager.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + privileged: true + command: + - longhorn-manager + - uninstall + - --force + env: + - name: LONGHORN_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: Never + {{- if .Values.privateRegistry.registrySecret }} + imagePullSecrets: + - name: {{ .Values.privateRegistry.registrySecret }} + {{- end }} + {{- if .Values.longhornManager.priorityClass }} + priorityClassName: {{ .Values.longhornManager.priorityClass | quote }} + {{- end }} + serviceAccountName: longhorn-service-account + {{- if or .Values.longhornManager.tolerations .Values.global.cattle.windowsCluster.enabled }} + tolerations: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.tolerations }} +{{ toYaml .Values.global.cattle.windowsCluster.tolerations | indent 6 }} + {{- end }} + {{- if .Values.longhornManager.tolerations }} +{{ toYaml .Values.longhornManager.tolerations | indent 6 }} + {{- end }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector .Values.global.cattle.windowsCluster.enabled }} + nodeSelector: + {{- if and .Values.global.cattle.windowsCluster.enabled .Values.global.cattle.windowsCluster.nodeSelector }} +{{ toYaml .Values.global.cattle.windowsCluster.nodeSelector | indent 8 }} + {{- end }} + {{- if or .Values.longhornManager.nodeSelector }} +{{ toYaml .Values.longhornManager.nodeSelector | indent 8 }} + {{- end }} + {{- end }} diff --git a/packages/longhorn/longhorn-1.4/charts/templates/userroles.yaml b/packages/longhorn/longhorn-1.4/charts/templates/userroles.yaml new file mode 100644 index 000000000..c8eeef508 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/userroles.yaml @@ -0,0 +1,50 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-admin" + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-edit" + labels: + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status"] + verbs: [ "*" ] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: "longhorn-view" + labels: + rbac.authorization.k8s.io/aggregate-to-view: "true" +rules: +- apiGroups: [ "longhorn.io" ] + resources: ["volumes", "volumes/status", "engines", "engines/status", "replicas", "replicas/status", "settings", + "engineimages", "engineimages/status", "nodes", "nodes/status", "instancemanagers", "instancemanagers/status", + "sharemanagers", "sharemanagers/status", "backingimages", "backingimages/status", + "backingimagemanagers", "backingimagemanagers/status", "backingimagedatasources", "backingimagedatasources/status", + "backuptargets", "backuptargets/status", "backupvolumes", "backupvolumes/status", "backups", "backups/status", + "recurringjobs", "recurringjobs/status", "orphans", "orphans/status", "snapshots", "snapshots/status", + "supportbundles", "supportbundles/status", "systembackups", "systembackups/status", "systemrestores", "systemrestores/status"] + verbs: [ "get", "list", "watch" ] \ No newline at end of file diff --git a/packages/longhorn/longhorn-1.4/charts/templates/validate-install-crd.yaml b/packages/longhorn/longhorn-1.4/charts/templates/validate-install-crd.yaml new file mode 100644 index 000000000..cd2471281 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/validate-install-crd.yaml @@ -0,0 +1,33 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +# {{- $found := dict -}} +# {{- set $found "longhorn.io/v1beta1/BackingImageDataSource" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImageManager" false -}} +# {{- set $found "longhorn.io/v1beta1/BackingImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Backup" false -}} +# {{- set $found "longhorn.io/v1beta1/BackupTarget" false -}} +# {{- set $found "longhorn.io/v1beta1/BackupVolume" false -}} +# {{- set $found "longhorn.io/v1beta1/EngineImage" false -}} +# {{- set $found "longhorn.io/v1beta1/Engine" false -}} +# {{- set $found "longhorn.io/v1beta1/InstanceManager" false -}} +# {{- set $found "longhorn.io/v1beta1/Node" false -}} +# {{- set $found "longhorn.io/v1beta2/Orphan" false -}} +# {{- set $found "longhorn.io/v1beta1/RecurringJob" false -}} +# {{- set $found "longhorn.io/v1beta1/Replica" false -}} +# {{- set $found "longhorn.io/v1beta1/Setting" false -}} +# {{- set $found "longhorn.io/v1beta1/ShareManager" false -}} +# {{- set $found "longhorn.io/v1beta2/Snapshot" false -}} +# {{- set $found "longhorn.io/v1beta2/SupportBundle" false -}} +# {{- set $found "longhorn.io/v1beta2/SystemBackup" false -}} +# {{- set $found "longhorn.io/v1beta2/SystemRestore" false -}} +# {{- set $found "longhorn.io/v1beta1/Volume" false -}} +# {{- range .Capabilities.APIVersions -}} +# {{- if hasKey $found (toString .) -}} +# {{- set $found (toString .) true -}} +# {{- end -}} +# {{- end -}} +# {{- range $_, $exists := $found -}} +# {{- if (eq $exists false) -}} +# {{- required "Required CRDs are missing. Please install the corresponding CRD chart before installing this chart." "" -}} +# {{- end -}} +# {{- end -}} +#{{- end -}} \ No newline at end of file diff --git a/packages/longhorn/longhorn-1.4/charts/templates/validate-psp-install.yaml b/packages/longhorn/longhorn-1.4/charts/templates/validate-psp-install.yaml new file mode 100755 index 000000000..0df98e365 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/templates/validate-psp-install.yaml @@ -0,0 +1,7 @@ +#{{- if gt (len (lookup "rbac.authorization.k8s.io/v1" "ClusterRole" "" "")) 0 -}} +#{{- if .Values.enablePSP }} +#{{- if not (.Capabilities.APIVersions.Has "policy/v1beta1/PodSecurityPolicy") }} +#{{- fail "The target cluster does not have the PodSecurityPolicy API resource. Please disable PSPs in this chart before proceeding." -}} +#{{- end }} +#{{- end }} +#{{- end }} \ No newline at end of file diff --git a/packages/longhorn/longhorn-1.4/charts/values.yaml b/packages/longhorn/longhorn-1.4/charts/values.yaml new file mode 100755 index 000000000..813e313d1 --- /dev/null +++ b/packages/longhorn/longhorn-1.4/charts/values.yaml @@ -0,0 +1,333 @@ +# Default values for longhorn. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +global: + cattle: + systemDefaultRegistry: "" + windowsCluster: + # Enable this to allow Longhorn to run on the Rancher deployed Windows cluster + enabled: false + # Tolerate Linux node taint + tolerations: + - key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" + # Select Linux nodes + nodeSelector: + kubernetes.io/os: "linux" + # Recognize toleration and node selector for Longhorn run-time created components + defaultSetting: + taintToleration: cattle.io/os=linux:NoSchedule + systemManagedComponentsNodeSelector: kubernetes.io/os:linux + +image: + longhorn: + engine: + repository: rancher/mirrored-longhornio-longhorn-engine + tag: v1.4.2 + manager: + repository: rancher/mirrored-longhornio-longhorn-manager + tag: v1.4.2 + ui: + repository: rancher/mirrored-longhornio-longhorn-ui + tag: v1.4.2 + instanceManager: + repository: rancher/mirrored-longhornio-longhorn-instance-manager + tag: v1.4.2 + shareManager: + repository: rancher/mirrored-longhornio-longhorn-share-manager + tag: v1.4.2 + backingImageManager: + repository: rancher/mirrored-longhornio-backing-image-manager + tag: v1.4.2 + supportBundleKit: + repository: rancher/mirrored-longhornio-support-bundle-kit + tag: v0.0.24 + csi: + attacher: + repository: rancher/mirrored-longhornio-csi-attacher + tag: v3.4.0 + provisioner: + repository: rancher/mirrored-longhornio-csi-provisioner + tag: v2.1.2 + nodeDriverRegistrar: + repository: rancher/mirrored-longhornio-csi-node-driver-registrar + tag: v2.5.0 + resizer: + repository: rancher/mirrored-longhornio-csi-resizer + tag: v1.3.0 + snapshotter: + repository: rancher/mirrored-longhornio-csi-snapshotter + tag: v5.0.1 + livenessProbe: + repository: rancher/mirrored-longhornio-livenessprobe + tag: v2.8.0 + pullPolicy: IfNotPresent + +service: + ui: + type: ClusterIP + nodePort: null + manager: + type: ClusterIP + nodePort: "" + loadBalancerIP: "" + loadBalancerSourceRanges: "" + +persistence: + defaultClass: true + defaultFsType: ext4 + defaultMkfsParams: "" + defaultClassReplicaCount: 3 + defaultDataLocality: disabled # best-effort otherwise + reclaimPolicy: Delete + migratable: false + recurringJobSelector: + enable: false + jobList: [] + backingImage: + enable: false + name: ~ + dataSourceType: ~ + dataSourceParameters: ~ + expectedChecksum: ~ + defaultNodeSelector: + enable: false # disable by default + selector: "" + removeSnapshotsDuringFilesystemTrim: ignored # "enabled" or "disabled" otherwise + +csi: + kubeletRootDir: ~ + attacherReplicaCount: ~ + provisionerReplicaCount: ~ + resizerReplicaCount: ~ + snapshotterReplicaCount: ~ + +defaultSettings: + backupTarget: ~ + backupTargetCredentialSecret: ~ + allowRecurringJobWhileVolumeDetached: ~ + createDefaultDiskLabeledNodes: ~ + defaultDataPath: ~ + defaultDataLocality: ~ + replicaSoftAntiAffinity: ~ + replicaAutoBalance: ~ + storageOverProvisioningPercentage: ~ + storageMinimalAvailablePercentage: ~ + upgradeChecker: ~ + defaultReplicaCount: ~ + defaultLonghornStaticStorageClass: ~ + backupstorePollInterval: ~ + failedBackupTTL: ~ + restoreVolumeRecurringJobs: ~ + recurringSuccessfulJobsHistoryLimit: ~ + recurringFailedJobsHistoryLimit: ~ + supportBundleFailedHistoryLimit: ~ + taintToleration: ~ + systemManagedComponentsNodeSelector: ~ + priorityClass: ~ + autoSalvage: ~ + autoDeletePodWhenVolumeDetachedUnexpectedly: ~ + disableSchedulingOnCordonedNode: ~ + replicaZoneSoftAntiAffinity: ~ + nodeDownPodDeletionPolicy: ~ + allowNodeDrainWithLastHealthyReplica: ~ + nodeDrainPolicy : ~ + mkfsExt4Parameters: ~ + disableReplicaRebuild: ~ + replicaReplenishmentWaitInterval: ~ + concurrentReplicaRebuildPerNodeLimit: ~ + concurrentVolumeBackupRestorePerNodeLimit: ~ + disableRevisionCounter: ~ + systemManagedPodsImagePullPolicy: ~ + allowVolumeCreationWithDegradedAvailability: ~ + autoCleanupSystemGeneratedSnapshot: ~ + concurrentAutomaticEngineUpgradePerNodeLimit: ~ + backingImageCleanupWaitInterval: ~ + backingImageRecoveryWaitInterval: ~ + guaranteedEngineManagerCPU: ~ + guaranteedReplicaManagerCPU: ~ + kubernetesClusterAutoscalerEnabled: ~ + orphanAutoDeletion: ~ + storageNetwork: ~ + deletingConfirmationFlag: ~ + engineReplicaTimeout: ~ + snapshotDataIntegrity: ~ + snapshotDataIntegrityImmediateCheckAfterSnapshotCreation: ~ + snapshotDataIntegrityCronjob: ~ + removeSnapshotsDuringFilesystemTrim: ~ + fastReplicaRebuildEnabled: ~ + replicaFileSyncHttpClientTimeout: ~ +privateRegistry: + createSecret: ~ + registryUrl: ~ + registryUser: ~ + registryPasswd: ~ + registrySecret: ~ + +longhornManager: + log: + ## Allowed values are `plain` or `json`. + format: plain + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Manager DaemonSet, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Manager DaemonSet, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + serviceAnnotations: {} + ## If you want to set annotations for the Longhorn Manager service, delete the `{}` in the line above + ## and uncomment this example block + # annotation-key1: "annotation-value1" + # annotation-key2: "annotation-value2" + +longhornDriver: + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn Driver Deployer Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn Driver Deployer Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornUI: + replicas: 2 + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn UI Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn UI Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornConversionWebhook: + replicas: 2 + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn conversion webhook Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn conversion webhook Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornAdmissionWebhook: + replicas: 2 + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn admission webhook Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn admission webhook Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +longhornRecoveryBackend: + replicas: 2 + priorityClass: ~ + tolerations: [] + ## If you want to set tolerations for Longhorn recovery backend Deployment, delete the `[]` in the line above + ## and uncomment this example block + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + nodeSelector: {} + ## If you want to set node selector for Longhorn recovery backend Deployment, delete the `{}` in the line above + ## and uncomment this example block + # label-key1: "label-value1" + # label-key2: "label-value2" + +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Add ingressClassName to the Ingress + ## Can replace the kubernetes.io/ingress.class annotation on v1.18+ + ingressClassName: ~ + + host: sslip.io + + ## Set this to true in order to enable TLS on the ingress record + tls: false + + ## Enable this in order to enable that the backend service will be connected at port 443 + secureBackends: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: longhorn.local-tls + + ## If ingress is enabled you can set the default ingress path + ## then you can access the UI by using the following full path {{host}}+{{path}} + path: / + + ## Ingress annotations done as key:value pairs + ## If you're using kube-lego, you will want to add: + ## kubernetes.io/tls-acme: true + ## + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: true + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using kube-lego, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: longhorn.local-tls + # key: + # certificate: + +# For Kubernetes < v1.25, if your cluster enables Pod Security Policy admission controller, +# set this to `true` to ship longhorn-psp which allow privileged Longhorn pods to start +enablePSP: false + +## Specify override namespace, specifically this is useful for using longhorn as sub-chart +## and its release namespace is not the `longhorn-system` +namespaceOverride: "" + +# Annotations to add to the Longhorn Manager DaemonSet Pods. Optional. +annotations: {} + +serviceAccount: + # Annotations to add to the service account + annotations: {} diff --git a/packages/longhorn/longhorn-1.4/generated-changes/exclude/templates/crds.yaml b/packages/longhorn/longhorn-1.4/generated-changes/exclude/templates/crds.yaml index 0f7382426..3338c6095 100644 --- a/packages/longhorn/longhorn-1.4/generated-changes/exclude/templates/crds.yaml +++ b/packages/longhorn/longhorn-1.4/generated-changes/exclude/templates/crds.yaml @@ -2153,7 +2153,7 @@ spec: jsonPath: .spec.groups name: Groups type: string - - description: Should be one of "snapshot", "snapshot-cleanup", "snapshot-delete" or "backup" + - description: Should be one of "snapshot", "snapshot-force-create", "snapshot-cleanup", "snapshot-delete", "backup" or "backup-force-create" jsonPath: .spec.task name: Task type: string @@ -2215,12 +2215,14 @@ spec: description: The retain count of the snapshot/backup. type: integer task: - description: The recurring job task. Can be "snapshot", "snapshot-cleanup", "snapshot-delete" or "backup". + description: The recurring job task. Can be "snapshot", "snapshot-force-create", "snapshot-cleanup", "snapshot-delete", "backup" or "backup-force-create". enum: - snapshot + - snapshot-force-create - snapshot-cleanup - snapshot-delete - backup + - backup-force-create type: string type: object status: @@ -3313,9 +3315,11 @@ spec: task: enum: - snapshot + - snapshot-force-create - snapshot-cleanup - snapshot-delete - backup + - backup-force-create type: string type: object type: array diff --git a/packages/longhorn/longhorn-1.4/generated-changes/patch/Chart.yaml.patch b/packages/longhorn/longhorn-1.4/generated-changes/patch/Chart.yaml.patch index e89bdff33..50cc0fa9b 100644 --- a/packages/longhorn/longhorn-1.4/generated-changes/patch/Chart.yaml.patch +++ b/packages/longhorn/longhorn-1.4/generated-changes/patch/Chart.yaml.patch @@ -12,7 +12,7 @@ + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool -+ catalog.cattle.io/upstream-version: 1.4.1 ++ catalog.cattle.io/upstream-version: 1.4.2 apiVersion: v1 - appVersion: v1.4.1 + appVersion: v1.4.2 description: Longhorn is a distributed block storage system for Kubernetes. diff --git a/packages/longhorn/longhorn-1.4/generated-changes/patch/questions.yaml.patch b/packages/longhorn/longhorn-1.4/generated-changes/patch/questions.yaml.patch index 79e0cf015..510fac472 100644 --- a/packages/longhorn/longhorn-1.4/generated-changes/patch/questions.yaml.patch +++ b/packages/longhorn/longhorn-1.4/generated-changes/patch/questions.yaml.patch @@ -54,7 +54,7 @@ description: "Specify Longhorn Backing Image Manager Image Repository" type: string label: Longhorn Backing Image Manager Image Repository -@@ -83,19 +83,19 @@ +@@ -83,7 +83,7 @@ label: Longhorn Backing Image Manager Image Tag group: "Longhorn Images Settings" - variable: image.longhorn.supportBundleKit.repository @@ -63,12 +63,7 @@ description: "Specify Longhorn Support Bundle Manager Image Repository" type: string label: Longhorn Support Bundle Kit Image Repository - group: "Longhorn Images Settings" - - variable: image.longhorn.supportBundleKit.tag -- default: v0.0.17 -+ default: v0.0.19 - description: "Specify Longhorn Support Bundle Manager Image Tag" - type: string +@@ -95,7 +95,7 @@ label: Longhorn Support Bundle Kit Image Tag group: "Longhorn Images Settings" - variable: image.csi.attacher.repository diff --git a/packages/longhorn/longhorn-1.4/generated-changes/patch/values.yaml.patch b/packages/longhorn/longhorn-1.4/generated-changes/patch/values.yaml.patch index 11aba77f5..58e5103f9 100644 --- a/packages/longhorn/longhorn-1.4/generated-changes/patch/values.yaml.patch +++ b/packages/longhorn/longhorn-1.4/generated-changes/patch/values.yaml.patch @@ -6,31 +6,31 @@ engine: - repository: longhornio/longhorn-engine + repository: rancher/mirrored-longhornio-longhorn-engine - tag: v1.4.1 + tag: v1.4.2 manager: - repository: longhornio/longhorn-manager + repository: rancher/mirrored-longhornio-longhorn-manager - tag: v1.4.1 + tag: v1.4.2 ui: - repository: longhornio/longhorn-ui + repository: rancher/mirrored-longhornio-longhorn-ui - tag: v1.4.1 + tag: v1.4.2 instanceManager: - repository: longhornio/longhorn-instance-manager + repository: rancher/mirrored-longhornio-longhorn-instance-manager - tag: v1.4.1 + tag: v1.4.2 shareManager: - repository: longhornio/longhorn-share-manager + repository: rancher/mirrored-longhornio-longhorn-share-manager - tag: v1.4.1 + tag: v1.4.2 backingImageManager: - repository: longhornio/backing-image-manager + repository: rancher/mirrored-longhornio-backing-image-manager - tag: v1.4.1 + tag: v1.4.2 supportBundleKit: - repository: longhornio/support-bundle-kit + repository: rancher/mirrored-longhornio-support-bundle-kit - tag: v0.0.19 + tag: v0.0.24 csi: attacher: - repository: longhornio/csi-attacher diff --git a/packages/longhorn/longhorn-1.4/package.yaml b/packages/longhorn/longhorn-1.4/package.yaml index 42995b62b..520d19944 100644 --- a/packages/longhorn/longhorn-1.4/package.yaml +++ b/packages/longhorn/longhorn-1.4/package.yaml @@ -1,4 +1,4 @@ url: https://github.com/longhorn/charts.git subdirectory: charts/longhorn -commit: bfe0af06880e84148d41770eaa398e56dc5ad510 -version: 102.2.0 +commit: d619e47374e19d69e6f97747078c2b275087341c +version: 102.2.1 From ccafc015c2168e33f6c34dc670538a73a2ab3643 Mon Sep 17 00:00:00 2001 From: Ray Chang Date: Mon, 15 May 2023 10:54:30 +0800 Subject: [PATCH 05/18] make charts: release longhorn v1.4.2 into Rancher 2.7 Longhorn 5864 Signed-off-by: Ray Chang --- .../longhorn-crd-102.2.1+up1.4.2.tgz | Bin 0 -> 10546 bytes assets/longhorn/longhorn-102.2.1+up1.4.2.tgz | Bin 0 -> 24113 bytes .../longhorn-crd/102.2.1+up1.4.2}/Chart.yaml | 2 +- .../longhorn-crd/102.2.1+up1.4.2}/README.md | 0 .../102.2.1+up1.4.2}/templates/_helpers.tpl | 0 .../102.2.1+up1.4.2}/templates/crds.yaml | 0 .../longhorn/102.2.1+up1.4.2}/.helmignore | 0 .../longhorn/102.2.1+up1.4.2}/Chart.yaml | 2 +- .../longhorn/102.2.1+up1.4.2}/README.md | 0 .../longhorn/102.2.1+up1.4.2}/app-readme.md | 0 .../longhorn/102.2.1+up1.4.2}/questions.yaml | 0 .../102.2.1+up1.4.2}/templates/NOTES.txt | 0 .../102.2.1+up1.4.2}/templates/_helpers.tpl | 0 .../templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/daemonset-sa.yaml | 0 .../templates/default-setting.yaml | 0 .../templates/deployment-driver.yaml | 0 .../deployment-recovery-backend.yaml | 0 .../templates/deployment-ui.yaml | 0 .../templates/deployment-webhook.yaml | 0 .../102.2.1+up1.4.2}/templates/ingress.yaml | 0 .../templates/postupgrade-job.yaml | 0 .../102.2.1+up1.4.2}/templates/psp.yaml | 0 .../templates/registry-secret.yaml | 0 .../templates/serviceaccount.yaml | 0 .../102.2.1+up1.4.2}/templates/services.yaml | 0 .../templates/storageclass.yaml | 0 .../templates/tls-secrets.yaml | 0 .../templates/uninstall-job.yaml | 0 .../102.2.1+up1.4.2}/templates/userroles.yaml | 0 .../templates/validate-install-crd.yaml | 0 .../templates/validate-psp-install.yaml | 0 .../longhorn/102.2.1+up1.4.2}/values.yaml | 0 index.yaml | 59 ++++++++++++++++++ release.yaml | 4 ++ 36 files changed, 65 insertions(+), 2 deletions(-) create mode 100644 assets/longhorn-crd/longhorn-crd-102.2.1+up1.4.2.tgz create mode 100644 assets/longhorn/longhorn-102.2.1+up1.4.2.tgz rename {packages/longhorn-crd/longhorn-1.4/charts => charts/longhorn-crd/102.2.1+up1.4.2}/Chart.yaml (92%) mode change 100755 => 100644 rename {packages/longhorn-crd/longhorn-1.4/charts => charts/longhorn-crd/102.2.1+up1.4.2}/README.md (100%) mode change 100755 => 100644 rename {packages/longhorn-crd/longhorn-1.4/charts => charts/longhorn-crd/102.2.1+up1.4.2}/templates/_helpers.tpl (100%) mode change 100755 => 100644 rename {packages/longhorn-crd/longhorn-1.4/charts => charts/longhorn-crd/102.2.1+up1.4.2}/templates/crds.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/.helmignore (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/Chart.yaml (98%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/README.md (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/app-readme.md (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/questions.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/NOTES.txt (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/_helpers.tpl (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/clusterrole.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/clusterrolebinding.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/daemonset-sa.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/default-setting.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/deployment-driver.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/deployment-recovery-backend.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/deployment-ui.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/deployment-webhook.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/ingress.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/postupgrade-job.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/psp.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/registry-secret.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/serviceaccount.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/services.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/storageclass.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/tls-secrets.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/uninstall-job.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/userroles.yaml (100%) rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/validate-install-crd.yaml (100%) rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/templates/validate-psp-install.yaml (100%) mode change 100755 => 100644 rename {packages/longhorn/longhorn-1.4/charts => charts/longhorn/102.2.1+up1.4.2}/values.yaml (100%) mode change 100755 => 100644 diff --git a/assets/longhorn-crd/longhorn-crd-102.2.1+up1.4.2.tgz b/assets/longhorn-crd/longhorn-crd-102.2.1+up1.4.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..6b34f85baa0f715d926dac568ebc8fc9598e991d GIT binary patch literal 10546 zcmV-2Db3a&iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1bKEwTZ$A64KxyxkliBH(6g!!_s!HuTl6_aZw#U`7oe!B* z22G;75wQUd07_Oe`QLBhK@ubZl3;hsvIBlmi^SvLbsoQS0A!S`Hn~29K7DfXW2!I3%n9=n-fkI?xj_GlNn7}KH(lfvyNj8W%lWlOC zB60?f1S`;yGYNrP#B-RSGf>Sse#ZscI+HV$A;{58X0vi6EPVuX{2nomDLDf-r;lKs zTmR0V&cA+?BAzgu3-#`jZ~?Q71F=Eid~w0Sin6N2`6EXS;x0#L0Oomy6V*G9Zps=? zPrjaiJwN^TBG*-Y>=E4UX{>*Nws{5x;>SO4P?jUc=OW*o7YwZbCx1QtwzdAhJ^l9U zxc=|s`R%vkKZ6^*Jp&vGu)-OVQ~$fI?3QGM&cL6KfB*fFO!esbha8erEh4#M09~oy zi4q!*Ou89J(Fzj;j;i$~6CZ(D{TUXS0CO#DUdxi^?_pLTu2TN(1~GY9D?e^fPR-;M92GH1>(5i4-?CqDZVKLYcGW}Z5yE;gt?-4t&jfosGr z-&iDDoRfp#c-#~#DXpOmGcXMWbyki;ovhMgZ z)$v1lIAVi|-ayW8Q}8da{Prm#$ye1cV6|A!`WZO>^P{S>Gq^+<2WvzSlWbf~NiHBs zAxpu3qihRw5;-mH71_Mfs zC-d*W&+0cuc!PfdhVl$12ps+U5jgr;4PKW3Jqy#>@=h09&h;zAZg7I!nXuFWNP?PK z3@wiImAJ3Td{(I$pnv8mo#tn=hJP+cwVtqeRZW3)Mwc)vwH}@GLT4IeCFm zI6 z|Gs(p?Mc-C?&GmdDVSsQK_DXkimt@E@(A6_anKcLh0tAy35doe`Rv?L}Cb>~y&cKm0QMDwKss|=(yp=))3aH!1 z=T*^|K9aheY|om}BCkzF`AHXJTC02NdtKtCEb#&gc%@3zlwdCYw)K}^+bnTvK4P*iGRS;IJOY3xR9d+eYe^pgU`9lhI0G$#AMfw2&Bnu3CBZ8>N31}hmVzZlYhqD@&JV8!Sb@VdtU z_=QvQ28zuYn9E`dJ~y>o$x2KjJ(l(xZNhWGFj@P^mEB<~Q|TQw<|vu#6mRPUrndI$ zF;x%xrel7+I~}r=ckf!1Tr^)gsIiJE zxyQV-@*8D7TQ?h*mIJLn-<&RyfTw!qCmXbdXC^t#5qb9J^8J&m#%s{*5%+2Yn1kC5 zVhFq}l>{y*L%h{#_B5i)Ur-|ERW&)IIbs5ri&Q@r+qK@dh)*iZTQ+SAx`}g!tn|=XEBUeiT#g>1D}} zC%Zwjf?N}NOJ*8+IRk#mu)LOrY3dF}%Aijr7n_}x+waShQ7r1X|#6sC?(Meg~4KID{%nOv;18>#G}kRFoC zT0ocjmWD$q99_Uj6$g_9xzt!KIu>7_n;=VBXt<~&rIfAT-GX;?RzkWt?C%!IVBt~GbH)mehpwZ1vwO(HW>x4*`lj*`G2Q! z>*c2g-@mGxKF0Jedn%gU(d>?9cPnwk?W2f|BK9*9vHJnIqlk?nHj3Dfk8GQDxD%}1 zlu~^QQ$9Ltqw!Rx0Vh#y^p+Y2+Yr3K6Ov@!spw{xYVSGwlP z5tqV2N)acI9}AE`sUfTY)B!7)S8D{NN{`#n+v)4g?Z_LIxkvi#;*Pm5x7idISaj_~ z*N$4GZl8`e$7-E{3kC&R-<^RU&~iiRwR(H2f0sk3&4+VJR(M@cE3UT)+ViZv`M;`c zc59Vhr!^-S*n80&d&1^r+x3$xOaA!g^w<=7T-ReKqfDHE|9JZJN!f}j)dJmMbo<`& z1ObH;*k*nG|LG)Gm>w*r53JYu)#vrnpPWvw!+5)zTwk_#UjW#H_IixPVj>0;F_?(K zv=T=*#}3;Q9PCy5H+J26P{u>Ad{O3dI6ch$9s>LUCIG=?qwpnfCj>_OKWNxL%9to) zqKxV3=0oB9y8!%+8V(Sv{t>(Ys$K6EFS}(9z(#T;WpBwDQ|(bQW?U-yx$H)UG9}yG zQPK`fs1Mmtc@7?>`-um>@52$Ys|Q3^cId@&(Zb<(a%1$vv;L*9(1$FgV0mYN)EdK= zi{Kv@m|wrZnd#G4Fn2-w)1gSaBNQIFQ!n^;HrQ2Yr$ycF_S8Z1&@~s-zp9FR>)b~1 zhjWuY3OByV(0ak4b?4p7)0A zW8YNt9ekR;gCgH`CrF_U>L&1AJNS0-HV)P8!-@#{xh_uBC&&`kljgO*K-i z0)9uN2GQGKC4W`AR$E_oKXmHfp9iAI`*EQnkAP4Fgd!l+P8^*MQPf3Ich913H%CYm zby3tsQFlMSk0PJo^(gX2p?(C*SfqymQ#$OD6-1R{94cEXkhjGp>?0@n%#s52GYXvAvtOaer+E}c z&p@5HlF=apYDA6p#efwim~V^(4H{>}7-b_WR_RK3R*F9Y1iUW!;>aoOq~O6W!|8aa zt*VUZTcrZ&<+FjJigYP*a0_{<8{J~F=d`hufPid`#C@))3Z%ccF>A~{t|wmtvrNvu z>gEPS)|enbi30KDC&~aOQp%|RN}OZ{LlBo$JZrFpl%bgG3qWywZOe!UJ@LHJIb#qDC~H}k?O zXj@q!wKdGVN!1=+32^(ue5PF0B9%|6uTpnCI{FJZx+JB4S^jrUw|RyHO65P#;^uMdNYJTFM21TW#4BTwzDZg@ON;*cnlEDa2|Y zRFV~3AO;9RsbUwEN4N4t4LG4bl7IOlIK_5zGn*wa(b*if3M!F5(B+j90I<u6--K}ACS)O@{gf?GLRrcUDUeGUNWksp&aDg;q@t@!5Ef`VdE?U?Mwh5>yHkVg zmz9_IR^8*cl&X<-1L}6Wwx5A9o1P>sS8e-N)3a-dg+(}H9V!Bg{9l>Et9Q!Ayc zK6cRf_AW;yg)&o@zG)=vzBLar2Jc$mb`SKhf&d;~pvV0OI2g7a6z32F4Mk|85$+@TR$G9EZXA@zsNR1~es~j%UF1`c%(AP{-T%>-g`zX%N{x zl(#$Wh<}?ZG~@YwZRiqR{M&kc%}RtKCjNuTvbu+TFcv7g?W16kWlj8 zwnUnySvw;!F*=fQSpP9ML;7|?TH7F-UHFM_g*5XZa7X0GErHEC;*O&~rawY2q@G)e zN-V~BM_(8urbJZYexw8LM|!RX$8~3s^`+zDv4>QTiNnK#+BX(ix%Thixv~{_!@KQM z+YfQ}(#w{t@YT2bCE>4&?NVRGSFtjERrdJiGPF9Ens0-KMe}8MQ@RWLlI%q(0YTlZ zvR$;h{QK5hO+j_@#sj=6%32qG{LJo=2%kmxEW&5)#L@E;Wm=SJ59Dg9DAS@$i!$xr zT|(Bf3-ky%xKrOc1m#svUC?HW$xB4mk{O+j2WR9E;tm8qa}YGuabx#Qu-|4v_f)LB z+eLj2kPJV2bNLDrCz}HU=X~kh)3Ww#^N71K;%*FAg18$a?#5{4b?wHe5#?Q2n_bAH z5~PrQp*&7gX{bw>lzolGIo)ot!_n3=E`%=7>I#!2Opp+oq6?H~^lppDK5nOS?+(20 z>#0fuEv)A~2PXENfY(33(Y^G!yO(y^=%Q6kT~o{b;qiR*I6d^2me1ob`&p8LF=bbE zVInVLVe(w1Y4y`s=Br{Z(mg_oS(=?jW)?13@bLx|PG-4BvyTv9hsx zkHi8g5fj)7Q^W-n@Jg|)!2CB@3K@mhA$Fl>VqoucnBBlNnmBd^*~0u4WY<>&=I0xT z$pUTZ4N9Mr3A7aXn!yyMi;q9NeYb%0p_)DSdW^Z^e~Ji5YN-@l0fS?#=(SBl>MGUiO<#mQxSTI>w z%$d%3Uux|R%+nyT`_y0SQiE;l5{C)O@>pFs32X*NZLvJ|Zym02iG>gr9#vNf8VPm$1SCmqW6_S;~;tUK?A_aAV46 zpfBx$Jfi{XqqincHs6_6`kB(|p33&s=$#gN4kg!`oSkV`#B?6vJ~U@!?FC0{)R6lr zIMf0!*J!xa!3AXDJVA#ZUA_sbYM-v97&`u$gpQZSz4^9F47n@BstzV^eeFb*w+Yd+ z!x3JNxB62RU*5`jm_YM}Yp)%nX6Eey1MzGuuM;8nWf_IVO8x#T2Sqtb=CYUu9dGLw z;qibSLNEucAOw^39wP)FT-0}KCi{cqx}l6QOfH7W#W1;M;ur`XCD3>>J|hVtr}k`+0+%b9A${}`Qs4a zz;kR)PmT!@$nFpaU-Y#jrc!?};%9u#Q=>uKlOQ-O)FZ<6(-Xs=@4Jdwoo! z3(7DTes{&_VsgsFbJw1a`msWEo_sx6U!Py9tnf-eSLnr|sw_1E@7i-#>|@ z2gVLjU*OxwLIzgIfm{NCK~Lc^JQ0EaOb~dfE5%Cz9@?b<6(Uf3FyyO_+d_?=?tX`_ zLN}szRS;e3p8XS-I-DDU+YJ&Mq=TguP@=4EnBMu}p=z1__;?{xKK|*)$NJmjpBj+H z!YXG7sBschaKy^Zo#`>sKF3mDSJr)6WYU@~!@Wrj%CsRIm}T_#s>;&DUYy^$uFN5t zD@8qlq$CfO^m0H+ACcYOH5AEKd;8c*bMI)>bbrWeGt=A)N}Xs$CP=~Jup$`MVS|6-at3+)8`@= zT%e=HVpn|&Pc6PC9}SDfOfkPcAjmvO+c1UtK{q%N%4GJQOft48Ww-a{?%i^$w1ovS zdW5H(F>vHC6e-}^3vGLMua9g<-_}+z1TFS_)XpvASUP|6&J0+X-(jLHPO>0 z<<6qrsCEyRcc6NQ$Tv7sJ${M>1-tnIxKKQ4VTho3(n9-*CoRO27Fu~-;z;T!hu&4$ z$G-G4AaKVxqen6{{p^RW>1UL?GK9tTlDJn!7u0|OrstsgK&&r_>V7upAo{S(Fo^bk z#^|8^aO^RN?jhg&z8GczQG?MiLAx-0dc9_+@7}rm^&^QbF}Ct#Mqfc;n^4C^aEyuH z*w0>7W9dD+fmoMzP*cy;_6mN$TUXTJ0qVLchw+fL9VkMDp>^1GLG?b@^9@S8>O{X3 zSJE3XOjDewV%(?f0ITm(D9}twMZd!4UuqqaJ(F;RCF$(NUnvQ(lVjA*XA-qTS-yc} zm+i8DQzht{su&afvJ+)uYSSa{h%=%3OBH8A%d!u!6V{g9v~EM!aiu@L-Rp)QUFJTo zpxBQ;=x-HWZjX?mJGz3RD=4~x`laEZD@d=kKxdF%fJj|%4@cs$zFjPC9(8#EC;_({ zoNP+F#>g-oqQG-XIF=T&plV@}1ZU+`(d^-T(Y1m4f`%&wJA%e8+cuq18Hz^+!aoWk zB8Loakw9z*WT{vA>a?V;(b=By+S^n|fSG{7u7D|XF!}_B2#P*|_7i;q(I?Q#>w>c4 zo|8|-dL1@L8A=K!$Lklm+{Gwel;!*nUA9b9`%}k2ZPf2IQ`s*qJJrs%e{1y$39j3X z$-1&!R1bk4Hi!U@gnWCHq7^JMaikN2TbyN*iNG|KVoqn%7t!bukwzW?gaRc?WQpcI z`hb;DWKw%9R8>ne3iAKiuZGOxD{Z7Lk&a8x2*N1oaRKza!#c-39h5f3F(7O7ClJcrZ*?Otu7X&Qt0D{Rz_u4OJQ8~Jz%$(dcd!+N;Mav$; zW7|_LM+sit8IxZ!BToYwA9Wos?N`0H%k;e`HdFGWFU@%wL6``_L=dKxIPO7-`b4cy zR64|8>ff^!WeJ+;6L=dRk_n8elv!tk|L^b8pP*bM6hoYJi)s(2F zd<0*Sz3>7(Mvc|jsG%3FFZtjImyDHK)ef)A8Bz)gBPVROxB)D zO?rULCFG;7LaA>;nS+J8BwMb=@2zS>YL&xrff-5!Wp}SbPe_uv-#8D>@{k-^9XxF^#FvQ(-v&sGYya=38%G9#FY&0S!X8C_33 zpey`}9i~yW1rqG;oEEMdJ^CPghHkKwlPW7>7v^}=FtW{E=o1@VU12P>za6hI1}4}d zcy8%zSI(=f`}g}F0A|;GeFDNB!rJ2|q#=UhCZzTgHzCDMNUgjscfD=U265rZ_k!(s zFs1_#2&z8tVxWw!Um%feLdgu@+-0s=2~r7+G=Kg9B}H&gask057b@QOal>t04`fP^B`jb+^5@ z-h2vvH!~W3Y|yklVuKMIjM(6SoCCUxT`60|${xYY7RWPTGm{78GyAkS;dC!akomBa2_eg|{r#35VSVZv6L$T6i(=b0DXeUVu`3!7v8t|h zCw(^#f$ur+q*1F11-X@yX6e7x%>Wz?8v5f<9-f_J&6XY!-{_hs=%b*If*yF~uo0^< z)G#vo2V}-YMjsh{Wc2qR_hv7=z~DC*d+b|@^1*>#%&B1?jb;VMeoSduIopE#iBo)# zJkXyTeS4pabzYv0vx{YJ@5Q#Pa`U=tk(YJ)t#JbLwmn`~atI%vJ{HR8OPE*HfhCfy zmpt8}D&;7dH_i?+c(?s(P+2R-S|3Lxd4^i^GfdR=D>W&%QnTZ3MeD;yv`L_Fds$+XT1YkI~OzA_|yQ zMA{wfw+h--_t*LG6mn|@$p-7hRg_u97r?VOmr(x(Qn8aKtRx~{}7kHP_&P5(h#>#5$xodeixjUOapxO zF!C&2bJ}hfPvG#L%PTly%CrdU{)irYF6cp#=ah+MLDCHE1R>~xzE=gcaRmEY7ffi7 z;6)Ucb;%Z{VCTILC%>)_Si~I0`GYwx5O}wE>A@`2_xiIr%Rs&yS;;f7WEidNmt`Zd zRZQnVi8^_s>Wj|%Pr{tFCuWa>sWIwpwinIYXx>KiHq^YeS6-lpsVi#wmtwo}ers(c zV;t-)`IKCGph_3Rub)x6wX^!s_i*M6tq_wvZlCCBUBqcF>I^u+(`RsY1&CeH1go<# zk%E1CQ|40K)jdQ|+|}KF;;!yL(yng*w(S+pko(B;zC&4XhW2gvdqOU{=1)`itpdoQcsjL)@{7da<1t!tn_ydJPU5eXHdCq>erbL;5gm1L~y5>I2hcq)?FyJ(-vVvlnmknHZ9@sfRCJr z4n%Yyq658@Ms#5BXTFvC-WVI&uTOT{RKf^SP|Ylrb5wiRSe(=C7LTF|N?u#B*V3|I zV*wIXMwhnf@VBjjj-YK9EqF?oPH$L=rHqAeRHrwPo1n|@#v>^PDya|UcLFNio5E}{ z8$_B1G8tpb1=Vxo()N2gyKSoOZ(2vt=d%KROqkg2sE^sh;Dmk5HxKSplHdn^+E=DE z@*NcUF?H-4eR+6+DE2rFLKS7NM64oW6%niGm5d{?igE|o6tKePy!}g2kz=Vk!HSEz zhXWIXT&M}5>fS?K20sk&Qg-Y_+1~v>Y%m`L$ z!niO)qf#`*%DctOLt5PpB|csP{;^HnLm9MsE1}zxEzkQh+~tKi?W;VsOIrxFjlubyBd9gnb4pftT~9_?4Ne-fQCfdfNJ~bp*P+PoJ6sE`~{=Sf(wE;A6aFcp;7Om z{d!dJN3ua_k)hO5&c;zuGoc?JSEW4u>BqRTTY!}GE`0EK|bMj6Sjvs@ZCy}k~;ZTG>Qa{9jN0XGMZOw)f+6(Q7Tx+2S~<$Pe9L z2}shV_abWdku5Mu5a+LG>cF-Tah*9d1MHSM-+l}r5++WfJX3nd=eLa<$Yp)%j zmWYcPTCFJSBDOO{Ln3CGtTB|#E47+~`qa?*f>9z+o3(&}DU@P@E+!3Uum~@{-B<9GAT(C@B%D7ySZBjRBMO|Ip?5xr5h)x{f=W0YrS0$~)is zTj&{dA7#soCf6ytaS_cEjvem}mOPTA407>IX<{h-KI~@wEnYLI4v-6*A37hV3tJSKfcrU^fUI%y+Cq2PESx8NmDzMAp!BgSoDpg zfc)B*+s#<@GxHzW*-kK9QI?>Yj*uTtok+IV3UqNMOi_k<3S4&MWxAio&~}*92AF1Y z&k8}mhZ!U;RVZBM_Goe$f_Gh_teTf9ZI2)xF=AX}Kfg6#T=!2EmzG4USdc`qFi z7D_N8h|O54!O?3$#;QI@e%~jBCK)A$@@}#H0-Sr#gzoKRlUZpr?>z@2k14<%T{4)n zheyW1z#)QSU|{=+fq^kFu$9-jCsR8>!qJq5=Oid6`jA7SBZgeD++aWvDnX8EY82*^ zu+`c{I!z=gX8ZnpfmW`)oC6(J6+qMJ1=NvY&fJYDoFakP783;U3cPuLeq6;x$%(ze zTu^ogCT=-@NwPbAwrZ128IcGP&Yg%C0jCQ||--{k=%j;~z{BBRjFz${&*M zDh*Bj%^lU~s+_(?2b5HH;$Fxq3wztcnMW2jj6d}AS1Yh9~A}J>831Whwt+baH+Upohtby$>2^Ki?dVnhTGznFQeFRag?q_^H z<-$dk^D6N8y+7oEeP6`q5KkSP&eG$>^Jf>Yp3k@Ge(N|nIXU_E=~MOhB-k$fRp`_;eHA(Ap7EE=epXB`$V391NIDf^b9N@Nj8Xq zWCNMdaax#g0kcdSM(2wQuJ3JJ-qjlb;_{47eBu+IPwe^s0RRC1|EqWVB>)Nn0Qm`j Ag#Z8m literal 0 HcmV?d00001 diff --git a/assets/longhorn/longhorn-102.2.1+up1.4.2.tgz b/assets/longhorn/longhorn-102.2.1+up1.4.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..cb354fdfa8292d160b04fa16262138c98bb34bdf GIT binary patch literal 24113 zcmV*4Ky|+#iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PMZ{b{jX6I6VI@p8`u~j%|&ay4ucaH*-EkQetf!nMac2vzz2+ zgWVtrs|oY~Xi1Ed-?Mzr@;%viP`EVu!X`!1vNNMTIWg6ZOQBFGR28ZUDQBZG7i{Zj zjD_k=@g)7rx}WXs?d|9L`|$7f_ICB(-Dl5s{<5>bzqh@&^J4G${$I9t_O^Fl`~_{V z9g>D8mkNu&Y_Hr`b#Q-@2Q$VMR+KY&&_O813a5P3i?LEE=~2FgbHyXdq{3->fE>9* zu}Hp|U=@!WE5$@8I;12yKmxOPOhjX`gvu<%(}>{-IY6&$+l@u9@&SpiiI9}D1N8Xs z-=Lk|?oMwz+J4+vUNVl32{7ZJ1Hhj2xgi&7~qDQkQ9`8>bdW2Oph3#xDV}J}tqImx&=dB7#7Y*;>ejYmo^s*eMfzO??|K;ZDf{yzbI zbr34Ajj&*+LL8FkA|}x4LI_^0SVY)}GO}oC;1nz-(F8L*B4W{ca*V~DE8VepP8Thy zh*WY;;Q@}XC>up|f=319#p>GL?d|q<{+4HE6@6|-KjZPkxyETu&=t``2qlfK z{e}$64^S5*kK#2M4oR#IQ1^^q#AA}=DJeekO!vXX0qUOoBgbjigLgqv5~~0>X+P=T z<|FrbL+Gm5maPC(hT{=BCovx}`Wp#GhA>Oa$fa!&D8}Pk}*F=Nn?m!Y)wXd=`(cF>Uz)v*|EZJYP3@~F{d6sdZzRg*Zk{_tLYhSj0 zG=K)8E2>HzZTGf&yZf4>N=pM+DXd$&Ye%u9k*izkVz0N~+lDuw5NSDQxz>Z~r4Dv` zI~G}*!yF5GO@!SC@KPP=W}*bziG*vY(&aNdCP5_qZMpH-s+Eb~vkgmzGdbo;E!TKZ zz0|?8-ga*X-lX)JFd}7N@WI`=maUxW$`#an4I{|%H0|@0#?u3IIy~d5FNh>ebvlv= zt^4RM9pf?DsNJMb`+hR}T&M%Y@>FZ5B_7yb!*2d5$H})i)$Bu@_8VVcfckTe*@#Fe z(8;tcE)`)0M7!}ErC7=Xq(n}Nm*2@t0E67B{o?J9S3}vy0#BsvF>K48=nL6|^~(11u4k>QXFg}53MaYI465L$ww6Nlqtk`krgPv}Ts zrE3?Gh#+w;1ZAWD=7aK{ZiJRlX8FJeuc%Z9=;vQMWp+2KhS4bhFZ@oh!Um@XHPyF( z7^1WuYrm1(jKqp0M`IFS$$VnoTdbVbgpgAA=#j$|8cbasvwZw64pSh=gkO^jyC~#w zu95K_O^Fc%E(M(&AUa~2&e0>(wX$3nae=ySGP(i&JCYJn98eHSYsg3GbKxNrzyIR)wuSuAagTp7}5nFszave;c!S< z_2Xf#xLvUpCC0q+`kIKo!zpE>J`pitO4Djs>_^Jz1gD4Bn5KFrtHttcByd820*NTW zTb~X4!O5-{3M(34n2s!$C~&R;Abp;ur%VxXjZ^b+h-pfaZ_Tt^zVh?0OBBKBslxP2adcK*nkadloi@8 zp~)^2UGrkf;+INgM=2#t1q00ly~c`oTae$i!X3{F_R}{at-O$q?%kU{mhvVkzbl&R zII%d;22*ZL6ptREL%l9Y;w)uY5cEDvF=g+yaPj_wlzXc#>(^3l239dgLuvS7h3S7tN-pM}Zj&{&g>B7_myWDD?4a<`%6Zns!HMsGj(L}YJTN5{s3>wf5g{>#w+qA2*B3&B&vo701W z*~@5c_V?jp_GakvQ&vg)f3w4wDI$ z_f9L=_4=<&DvKlGi=Y&zO<-#Vz)4``S7rw0_ALjU?Jv|86Rww)1YQA@k1|Y!3|IAI zL2TFHKAVyeH#h~GR3~*0$~GxN~J=4h%zoE4VP5_ z=_bm+nH5Q5Ie;L;Mkmmsf458`HlplyYmoAR^X*J{EVqK@dy^!9?R2Q8yGBUCI&%xK zJXk}V(ZEw@S6A#BOkroO#A!O!Brb{Sgle&2HC3OQ(o#P_FqEcp6-1k*B8YMfte8yW zh^!|RJgWE&LjlPbn9gP35S1iAd0|0KH?|Ku^JEHqIb1+;%=0usQemMNn;N4?Ki{5w ze|m%K8K|h@Q4}1xxifIOFJApkS&rCPC zSg|mR!(6B_5h%~*61TG6YB^(sBqZ6?Bc+yC7}Fsj!?F;~BlLQpLtThU#JIAP>j?_p z<5cp3$Q5^OX`GqU>^hElt|U!}ULF9}n4}XFkFhY#qrP7i==|jH_{WppBmsyfnx#=@ zjEH7O(n3Mm-8bN1X4ltz!2S%tIOud9Ay~168#ekcz0>SI+tlL*LbC2}mhVZ_=Lx#d zD}t&ivgaX%h!}IG1W!{UHg)4N*nr+^3VsiQ#F%D<>wP9ObTg*$*!t&Xf?m^oOA4;S^~ZL}=W4H~&o};hSBfo(?1#<|$y+&`RnhUWsHr zh|GLgse~%MFPdrbEjzLRv8EDB@V?`Vy|y43*MmnWFaY{h$eYc3-j1p9E_>)T_}b&N z*TEGlqVu>ojAJ;)g!!J`liQiGDPCb&y1~N#*L!DfoxQ$1x#+1|wJsmiIq^T+d(U<& z{=fUrcAr1^|K7(F#&a-!gKVS^Nu0cBS;N0~I+kDEV5;=?Pj1kJvRql8VQ{DjZ4d4= z8OdBPdx?%NPOamu7X0NVGUspz&h6wTtiV(2Bk0zKb0(&YDvDG38%cVd&QDZQg*4+z zc%19jtZ%CFQbib~0}{iR>VW^5pN94SZcNgQ2-#EFdO`u_tpB|iJI^cY|JnY-`oEv& z0%wI+Rzs4?PTt1|-H>c$R!ZLWv0mJftK| z%(-t$Csb>=u+dV9o(!gdjN`KlT~i$(m zf0bR-J2z5{scD+M6F!?EwtkzZ{QzV)3JvxX%HlLnng`i?T7yw~SWze=Zf9sI|$ z?d@*R=<+}t3BQXfU4Hzfi*q%WzjP1K$6vaCbwBh={nNbq!R*En7ldwh6aBR9hPzH!?6!7q;z+=GU}HY@v6)P$NESTA?pAzeH)4N|b8U(Y9H; z`~Ke`|5=G&@RY149CVKS_iXoBRsMUvx3~Ww|J}zEhX0EJj(d6|K1}1Br=&9>3MW|M10SXCts|OtI`)i4Y91P)x@h3GnI8HbG0GCc6x!FTSLCS) zW5*f&Uhq5vLn!=7ZWUn?%)SOR<8AFC-*u@tmx@o^OIWuQ3?3bXu8A1fV%?2ysR#6P zxBF|UHS}{g0V@lLDILJ1>gm4bo-JJ1ZODe2#s0m@3(1hT()2-r9 zp2)3~kMwVAs5L)fi!(5>B;(YA6>~PEqY2K!V%F>rEwK-I8tu3M(?qQ}=gZ5SR<*0IPUh@8AO;7#tWc)%opYV9;!w?Sx8^ zgZXWcCnF1^o(yXYg{riQm4-f~_iDF<+R&XnqlV*wYLhoG)|sfbzQi-zw%=XTo2Y9D z&;+zh95vTo2BaBF>d7&d)I`xOFmUS_+?xlYT|c&X4N~`^;g!w)(elL&V;-=9m1rh_ zK`#MzjB9rIGx+Fy5yIcWXK6!xx|=?V**vx>h$ao1Hh(v94fqj!a8j;S)EeLU;?>R} zW;U!@dJ*(u{p|}dOD|@&AC?NcX?j1SH@)518EW~|3PGMJh@SEd_!pHv^DH2M(u-Qb z@aN3VeJqdTSEUz0nXMMY#Ai#U_hl8wSqRrso~9{ zi!bI}B$S1MMtu>2^gF+;2~mQ^ayGBE8@X9IciGaYiyLkQ6KB-#&860%*-d2mdA)si zsJ2iqlU!lVIjoPC+4OVktOR@tr!;9PGIQXteG;q)?00VOF%CU-sAmd_b&$0rXsDg1 zWI$PB7$52eTE>jm4YU5arR9IVr(OTEGqa)^I7k26+1uNz=zlMsKYPgkcQ4QK`ro&P zHrmucO+G8AfjlMWWT@M9+@}S`4nlPmwOKKh`2e!RX%*AdxhNg0*Q;6H9^p~}n_nz#tVxQRkDQx||*4i$JpD08x?ocqN?Km zgD2^%u7d+ZNT*`4gdnpQRY$x?M{3?WPs1BbRgqE4YbuddEj$P&iCXzYuzX^qr|08G zKRT$;tDY+Nii}0*k3SCPmsfZcA~@!g3D$)B^J6)Fyonx1vHt(fn5G2%jJ|pj=ORVX z1nrdLxjX+k?1TGA1 zwO$k0rF4F4ggMMLxG=z_N=?uMQ9G7e{}!ViWl5 zhj%rmSwU`1ovbmnSw-~FWyl8o{$cXv{l~NI?SP@0outYk1;GieWen7hin9wIUy%}5 zHoaEbHn#8|;eauO$Ml$x>!5*&E@cvkZH>89u=CdHWP-Z@P9eYvEqf*s0C3xN2|4&fm*;5;W-gIeUG40;5|` zR~du~avM`plB*W<;?^OzfX@dP`8>eSS;TJ#N2VZGz{+)LLUfFlsN# z!E18fX1WAVQ_4nf;FFud3BG;9uuDmLfVw-|+kfrWZ2sP|W)0u> zY*(``_IJ0d&7IDA$}>}~WU!h)#|_Q+ncgn|u~X{oSSEdRz~yZ-g#bRyEK`>R%r`~; zP?K*EgqO0>a286v^c^)w))gVyc$FBbJS_vu^drvNP8=&_vJ78YlIb~snh5m( z{T|sRpjR2=3O&(-I+dtP8TiK((Fc{3+r2Qm_EYr7ALj2!*#z9d0&J^k%m~5GvnnXn zMBg>gqS%*+tctKGu+_HL0{kL5$n_wgT;%=Wq7Qr!fxSL5x?Pm`gyk*6S){kM468L^ zx*m@y;8#XMA-gwV9#jgFm~QHA)+` zD=rE_13pC=Pt%C{ton0Bj9P-s)|DS-e=rENVogcn zX`lbu?XC&zxi^s*_#ME~mjl?Nu_+m)=FW!Jk<9ICy+dlgGo?HnOE}98rMZjsY=7;y zy1?dFKBKi`S$r6Cx@Z`NGm$>I+gK`>&pdsKp4`RI`P2ab?L;cL#pdHj^p&l2TX3N&6@iTqs&VW1Ty=;DMQ`=?4l(Dnl?@mt+^1~tZB_ILQ?bA@rp>iZ(St$A2;E+DOp&F-|;D(7rqOO0?&$Ln1!rHfO`%f);$ zcJVn@`{w4>V;h=tjVl<3%F0^C6KMkyvOG-};g|DzS>JB8*j=;5rez5$wiV3ImDnoo z42aG>8n{E>Ym;8vugUd7Yix?yH1mO&3s}0b-oqW;BVA$!BXx# zY$@(Azx%bFlC)e#>`qIH&>uI8i*HkNx>)-#nyyQ(kHg*iwB$gVI$6s|W?$*7$54EA zMCPJ`;w*0kes;TS2D^6CbOmlF9o!x8TFYyJeEt>KdH_YK$mf9Y+yDTlWT#u>H2gHtK|l6aVdA-cnh3OO|55=o9&Fdu`%IEe-e|YZmX^j7HDVZaa^mo+=kU9CE_I97`SK~kS z_a5^9-OJOG|H+d?KwDB?YJouN7(1Z$@x#G zM9j%|lOEuoXl7^VdI}UYx!@TRW0wz&Z<0b%<9(m2q&;{MY7N z!E;d7RG}4hz)+6QPk%Z&e|LWJ{prQ!`Qf^eIA;{IkU4uSt07eoNq?J1d#+F`^3G2# zPXBl9G}i#%EEJWYTn#PGAf)D@CM?*Bo{O`?{>97JmzQft(F|B;p{Wk>YN$%-HSx*T z+L2W*+KR4Mr$3#Xom^aKcJ}SbnlUyLjK&$MPcc}TRjYNE9! zL@qMDpCip0YD)<&a&{=+NFol<_QQo9pWtaf|M8Ar*6y|3Nzk18pPuh*Z2aV1D`M${mnIQPVFEseXvE@|MM4wM>TzQ+@#hTh9Z zNoFazT?kaXnoU zQL_WXaO?ZFdjR_V*;y!iq{pStI z_W_t1B+I7YFZTdfo8$DDq*&{CoF(!A?S)I22+9-x>6!oZIRCZ9l8t|M~18|M&eopHKhKXAIBiw)@=B0b(P{Zlf5-+`dBKOUYPet&Xa zzErJnzi9Iy?Y6c1=JZ|v^?Bp5bXP;|D%Y+-Ba=)`kEu97AB*WVjn`*!k>cTmwU#f> z&7V*0esj8-rd_MQigNwt^g*9qNuRDDuvL+&lwH5p{O0sQQC?Y5t|D>Xl&+`_M^RL{ zv8!@h&Zm=$QNzX6?$Rf{=T9?&y62e1Vr4i0hJM^D-SeifAM z+Pt{s`m;c*^wJ9CT|k)A)dkN*OwKVI5m^T}{Awt-vX&NUwMNjTVYS_>29#dAQq2or znHA9BkMK4%Ut-2pYB{~zEou$r%QP3(XL*`dSI_5G;#YXu?LRkUFy{PfMI+Fh_}~2( zRsWBj7tdZi_KbVvJ zvkr683>+8FTFpx>y*+q?w0ncJpzc%qgY56`)r?CaIAi~HS$~kQhtKWP@#i!6)Y<+@ z_Mdsptzr(UxBXxpTE#llj?Y%hLVMNq+m7n}J(!YKH6_i#=^f|){{1ehm&@O;?2eNO zmF=SYtRm}{+z(wpYZ2U=puR`By{Y>LvE4uG5ZjwkTs(_Q?ak?#nv*kq`QrOpb2LR) zV5F1b!Dk%>2U>dFy589`_l^9vRO+UCR6G_?(`HlG7c$LXtd=$#bDu*=3!wSu($OCL z?wdfHDNL-S4$f(96>YHA^n)_EiZa-W&Q@KZwdVR&!CH3@n&7IMU^`0hHu--(|NDmX zKgvd0K3|9Dw|VCHfA4MY?N!eIp6&1LKAivE$5UApZtepnVM|CdxhCR>PckeB>i+$k zo!-uWMB81|JHnZ{C5aN*`yn3?Yn14HPnG=%H=~B;3VVYEWuxBJ*PvWo?{xg3`y!hsTW&{LqVgr4=DB`}B6;)H#xthw^ zPCw>Pf!T1jnk=NtTicVP>W;G7{4vjVt}v5_37H=8}Fek8vyn zXt^K1IaW21+1_j61NvCaJjC+JKr63bZ`Z&NU4SYOoGs9!E!qzqnHumoW5uh~E;N+} zG-pXDnn!vPRG^u}u2NYjNflWB{9a8D&!SI*{Fia5+;w~(_+WK8aE|=9zrXXm>i@O< z;vxR;UY=0Q8ekQVi$kRU=7W+LRg+Y@W0FpKa=fK=pY8$DgySx9tQROQVozy2?H(X_ zDf2icBq7P>fDE}H5xjMGKh=e|N+0)q*#wRiy(Y&5Cn;sb=hgTRFnj7J_hR}!9av)cQ7}jp08S7?I{Fc3@K?fb*bNrR zVgIxf#`wb@#*zd-Gr>QQSdqk=qqHnqb4C;c9QSap#$3?fU@`(LzagD-o{~A#5(!;q z1*7{Nl|yUXjS$Xgfyl^`J`j?Gz(@Z+aT*2`p+ssd6EUy_a!G<(T6DA@N^4?Ci#a z45sod<3dG)oF(af9$nlgqCPh@KRkDRX7m5`IRMV{|J&c&srvst-+ti#_wuxHwSSJh zAN7P%(nO#6h&gnWQo@w|HalNYBUH8gMKeOZDzPA8KBIC*fO&h(KSM<4`sSnwsM?e? z#}>8BNGbg1^GwKnUXQfC>1cqdHXDt%vsA7(2`8g`fy({NMg`S`jVL351Hh7qjva~* z&>3f>hD;9{$95xW53?+`T+a z@}J@Yk4T*2H3fmplmDK*sLFrO_n+@P$ba|oH1dTbe>l{p&<133kLs+0rbeX)=yzD- zmbIDBM;1Cbi|_-rb%S#iG}k@PzO1Rn;3E{mQZ^G(8QFt^2tJo>oEjjh2#ZP2mTGiM z3hw(pK#94kHDG0Cd}+#Weu5*uliLh486JTmy@{rnPMlL%cLo%tV*UHu~3dGpnbHjhU1`Yvqxw9Vmu3+#%jYY zx#G=Rm!+0u;knkZL_hb&Z=VMFPo>fx{jSLbIPd)T*^6rY@AKWghx6Zic@~TRH4&l> zA*q^3mOJJxxc1_b<5zc)9KV`tV`)6sRjKqcrb=Zmc1goyA`~6c7%PH)M}z14gvCBS zuLoJHbg?TkEq&I?_ZJ*r*RcL`2C8wIt|$6yf%vc8+WGIZXWI|!|303z#(xQ7gS-}q z{%Q*M+AN2JHQW#9Nb{d8^eY?}y4Sd`YR?ZrUua&?R~=;$ilQMG@thbif3?@=2?RSM z*M1xiL0}I-U=KlH4?$pGP!QOn$b5(cTj$dx|4SkSPuJ%FG)Mk_zPnpH|Ji=<|GA&% zj*%yJrO$}o>6Y9wShoCVrKhcsj!=-_cMCalwxP7}k;duW?Ef%{1LH zU@VfAOab%!KX;$i;=fi?cT zMca_M`w>{uz8dnJCFtNAl+aiOA0$!kW4PbC)G}M&Hac2$O>UJX+p%WB)f!o@cAhO; z?-F*QWosK((7V?@0SRNt0h`KquXk!ilBMVAj3;;Qc6aMF?520`?L2U5Tc$P$fOoHW zVZ_8GDr&iHN!;#kU09)FiJC^V_!dNqC8~oIvD_kZwa<+Va(A4~T0hnms+79?uzzZm z9T}9QLo~+n2Qqd2JW>2YX|h4Rr?%X`RX`~f(W*+&9%0GMzibNscbn)da!aL>n(^8; zOAtLF|L{d%XeCHosw~t!cfXF#k0ru_Ac%-#qaNymg9WnE0a9avVlD)c83zY(T?NHs zER=Qfa7FbuHKx*h?7_Y zJfA}TYs)Fw854#EIZa_Z&v1N&M@05IkIXQMa3SDlTXnq-}g|J!+le!_zCT%yzC z6WQt6G?<+pO$gpH;L@Z@c74*-XvLnA9L3Ki=Agx|Bv0h=MU@uUYvSGHLdIN#j(9>k z9p65cXlHx-uZU-aA+ysX$%pC&3%%u=_3S>xJR!P<%ml#+!m;2|B5Y$?5g#J(Z9eF9 zc6!ASjO_zO5jxU5H0DeRo~A@>*%Kd>@)3>w#n>aN#`&NZ^NGJBd#jRgqO%*c?`$N< zD)OeMS|{#w2c>jK;%S@`WX@0~gsH_kucc1d3%~$dLI}gzcNbxRGE!r#5V_5`B(kVx zPf8G$=$zo>t)Pnhh}qPA=q&~soIrWF_It=0=nxpJLa^KiI12*i-iVR*e(iZu1daG^ zp9Sa$di3wOh{r@K<7B$&9QY+Vx;VAb+i1uI`oYH?EjD)7{qvyvH>bMiV=Tu5jzzLq zLpg<&(ia5ueMuFOK+A_k!~haGQ*@%~c#>g7wI~c5bpZ8~W5{%gu6KGndw<(3Dku8Y zUhl=G+q6OuLzR4An5%7%kle7^ghl-s{b8QmQ0w^KSzRO z`d@r=^&VVb-w)C&n!HD2EYW}v=C~6{G&9m{3Qj`xTGgB>=-es>Jxx48=bAA@RK}7v zH44&;;c-wVd5;oIwD3Ts#+2q~h%eSL`i=|q{SPObkl1E2AuJ&YdNatG%JuRX3;d;v-Ynec0p7^Ysq&|&|y*XbN; zRx60iQ?-dUHmtIhw+(G$13lpaCIAfukz>DEX=12j!p+6gO_WO_jD5?6Q0opdB8FT{ z5Y{vhWvSl5>@`1TX1y*5YvR3Eao>Y6PjU1fjBD?;s!LTtQJEmuT98bqzMv90d2hGI zGp@+N#zyDw=yZstJolYWc`m$8+cddODFys$G=biFO)l4v@m zN)yBwr^8|;cm@GV7M1YQ-3{tM&>Kf!L-orAXcV@1T|!TObwT^fs#jUjJ~7(XQzXYc zPZKmCdJ!ewa1wK-*KS!()NKP~6HTNEQJAJuBVx>NU@9QvjON6}O!~?2QY7f8Kq9d0 zbPtT&pypu$%f?xjPRj)@6lMt)iL^Y^QJJ}Lu5-y@k!nnO=wXTmMB^XFF-_pEg>+g_ zC`r(hn=y^YdYvQyW`dQL_@sKeiEi{lQGzFVOtc(HZrprsB8ZFBG6tYPOaP2%nBq}S z6E@7X{!0_Y#s-kw#>QqDyLo90=mQ@ZQXFEM_Rxi9G`<vX=;6nBnUthuGN zwW5>TEaid-^yYLEF?>x&n&B#r4zovX_{ukTnPK|iOIT@`$zO}czqEOW~ACTb|@&uAO@S9tvV;Vg@^C^;c(w*k$I|KHhv zQMLc>??2do?&T@$KV@qPMkyVQ)eX`A2cs^9;}E^65-g{h?d0Z|Lrn z^;{_`LmgZH-#eXl<6qtIw}8>_lbZZ~2D2qP=5g+?tzT@X+8U&MurbL7{$7sM{6ltgi7nnH3biK)+i+)qc>mSJJghnE%pL?awXdJUlZVzZw1`ClYwa zdhdSy%RKpiXYcvmcGdrXe|vZTLH@swN6We+E~tryvl443$gNco?>e4Nbopy6s7V-W zQZiW%3WsqW7>fYxX4IMhtvAeqB+_;_r02Aq6PsHoP|wpdxNdH)uHeVjGzk_iMSXl6dsjvaJ|#p z@9o}wbeDLv)UYls04t8i9JjAFv-Ze-fuUPZfhFg4M(s7CVTD;O0k`<1R;#UJFgcw$ zpNmasP8S*Ro6}_{vZ3ah#=XJ>dY~4cys*kT20+WfK&!3F#%n<4;GpJdv*ZNNZRb;9 zYlXR=0q^3JFuQ?uj8q0uOsf$^*^6ia%#@v;mL!MvM%Ip@6$qgT(#5G@M(uSBa8Qrw zT#6E!{kj&wOtZV$k_53>W1k9dE6_(9;EU7AoL1JdAi@B|AE;W2SjsoIMpslVw1%u% z+w{FM?nc5iooWenVboy;2gYBUl{+QUj=J?%@8MJ#FL8fZbs z(Zwlp#jHzT(OVC_0yFR+#q0{sH*&=jqDZWI3!+E2f9Tp@j3#uIW8;TfD8h3vR40VJ z-hOZUZUa|%^l3&slN9bS)WC;%X?h6Sn1h+nWBL=2eS3&;K~mG3V$jRs`RpU+HtsQl4SSh(n})_)<-CfgI@=Q zIL8gO0+j@9EQY0vqQWPpmawO_Q%s1vI@LVuZTEJT#mCwyr;dnqP)|y)2_sVW1s^PF z@U|^vx`jE|a%B+|{#2Cn%Jl++T0hm4an`gueLa`kG-6_XG}DNJyUy4Ryb)<} zD%UrKko$<27d@=el*km9)GHs*2;s#l~mv zE1Nw;K z{~iiE_bFYp2ZyB;{GhTtP3>W-@p}PxkJ?mxYUG+>deqK45{eKoh;kygW67yXRadYE+d~oWw~tJm32Mv{;^zQOqepa(do%YFWHd3 zst5@J-!OuPR7iys)oTxY$vCua+|xKqr^bnj4oePvV+^jZMf8w&Y7WRWfX=x;)Ys!2 z4+u-AwH=_T!8T&n+u&6`ASqGjoU3ChN^{b(`Po`XaIT_+isd)FA8bn+0CY?RT<$V| zcb{bj49#2Nz0&~HK=V}OsNk55#59Og=YLSd38K+DYyIdS=VO+C(8(E>aAU(*Hfmwns_P|5l z9=DLhj(j0D-Lk9SVTeb9BzhmlsTa+fhm4AnC@5M-0$k`@PkUgcR4gTrDTKCohhm#} z$z*K19~3}XOqjm)?U<&-#B3fD;ISoH=MchUeFgO2e1M<|GIh|YM5THqygYURyw0PX zN@VY2+brlCLw0ji;`TJ^qml&MR{U+4eH)t**uD*hu*qoV5~0w{svQp za;B(BDpUabfe+A-GAhSJ_8#AzE()QjQ3h-y5TmZx#*eAIdZh`0BxgJUztgG`;lR*E z5ogF2M@9KEMc8UdSgnjTZnB`67K+6J-I@y?dSSj=18`&;j1nrZz5&(BWLZQU;zRUn zX;eoDE4SGVlg*Ogt4oMhM19LXvx)F8lW}R=AJV zIGi9qGgx8dKbB|1m4Q@sHlk6Jy=K>%5Fv;kqM*iHV=maOx?9&+Y^8Ki#FKTG7<;2` z*3k6gczDHQoKiKNiHlN!GCtlCB=HpCYRo&tTiJ{Trn1#&1hK)Q`nBJg?Ji*Ja>FL1 z-XDNsu;Eh~FcBJ$brUAuv8dJST!xHOfAN3QsESfYtVU7SB z7Gsk(X@MSNr2V&F4_g-a_(*u%qUnMU)ge>#aHx0A^76M5zB#;nMXpJTbaAB1N2Lm7c3`9*8$4`NT(M$X z@|MUk!KoTgi^yin0Dx5NdJcIfu=ac2DJ*P2~UR~U%7WY<})}C-ideCA@ z@Ev)BYs-%gLJcXS6W9QfoF$mW)82BNr?GY55Mk5422LgS0pye=^qM9)P64MKSmGUX zuv28C@$G!Ym}wli9R(7`SsK;v8VF_6Ot_vsxHk-NZs*8#QJFypKt|&FG@3NDb7s-V z=FM25Y)k}I#l}_zrjb}?Bc9Emmm=!)PfjtPl!u2HStnz+!FaE)iSWiR%0_)6V#1V( zu=5PeiX%vuMqzPODPLFIHC-2;Ymm{&SJ6OGMkE9ePx5$NB(*ThNGsGP--gfoY&6TG|G7x3`zk`ki44EK%EKu7?I1m#(I2A-{H0<0;pIvdaCOoq)ra5N_IRryrR?zC@gx`wbsc}uR8Fne6A{{T*) z)z(6pv57>C1;gyvJ@nQZGMp}>tGJSW1~&BvuIP})xH#a!Sw^sMDuLE20_18fe0@TW zJ1$*73#=J*D_Wovc8UUZrr-uq%6S}!GoM1wGJU-sTKHt6uGMHVUY>jdOZM(|-QK+b zwq2hWTG5D0YGDKJ3%7PCUK$!YGmZsK^YK^)1$DW{8uKHnH#)^p|0k2jr~lKDG?D`r zg$YM51k4I~y`tS4`KSa57;`m?2MNojozMy&HUrv3l3SBw#-#+k$=XkFIL4q!y;oC~ zAY2#~6)%C+{|WR8o+|@6NY^3ll-lEi4sY{DCNFP> zg?%l7)eTv6U>A4x_$npnciyJv^NvB@w2h6KB)73qs17d)i>-zWnK?sLc%cTT#(3}P zjywMbf|-^v4sE(@E7sWeMR^)zQ{%&S*m|8~z?vRg`yhZ>O$auZnK)bzL&R3FzGlkZ z+25Z>y7p3Bb9@w@M9H!}!i>L?vRU^4$|pzrU7>x(%famO0dL|TFIdzOn4*r8^O=Dz1tLwAAG>xwDq&;gBP@Udn$^6nun^{tZw%Y(LUST78BEt6N# zjadi*U{iDQWlzT#QQ(jY#}SN?7&h+z@Bb|exAp+g<_XjanGq^&2T$Zv&@XdoOe2t9 z-1?_aylZU3!4H^3*0w<`ViM74JBFO-eV)7>6IS;1dBa?m(sbH5TYzoTK;gyGckVBG zIn*72P_5OPSI|OUKsJ}V#-&%8GoDy+L)u%6K)Aw{(q@~NL~YueYoyIK z-|O|Bn!!}h{HcWOkuah>7?Eq=2!ernZmoHn$lePi$bfUTi9o%qlHF5F7&ZsLbqLsm zY@NYawD18*NS()k<|5(EN!YL~3$vDAHOO%KYmzNbc+OO>Q*wH#A4@NZYjZo$IobBs!cR1Vc*3R}Bxp9rb0lwvHme!0n8Vy`PphGO{UI4C&U5e{gFthDA``!0~lBg<`(}IG>dyAXuK?us%KJLlZ_FsewPEGqbCh;YHf64EhC?lhJKsp&q(wFGaO?X}<+n|D!Y zrqJr=GVZEh7eIH-{hqw~sc#=U>DHj+*#ylm(Esx}y znoSV+L@7qZA?pTo(jqj!yzzo&hrZ2~zog0-RM-^JNrsJbsQ-#{A+)$w1=X~|N;s00hyTTE4xZ%Q#iL1Cmz-^EL1mQzZDGX*#kV1>YyR_ofncxc-NJ%|Du;( z$B7J`2v!YG6OWW%x-(ejFI^)+fcOJO>5zqK+2@!JhXh6h9sz=+Qyaij!$Cq)3_A`C z%3!0I)&kT`Cwv4rqB5|mdx^*x&_s!Q_}CM-Fy$2m39=J;58M(8Va?x#lbh)oDuDzUu5jF=;p_cA~=PokA}NnTQH-vo3qL7t7idL1CGeiJ^8I z())#*66fSQm{uIntveKzCf*Jhl4V4qFurTrrxuFXKmjtXi37#)mDY>I6x|4_{AqyO z;Es*9VNau-ghOlldqyh^7@36@0WsYKv_70>{@7^5&uho)E zhY{l{$^?;w6#-{PkM@7UNl8_ou2-FFezn)xTg~<@RpVnTGuv1wTFo_Jtgv<)auv;j zcU4iXZVLg}n~Za56atqvktN8TrMnHoo`8oMTh%efo&V~}$R|tTL$ABvzjw-!@r^cX z<$J;iTmbD79?f=2vGv>{^EFYaY71hGdAaOdT6REjZrcHQk9;@Y3C}Ensw4%cY3p1c#$om{`vnlije4NJMbS-l0@dTRo-f&tmD(sFU{#|c&@E>O;{7`PbdA$ZGyGp55RyqVEwAC=xE zv)no#TDMM6`Q1*fCrnepFI_j3U%EZt#djdE!o}pjbS*T$bY0L5Y_%zD56y4F%%O;qBpo_GjIF{~aJd9|tA&`2ax5@Ygd}Dku-6wI_1}c#_PsCVwhMR7 zkt;ZZ&U6vW2U!Bya06|-90d+y3RgIF!SVN&Dg4%2I72r4~ znL+C5YmNIM7Za2BW6ESl2H_&!(2W>$Ejf5gg&Q2R>XM5XV)421)74m$D@PJe%-BvM) zkl~;V!!^YfTPRS?5K#>~5A0@ysx)v;Aj#F%=B(2_{7A$?r#?{p)#Ksyt*MgZe1CV zU0jci-Wh=cXpedJw~Mj8W|ktP$%@}R97wE24C@*Y>m^Tube2_n0`-pV2}rO`Q7D24 z%?c|{_l=8SkZR0rzcZ0+D9?dqyzT>&RG1!*rwNg2#^9WXS?T!0huYZcrf4NqCmdKB zzcpQ~w5W=ygQWbrcHl#!8o@CVhTAYwoHK|cP-DV+WqG9>5b3Mf$V+=P7J63=DM=Ib zOSif&pPN8$uaur^{Y2O zo?NUmXUl#yx@mV|xyYVL%@vH?+0_>)896nlBpR(Q4ON?6TpS7x=hi6?d4uwoDiAf$ z$U+iPCBgWENc12QHHbtF>+#Pd6E!T32chUeC~6dnYMb)fq@t!p^sgiqwFyN<)Y*}7 zLOjeBmoZL>Fp2DvPU#vO8~tGmqoTCUdzYXmC$||9bfSfw^l9zlA}HojUm_F8QWspq z?Q{IQ%ZGfn?N&%MZTL2A~9#io7SIk zo^gNaflK%7PDCJEt|@hDEQ#J7I`r4BI$Y_k+`F+<8gQFX**F^WNyZrrI^)TVDsqfP zvAio)x{F@CR6X_bR0jw0t%S!#HpcAG1-Vns3PO7g-$-JzzS~2G8YMNIwT35xL147$ ztjKhw`J)Nf7J|r3Pa{}#ZMQ%x<<*|jE3owy-n_DB;S2;8kg{%AVDAoDh~4pmTv(+( z?gi~O8Q+%bXLq>$99B z9tM@!%C^m3=ie?ll4K;v$O(9rZZ{ESnGN#D1c|(_tsTgr52}X<8)~x!pR}3XG5yzn{xJD3RjN$oR>C2H!Ol| znFcO2OtJAOC6bPqVfs#|_27g2JRrcW;us>d%|S6MZqqZW2p}>gCeNhXxHMJzL^IGK z_zxYB9~&i>8C=|SC%4d4|U8=JFgK#C$0Wr}IqL#uNq=cd&*H^zcx zWx-22Av_Q6HMKANLa{biO-w~>WV>&FvonFJGz>1hMdL;G7(=;*FF=vG$yNPY&&A$$ zx!01$sVU`a|NV}5HF95p)34j{>3m)EPI{{KI$<1_9NTxUFtF2x1s3yblIGqD;9gvK zFIMkiGsbcZRh$zRN+5`|g?I0VlV|7X@yvhz`6L(nO;L56}#VCuQ#{q|&@Pus6oj_*gIWy;a$9K`D)?=Tu zChXc!5XeSKeF z_@%(Hugq6oT1se~OTeOZWakm+u4n<&+JG$&SR?0g^yF~w@C8Ya>^y`MXPnf6_$$}y z8btI(Ho?Z3viS+;@@_i^y7+%X@ycb)jNV4E(6kAJ6FHa|2xlpE(M)*f(S=l*iXK6KL15|WGmc3TMj~jm7qmr zZq2WDg2h#6C@frQtws$O2q`Wk!a<-oOCaoCde2H%Eiiictjh72rimb|_Y3>QxYC;R zH*=wN7kgw`N(;k_y9Z8-(@u6Xhd(5N{wd3OUI5FzRa|-;>usk1Crs?5gi(mN0R{VJ z3|)iF4`)d<@H>VL)+9WG72)=cU|^;Ql`$N0=()S1EHQTQXhJ4jt961-CMHp|3BMfj z0?1cjRWA|}_?auFtUN(3V}T%`GHRh%(8;E)Tv*w2W|F^E6Tt<*JG*t|wF$h6d73&I zsc8iF!(z4AQ4SQXnLEGJl1Vi-v?$f223kV&>7xMwVZwtTd{Q&BA{!W(If3)!lNrnu zZZ2>uIGo8ybHAwIexMf`0e53V({oueGx5KfAaIr^sUr7cd9o?2c556jI4_;Tu2&;=3K5Pi0c)(5S}wsqU7>VBY6&Adf)%(up;_3q*yrQxpeChFd zGoDf^TUJjG_09SCKnsq740E^(T`IrV z$nGBK(f#r3<5K+S0@y@;ICq$|whQDJxbo?YC*;o52eD)KN`BDeeNf#ZXp#jSGv>Dn zZo}o&xipz*{p5pUeM7w14L3~ne>wuEr_!EI860Lxy;&iUw=+(S&sgE3pzz2fRi|nU ziWpd$*K@7+Or92oH_f6Z&EqSPMC&D>=Ix*qO?6*Fyf2{M5dXB@=^H#OHJb9U%FNkp z_8PQ7sO2^wJG2c=^V72#=!se{1s5wST_TN?$iR!x7}dZzq-Q+7@slE}Fv?VL7)?cH`XoZBOn+f{Z9+*K4wiFwndMWVwNId>m6hH_PJx=P!l?QsPxy6s&gRd-YUd^^Se6z&gj$ao#(Ixi zD~$Es=+;d%LBb$cBSbf4BcX|g1V;Q?3aN@Re4B9zXG$)@15b%SFVHKF6ZEaQ!e5}s zwcTVScR08p;+n?x1Tv^^6UsYCjaPveEmX9%-}iISaZgs#~A2dS{R0)K>0m z&_bA{neARqd&=y?1<>c1#bY9(zTmghI?-8+w_h`FPF-sNS=(ZPC1IV}Py2o^KH~}L zTdO6!&}es9_b+Q;xw#4eu|(|XPt#ntvaY`IYiU8sZ=~cB%x&}>Aez}K4RS^m$F6k* zH}07vLQkyHLvFQXMpZi9MDdvGF;2h;DrSHIM!%T7%(Bgl`)45mbkW@h>q{Y7}*1yOm1Fa&=}66bKJXpdb=dxj4S z>;=Tq=Lx!SwfvFJES?C0Pp}PyK%2OnUW}DWN$-ZTgx|O@l{@ipX48>V+2AK@JxHuI z%`Sl=knFAL)?XwUjMSBNMJ#A{80}vko`>h*d3YY4J3s$_00030|EtjrLjXtu0CaE* AasU7T literal 0 HcmV?d00001 diff --git a/packages/longhorn-crd/longhorn-1.4/charts/Chart.yaml b/charts/longhorn-crd/102.2.1+up1.4.2/Chart.yaml old mode 100755 new mode 100644 similarity index 92% rename from packages/longhorn-crd/longhorn-1.4/charts/Chart.yaml rename to charts/longhorn-crd/102.2.1+up1.4.2/Chart.yaml index 5a2070253..5c3c7f88a --- a/packages/longhorn-crd/longhorn-1.4/charts/Chart.yaml +++ b/charts/longhorn-crd/102.2.1+up1.4.2/Chart.yaml @@ -8,4 +8,4 @@ appVersion: v1.4.2 description: Installs the CRDs for longhorn. name: longhorn-crd type: application -version: 1.4.2 +version: 102.2.1+up1.4.2 diff --git a/packages/longhorn-crd/longhorn-1.4/charts/README.md b/charts/longhorn-crd/102.2.1+up1.4.2/README.md old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn-crd/longhorn-1.4/charts/README.md rename to charts/longhorn-crd/102.2.1+up1.4.2/README.md diff --git a/packages/longhorn-crd/longhorn-1.4/charts/templates/_helpers.tpl b/charts/longhorn-crd/102.2.1+up1.4.2/templates/_helpers.tpl old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn-crd/longhorn-1.4/charts/templates/_helpers.tpl rename to charts/longhorn-crd/102.2.1+up1.4.2/templates/_helpers.tpl diff --git a/packages/longhorn-crd/longhorn-1.4/charts/templates/crds.yaml b/charts/longhorn-crd/102.2.1+up1.4.2/templates/crds.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn-crd/longhorn-1.4/charts/templates/crds.yaml rename to charts/longhorn-crd/102.2.1+up1.4.2/templates/crds.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/.helmignore b/charts/longhorn/102.2.1+up1.4.2/.helmignore old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/.helmignore rename to charts/longhorn/102.2.1+up1.4.2/.helmignore diff --git a/packages/longhorn/longhorn-1.4/charts/Chart.yaml b/charts/longhorn/102.2.1+up1.4.2/Chart.yaml old mode 100755 new mode 100644 similarity index 98% rename from packages/longhorn/longhorn-1.4/charts/Chart.yaml rename to charts/longhorn/102.2.1+up1.4.2/Chart.yaml index 23219850e..d2cb88418 --- a/packages/longhorn/longhorn-1.4/charts/Chart.yaml +++ b/charts/longhorn/102.2.1+up1.4.2/Chart.yaml @@ -37,4 +37,4 @@ sources: - https://github.com/longhorn/longhorn-ui - https://github.com/longhorn/longhorn-tests - https://github.com/longhorn/backing-image-manager -version: 1.4.2 +version: 102.2.1+up1.4.2 diff --git a/packages/longhorn/longhorn-1.4/charts/README.md b/charts/longhorn/102.2.1+up1.4.2/README.md old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/README.md rename to charts/longhorn/102.2.1+up1.4.2/README.md diff --git a/packages/longhorn/longhorn-1.4/charts/app-readme.md b/charts/longhorn/102.2.1+up1.4.2/app-readme.md old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/app-readme.md rename to charts/longhorn/102.2.1+up1.4.2/app-readme.md diff --git a/packages/longhorn/longhorn-1.4/charts/questions.yaml b/charts/longhorn/102.2.1+up1.4.2/questions.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/questions.yaml rename to charts/longhorn/102.2.1+up1.4.2/questions.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/NOTES.txt b/charts/longhorn/102.2.1+up1.4.2/templates/NOTES.txt old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/NOTES.txt rename to charts/longhorn/102.2.1+up1.4.2/templates/NOTES.txt diff --git a/packages/longhorn/longhorn-1.4/charts/templates/_helpers.tpl b/charts/longhorn/102.2.1+up1.4.2/templates/_helpers.tpl old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/_helpers.tpl rename to charts/longhorn/102.2.1+up1.4.2/templates/_helpers.tpl diff --git a/packages/longhorn/longhorn-1.4/charts/templates/clusterrole.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/clusterrole.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/clusterrole.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/clusterrole.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/clusterrolebinding.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/clusterrolebinding.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/clusterrolebinding.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/clusterrolebinding.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/daemonset-sa.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/daemonset-sa.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/daemonset-sa.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/daemonset-sa.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/default-setting.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/default-setting.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/default-setting.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/default-setting.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-driver.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/deployment-driver.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/deployment-driver.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/deployment-driver.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-recovery-backend.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/deployment-recovery-backend.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/deployment-recovery-backend.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/deployment-recovery-backend.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-ui.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/deployment-ui.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/deployment-ui.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/deployment-ui.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/deployment-webhook.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/deployment-webhook.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/deployment-webhook.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/deployment-webhook.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/ingress.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/ingress.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/ingress.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/ingress.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/postupgrade-job.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/postupgrade-job.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/postupgrade-job.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/postupgrade-job.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/psp.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/psp.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/psp.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/psp.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/registry-secret.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/registry-secret.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/registry-secret.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/registry-secret.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/serviceaccount.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/serviceaccount.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/serviceaccount.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/serviceaccount.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/services.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/services.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/services.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/services.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/storageclass.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/storageclass.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/storageclass.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/storageclass.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/tls-secrets.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/tls-secrets.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/tls-secrets.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/tls-secrets.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/uninstall-job.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/uninstall-job.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/uninstall-job.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/uninstall-job.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/userroles.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/userroles.yaml similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/userroles.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/userroles.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/validate-install-crd.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/validate-install-crd.yaml similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/validate-install-crd.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/validate-install-crd.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/templates/validate-psp-install.yaml b/charts/longhorn/102.2.1+up1.4.2/templates/validate-psp-install.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/templates/validate-psp-install.yaml rename to charts/longhorn/102.2.1+up1.4.2/templates/validate-psp-install.yaml diff --git a/packages/longhorn/longhorn-1.4/charts/values.yaml b/charts/longhorn/102.2.1+up1.4.2/values.yaml old mode 100755 new mode 100644 similarity index 100% rename from packages/longhorn/longhorn-1.4/charts/values.yaml rename to charts/longhorn/102.2.1+up1.4.2/values.yaml diff --git a/index.yaml b/index.yaml index 0303a70a9..13b9cb388 100755 --- a/index.yaml +++ b/index.yaml @@ -1733,6 +1733,50 @@ entries: - assets/harvester-csi-driver/harvester-csi-driver-100.0.0+up0.1.9.tgz version: 100.0.0+up0.1.9 longhorn: + - annotations: + catalog.cattle.io/auto-install: longhorn-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/display-name: Longhorn + catalog.cattle.io/kube-version: '>= 1.21.0-0' + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/os: linux + catalog.cattle.io/provides-gvr: longhorn.io/v1beta1 + catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' + catalog.cattle.io/release-name: longhorn + catalog.cattle.io/type: cluster-tool + catalog.cattle.io/upstream-version: 1.4.2 + apiVersion: v1 + appVersion: v1.4.2 + created: "2023-05-15T10:54:44.198164+08:00" + description: Longhorn is a distributed block storage system for Kubernetes. + digest: 49a5efd72ff5aa293ce4cc9aa68adaac8289887df711076f6cb04f1a40b1afa6 + home: https://github.com/longhorn/longhorn + icon: https://raw.githubusercontent.com/cncf/artwork/master/projects/longhorn/icon/color/longhorn-icon-color.png + keywords: + - longhorn + - storage + - distributed + - block + - device + - iscsi + - nfs + kubeVersion: '>=1.21.0-0' + maintainers: + - email: maintainers@longhorn.io + name: Longhorn maintainers + name: longhorn + sources: + - https://github.com/longhorn/longhorn + - https://github.com/longhorn/longhorn-engine + - https://github.com/longhorn/longhorn-instance-manager + - https://github.com/longhorn/longhorn-share-manager + - https://github.com/longhorn/longhorn-manager + - https://github.com/longhorn/longhorn-ui + - https://github.com/longhorn/longhorn-tests + - https://github.com/longhorn/backing-image-manager + urls: + - assets/longhorn/longhorn-102.2.1+up1.4.2.tgz + version: 102.2.1+up1.4.2 - annotations: catalog.cattle.io/auto-install: longhorn-crd=match catalog.cattle.io/certified: rancher @@ -2924,6 +2968,21 @@ entries: - assets/longhorn/longhorn-1.0.200.tgz version: 1.0.200 longhorn-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: longhorn-system + catalog.cattle.io/release-name: longhorn-crd + apiVersion: v1 + appVersion: v1.4.2 + created: "2023-05-15T10:53:52.870634+08:00" + description: Installs the CRDs for longhorn. + digest: 3b9e4af1b94d8f78df3c176c4aed5437d3ca061f9475371129572212e289e91a + name: longhorn-crd + type: application + urls: + - assets/longhorn-crd/longhorn-crd-102.2.1+up1.4.2.tgz + version: 102.2.1+up1.4.2 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" diff --git a/release.yaml b/release.yaml index e54bd6966..c90dab3ec 100644 --- a/release.yaml +++ b/release.yaml @@ -2,3 +2,7 @@ neuvector: - 102.0.2+up2.4.5 neuvector-crd: - 102.0.2+up2.4.5 +longhorn: + - 102.2.1+up1.4.2 +longhorn-crd: + - 102.2.1+up1.4.2 From 8a6e70cb027ad7ef98d8d49202e54979991036a9 Mon Sep 17 00:00:00 2001 From: Venkata Krishna Rohit Sakala Date: Fri, 2 Jun 2023 15:51:00 -0700 Subject: [PATCH 06/18] Update annotation to restrict eks operator from 2.7.2 rancher --- .../generated-changes/patch/Chart.yaml.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch index 2bc11b7b1..535be0b25 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch +++ b/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch @@ -11,7 +11,7 @@ catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1 - catalog.cattle.io/rancher-version: '>= 2.6.0-alpha' -+ catalog.cattle.io/rancher-version: '>= 2.7.0-0 < 2.8.0-0' ++ catalog.cattle.io/rancher-version: '>= 2.7.2-0 < 2.8.0-0' catalog.cattle.io/release-name: rancher-eks-operator catalog.cattle.io/scope: management apiVersion: v2 From 8dd8910785ddb31e058cb8d34c8f8e18480a6feb Mon Sep 17 00:00:00 2001 From: Michal Jura Date: Mon, 24 Apr 2023 17:41:54 +0200 Subject: [PATCH 07/18] Add new eks-operator v1.2.1-rc1 --- .../rancher-eks-operator-crd/package.yaml | 4 ++-- .../rancher-eks-operator/rancher-eks-operator/package.yaml | 4 ++-- release.yaml | 4 ++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml index 2d0c0afe4..5e3badc2b 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.0/rancher-eks-operator-crd-1.2.0.tgz -version: 102.0.0 +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc1/rancher-eks-operator-crd-1.2.1-rc1.tgz +version: 102.1.0 diff --git a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml index ec721d754..59f177e48 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.0/rancher-eks-operator-1.2.0.tgz -version: 102.0.0 +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc1/rancher-eks-operator-1.2.1-rc1.tgz +version: 102.1.0 diff --git a/release.yaml b/release.yaml index c90dab3ec..5c0d9123f 100644 --- a/release.yaml +++ b/release.yaml @@ -1,3 +1,7 @@ +rancher-eks-operator: + - 102.1.0+up1.2.1-rc1 +rancher-eks-operator-crd: + - 102.1.0+up1.2.1-rc1 neuvector: - 102.0.2+up2.4.5 neuvector-crd: From f6bb6e74688734ae06342bdef99b410627780f40 Mon Sep 17 00:00:00 2001 From: Michal Jura Date: Mon, 24 Apr 2023 17:47:25 +0200 Subject: [PATCH 08/18] Make charts --- ...r-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz | Bin 0 -> 1204 bytes ...ncher-eks-operator-102.1.0+up1.2.1-rc1.tgz | Bin 0 -> 2040 bytes .../102.1.0+up1.2.1-rc1/Chart.yaml | 12 + .../102.1.0+up1.2.1-rc1/templates/crds.yaml | 223 ++++++++++++++++++ .../102.1.0+up1.2.1-rc1/Chart.yaml | 20 ++ .../102.1.0+up1.2.1-rc1/templates/NOTES.txt | 4 + .../templates/_helpers.tpl | 25 ++ .../templates/clusterrole.yaml | 15 ++ .../templates/clusterrolebinding.yaml | 13 + .../templates/deployment.yaml | 61 +++++ .../templates/serviceaccount.yaml | 5 + .../102.1.0+up1.2.1-rc1/values.yaml | 22 ++ index.yaml | 40 ++++ 13 files changed, 440 insertions(+) create mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz create mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc1.tgz create mode 100644 charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc1/Chart.yaml create mode 100644 charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc1/templates/crds.yaml create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/Chart.yaml create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/NOTES.txt create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/_helpers.tpl create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrole.yaml create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrolebinding.yaml create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/deployment.yaml create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/serviceaccount.yaml create mode 100644 charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/values.yaml diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ec593469748408d48e08a935f7d1e6611e35988b GIT binary patch literal 1204 zcmV;l1WWrLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI=cQ{%Q1=h=US=3c+w1Utt;CvP`!?J%_T=0bVj$cv*!mQ<}2 z$aVU^cl;v|5*Z9}azNRaOti{=cGtTfuM`W4Ptf*oNvM2UVqfTej@F4Qf$5OdwG!Mm5owBQ$UZph@k4Nnf*i>J$04g0 zdo(A9d2q9)A(KM+o1oU9&4r`h?XLe{3zh0?3huTj5eR#Q1GiDEReS_ST%skR)sW2w z5g2p(HR%ufNzd{mN|Cq~#+A!o&PMF_+5|iHeF=i|h+8O?#rb=I{p9RX4hU^L?VZ<15ZE(oW7vz^ljMW`qBK7JN z%#sReyn6$_bDo${Bne}b4MoTpq-pt@1Nrrlf^F?l3!k18n;!p(+%?4J6`x$xv)o2` ze5_v!5sgLB8iut?Pdz#83~koL@y`Z)h$>n<*&J?mz*)IaJ3uMkAK$dxa-SC{b_jvp9TXl$y(@?(YWjRfP~ zZ1s6Uds3frH$-{B+ecnAU4RtaR1DT3jNW~cY&<|T2+D@xm-ir6T%$At|bxR$ujX_@x)vc8Bg+4)vp*xnB z=J`xm=RuxVmE2vi1-oW#vHY(jU9wG1+k!KfR{VHzn!U|iO~>r-f42UY=)1hjyS&SP SLjDZ^0RR6*x6G0NCIA3paaK40 literal 0 HcmV?d00001 diff --git a/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc1.tgz b/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..298d124c66a4eff746de009f2e68d8fbfc27e9dc GIT binary patch literal 2040 zcmVDc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUS$iX0G4fz%0l#ogJ4on9Lpf?%~A ziCe9>yq%>SRj2=6?2?j5nzkHY&b}6!FQS&S^TwT5QnQSwsC}G~uX5DPDBV9znKr?a z&E>PN0bv-1qv6o~hGE$LjfTVUSu`9DqL+hcG>D#s(aXUgdIsTF;l2k7GE6@Ue>JbR za{nd3vP>Cfgvu!P05~&Ds%gNPF%koz`m8X@7a18QWei=%#pgPCJ!gieodh^)BPIfq z?e0#rR3r&zG4zZsu-Az)E5_(AP?Jzu499GmbHo zi#{#M;Jg!AQ4CUK#plkuIqJDEIMoNitJ^i#D3KBR)&kwnuX7u5m17KZma!?$F*6>^#g7~Q zi-E`TeET;F20`R&9(f58*CID=`3-!Fat_=^6PPFs&KP!!$foe_yDO-SL0+n?bg3~p z#r^(Nn6wxNT+KJC_ZtG=p$n-(bEMew?@euM)hHYUQ4s#I$ae}owSWHB&>8<1OcqFA zEdlI_|KUkAYRCWKXn2VKj{#Gu#!ObB-$=Aq0A+A|ixXBzbBR+yMlWON^*j$}bY7hk zi!0`AT5ZypD-uRo%uYwMNQO;gSnT}EvtD|k)#sAD^V!|sOzo~&k_a1Dn0&8o)JRU> zPz)0$3B98uI8zCNWMh<6#u}9XBNEfhMX#eHxWvgW#MoS-Gc-sx+9irpzaZ59v=9mQ zGnJrED3M!^eedYVvrAWQMd=t;YfJHaK?c+W>^(3{WQM>fFiKjD5&mD}&xO!P@ZFXj zxU@C;gI8g>%nLt#^en*(EtD2!c`6yv8JlCJ0w$Jjg1J;nt4`qMZA@pQFMs}>{%>%e zOJ zezk(2Y!TjUivU=!y|?w`|2`G8-Mh>D)Xe)6t>$*+v|KoKRS}$CQt&^Yd4C_U$NxX2 zD09>lnEc_Tz`p)3dhxR5|0kp9<-z|S16Hg4H?R=%7zhnaghaE<@%7xAg{K(9H~sb6 z^HwV#5}b$(p;s0MpOUgV_@t}ypa=eX?GVKTf*;EgvMet)eMM(kvE7zyk(mkf{*U^- z2N6I?xc$@H$%9#PR#tL>Ow z*&bJW?E+3F$W08rGj&z*x62zpkD>SO=Yq*z+cKSEP*wbtGBoR_UB}#@^wfv@0DECi z{I48CD~S(p2lv%~qfu-AHwa%24*lPwz)WOG3|0AcsU$Y$JbKJ{zzUNpE&lC7P%wK% z)ud{Uh9%4}+x?XjnO3)V>(EUX65Y7b2bPP!YE|U62Rc6fST&NHDGvN}Ovp7Fs%|Y% zkKOVV&GB>abhH89>PD{$Cq8J$xFx$Nz`XV9?J0 zFJ6oe{{I+I_kWh>v~%^h+ed#(rY|$rz5IuAhTnf%8hR6fhbQIusNjF?wW`eWP{KiQUDtPEwm=RD-ao%MRHp=6u>W#i7dg)z$>`f z0@ulvx520nY%aSoet|YE+fJ?5m2i!z@h!478peI%)mzt2>FNl3gri23J?jdw7FrVA z7-jDWc1^igt6Mj&*S#8xmT0_ixGFRF+3XI+gsQv~h2hC|RTtSC`a7X+taFtaCNk99 zgXMQ8k`l^yBlan6&gvb*lK|H1)oN>$+H01;(Fu01S75!4??g3hy3@Rpypt9ufmTdAC# z--AT;zNq7vcfCETvpH%!LYUhFOl}sw+X;4$$iQ4H$R*=gi!Tc$i#h(_w#79WEoCk#e9-Pabx_L~ii1dR>Fotj#hD}M`j= 1.20.0-0 < 1.26.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.2-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management +apiVersion: v2 +appVersion: 1.2.1-rc1 +description: A Helm chart for provisioning EKS clusters +home: https://github.com/rancher/eks-operator +name: rancher-eks-operator +sources: +- https://github.com/rancher/eks-operator +version: 102.1.0+up1.2.1-rc1 diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/NOTES.txt b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/NOTES.txt new file mode 100644 index 000000000..23a1b4a8b --- /dev/null +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/NOTES.txt @@ -0,0 +1,4 @@ +You have deployed the Rancher EKS operator +Version: {{ .Chart.AppVersion }} +Description: This operator provisions EKS clusters +from EKSClusterConfig CRs. diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/_helpers.tpl b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/_helpers.tpl new file mode 100644 index 000000000..de3b332f6 --- /dev/null +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/_helpers.tpl @@ -0,0 +1,25 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.cattle.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} + +{{/* +Windows cluster will add default taint for linux nodes, +add below linux tolerations to workloads could be scheduled to those linux nodes +*/}} +{{- define "linux-node-tolerations" -}} +- key: "cattle.io/os" + value: "linux" + effect: "NoSchedule" + operator: "Equal" +{{- end -}} + +{{- define "linux-node-selector" -}} +kubernetes.io/os: linux +{{- end -}} + diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrole.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrole.yaml new file mode 100644 index 000000000..d0d561b6e --- /dev/null +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrole.yaml @@ -0,0 +1,15 @@ +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: eks-operator + namespace: cattle-system +rules: + - apiGroups: [''] + resources: ['secrets'] + verbs: ['get', 'list', 'create', 'watch'] + - apiGroups: ['eks.cattle.io'] + resources: ['eksclusterconfigs'] + verbs: ['get', 'list', 'update', 'watch'] + - apiGroups: ['eks.cattle.io'] + resources: ['eksclusterconfigs/status'] + verbs: ['update'] diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..2b1846353 --- /dev/null +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrolebinding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: eks-operator + namespace: cattle-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: eks-operator +subjects: +- kind: ServiceAccount + name: eks-operator + namespace: cattle-system diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/deployment.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/deployment.yaml new file mode 100644 index 000000000..f63054b2e --- /dev/null +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/deployment.yaml @@ -0,0 +1,61 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: eks-config-operator + namespace: cattle-system +spec: + replicas: 1 + selector: + matchLabels: + ke.cattle.io/operator: eks + template: + metadata: + labels: + ke.cattle.io/operator: eks + spec: + nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} +{{- if .Values.nodeSelector }} +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} + tolerations: {{ include "linux-node-tolerations" . | nindent 8 }} +{{- if .Values.tolerations }} +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} + serviceAccountName: eks-operator + {{- if .Values.priorityClassName }} + priorityClassName: "{{.Values.priorityClassName}}" + {{- end }} + securityContext: + fsGroup: 1007 + runAsUser: 1007 + containers: + - name: eks-operator + image: {{ template "system_default_registry" . }}{{ .Values.eksOperator.image.repository }}:{{ .Values.eksOperator.image.tag }} + imagePullPolicy: IfNotPresent + env: + - name: HTTP_PROXY + value: {{ .Values.httpProxy }} + - name: HTTPS_PROXY + value: {{ .Values.httpsProxy }} + - name: NO_PROXY + value: {{ .Values.noProxy }} +{{- if .Values.additionalTrustedCAs }} + # eks-operator mounts the additional CAs in two places: + volumeMounts: + # This directory is owned by the eks-operator user so c_rehash works here. + - mountPath: /etc/rancher/ssl/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + # This directory is root-owned so c_rehash doesn't work here, + # but the cert is here in case update-ca-certificates is called in the future or by the OS. + - mountPath: /etc/pki/trust/anchors/ca-additional.pem + name: tls-ca-additional-volume + subPath: ca-additional.pem + readOnly: true + volumes: + - name: tls-ca-additional-volume + secret: + defaultMode: 0400 + secretName: tls-ca-additional + {{- end }} diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/serviceaccount.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/serviceaccount.yaml new file mode 100644 index 000000000..934de07e0 --- /dev/null +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + namespace: cattle-system + name: eks-operator diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/values.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/values.yaml new file mode 100644 index 000000000..9dcd704c8 --- /dev/null +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/values.yaml @@ -0,0 +1,22 @@ +global: + cattle: + systemDefaultRegistry: "" + +eksOperator: + image: + repository: rancher/eks-operator + tag: v1.2.1-rc1 + +httpProxy: "" +httpsProxy: "" +noProxy: "" +additionalTrustedCAs: false +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## List of node taints to tolerate (requires Kubernetes >= 1.6) +tolerations: [] + +## PriorityClassName assigned to deployment. +priorityClassName: "" diff --git a/index.yaml b/index.yaml index 13b9cb388..7b52bdea3 100755 --- a/index.yaml +++ b/index.yaml @@ -6115,6 +6115,30 @@ entries: - assets/rancher-csp-adapter/rancher-csp-adapter-1.0.0.tgz version: 1.0.0 rancher-eks-operator: + - annotations: + catalog.cattle.io/auto-install: rancher-eks-operator-crd=match + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.26.0-0' + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/provides-gvr: eksclusterconfigs.eks.cattle.io/v1 + catalog.cattle.io/rancher-version: '>= 2.7.2-0 < 2.8.0-0' + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management + apiVersion: v2 + appVersion: 1.2.1-rc1 + created: "2023-04-24T17:43:12.871437338+02:00" + description: A Helm chart for provisioning EKS clusters + digest: d26dab1e2a9637e8a4c7cfb233920042c45869c676b6a142ddf342f1d4eefad4 + home: https://github.com/rancher/eks-operator + name: rancher-eks-operator + sources: + - https://github.com/rancher/eks-operator + urls: + - assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc1.tgz + version: 102.1.0+up1.2.1-rc1 - annotations: catalog.cattle.io/auto-install: rancher-eks-operator-crd=match catalog.cattle.io/certified: rancher @@ -6282,6 +6306,22 @@ entries: - assets/rancher-eks-operator/rancher-eks-operator-100.0.0+up1.1.1.tgz version: 100.0.0+up1.1.1 rancher-eks-operator-crd: + - annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/permits-os: linux,windows + catalog.cattle.io/release-name: rancher-eks-operator-crd + apiVersion: v2 + appVersion: 1.2.1-rc1 + created: "2023-04-24T17:43:14.471090252+02:00" + description: EKS Operator CustomResourceDefinitions + digest: 309c9dfb618ce3fa94b9d625cc294519aa7e594a924d4cdf19be85698f432ad4 + name: rancher-eks-operator-crd + urls: + - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz + version: 102.1.0+up1.2.1-rc1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" From 79e8ed8c6203d24fa092cda3975b8959cf74c96a Mon Sep 17 00:00:00 2001 From: highlander-ci-bot Date: Fri, 28 Apr 2023 12:18:45 +0000 Subject: [PATCH 09/18] Updating to EKS Operator v1.2.1-rc2 --- .../rancher-eks-operator-crd/package.yaml | 2 +- .../rancher-eks-operator/rancher-eks-operator/package.yaml | 2 +- release.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml index 5e3badc2b..117c9b2f6 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc1/rancher-eks-operator-crd-1.2.1-rc1.tgz +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc2/rancher-eks-operator-crd-1.2.1-rc2.tgz version: 102.1.0 diff --git a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml index 59f177e48..97c267ce1 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc1/rancher-eks-operator-1.2.1-rc1.tgz +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc2/rancher-eks-operator-1.2.1-rc2.tgz version: 102.1.0 diff --git a/release.yaml b/release.yaml index 5c0d9123f..f6b1b835b 100644 --- a/release.yaml +++ b/release.yaml @@ -1,7 +1,7 @@ rancher-eks-operator: - - 102.1.0+up1.2.1-rc1 + - 102.1.0+up1.2.1-rc2 rancher-eks-operator-crd: - - 102.1.0+up1.2.1-rc1 + - 102.1.0+up1.2.1-rc2 neuvector: - 102.0.2+up2.4.5 neuvector-crd: From ef40e1c957f2c4636509b6d8147e9a74f1bd8adc Mon Sep 17 00:00:00 2001 From: highlander-ci-bot Date: Fri, 28 Apr 2023 12:18:51 +0000 Subject: [PATCH 10/18] Autogenerated changes for EKS Operator v1.2.1-rc2 --- ...r-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz | Bin 1204 -> 0 bytes ...r-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz | Bin 0 -> 1204 bytes ...ncher-eks-operator-102.1.0+up1.2.1-rc1.tgz | Bin 2040 -> 0 bytes ...ncher-eks-operator-102.1.0+up1.2.1-rc2.tgz | Bin 0 -> 2041 bytes .../Chart.yaml | 4 ++-- .../templates/crds.yaml | 0 .../Chart.yaml | 4 ++-- .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/deployment.yaml | 0 .../templates/serviceaccount.yaml | 0 .../values.yaml | 2 +- index.yaml | 20 +++++++++--------- 15 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz create mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz delete mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc1.tgz create mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc2.tgz rename charts/rancher-eks-operator-crd/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/Chart.yaml (87%) rename charts/rancher-eks-operator-crd/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/templates/crds.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/Chart.yaml (93%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/templates/NOTES.txt (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/templates/_helpers.tpl (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/templates/clusterrole.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/templates/clusterrolebinding.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/templates/deployment.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/templates/serviceaccount.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc1 => 102.1.0+up1.2.1-rc2}/values.yaml (95%) diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz deleted file mode 100644 index ec593469748408d48e08a935f7d1e6611e35988b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1204 zcmV;l1WWrLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI=cQ{%Q1=h=US=3c+w1Utt;CvP`!?J%_T=0bVj$cv*!mQ<}2 z$aVU^cl;v|5*Z9}azNRaOti{=cGtTfuM`W4Ptf*oNvM2UVqfTej@F4Qf$5OdwG!Mm5owBQ$UZph@k4Nnf*i>J$04g0 zdo(A9d2q9)A(KM+o1oU9&4r`h?XLe{3zh0?3huTj5eR#Q1GiDEReS_ST%skR)sW2w z5g2p(HR%ufNzd{mN|Cq~#+A!o&PMF_+5|iHeF=i|h+8O?#rb=I{p9RX4hU^L?VZ<15ZE(oW7vz^ljMW`qBK7JN z%#sReyn6$_bDo${Bne}b4MoTpq-pt@1Nrrlf^F?l3!k18n;!p(+%?4J6`x$xv)o2` ze5_v!5sgLB8iut?Pdz#83~koL@y`Z)h$>n<*&J?mz*)IaJ3uMkAK$dxa-SC{b_jvp9TXl$y(@?(YWjRfP~ zZ1s6Uds3frH$-{B+ecnAU4RtaR1DT3jNW~cY&<|T2+D@xm-ir6T%$At|bxR$ujX_@x)vc8Bg+4)vp*xnB z=J`xm=RuxVmE2vi1-oW#vHY(jU9wG1+k!KfR{VHzn!U|iO~>r-f42UY=)1hjyS&SP SLjDZ^0RR6*x6G0NCIA3paaK40 diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ac7b57a76d4db50ad9dd4b41eaaa87ed49d97109 GIT binary patch literal 1204 zcmV;l1WWrLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI=cQzN$z=Xw7M&%J)X37e3EPTp>Sb{JZEbD_K|Ua@iGwOz{& zjPI;6UoM%fUH`U7`0mS|_drCPP-$N^sjmBnhe^`{b<0Pr)q;G9&{Whpb%e z(3~7*!Ofb6ObX?1gIa?&6OKA}yZ(P8RHAPvxZ9#cAnfE0+(ofg@evqtg_eX?LpJM2 zV9eduUbo-vbu8~k2@zW5yz(o#7v9s`QQeS)fd4$gV*WMvM{H28ZloL4HZZSk>_bQm0D6 ztXD$u31(2bz?e3uzI;8qIv71z&O!5Lbzsnb-b^m1<2pB!VtVHQ|^67W&ThVFv3FkjIro!~EdYd*)<`qC^V zK@t{|k@y}cpN8SyyDgN%w3uB2NP?z2fI;3L(Ii-f&&H{Fg1Mx|w*V0CqEbW#DV_xy zu+1=pA_t0N-U8c2k}yVDQ-q8`k`%8wkYArD*v1|;@ab8x>G7Y)T}^CW@yTU1%Wag$ zr}{M)QCk#^VOX>DRFlKb&}MZU|6;($sG`A>&ER$ioRtZ+1C;#z@lDGu_j!&|43Oc8 zq)jM`e|aP~GTNP0JXYH^Es^qKz`lg^opKp1WwT~5Dy4Sh_qhjyzW|IOrg8cc3R%@mb~9)w#)>mUFvvi4EkoMZl#nj^$AK0-Lbqj z&u79q5Avd{U~A>|Nd}I%a?Wv-Q73KjcF`Dc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUS$iX0G4fz%0l#ogJ4on9Lpf?%~A ziCe9>yq%>SRj2=6?2?j5nzkHY&b}6!FQS&S^TwT5QnQSwsC}G~uX5DPDBV9znKr?a z&E>PN0bv-1qv6o~hGE$LjfTVUSu`9DqL+hcG>D#s(aXUgdIsTF;l2k7GE6@Ue>JbR za{nd3vP>Cfgvu!P05~&Ds%gNPF%koz`m8X@7a18QWei=%#pgPCJ!gieodh^)BPIfq z?e0#rR3r&zG4zZsu-Az)E5_(AP?Jzu499GmbHo zi#{#M;Jg!AQ4CUK#plkuIqJDEIMoNitJ^i#D3KBR)&kwnuX7u5m17KZma!?$F*6>^#g7~Q zi-E`TeET;F20`R&9(f58*CID=`3-!Fat_=^6PPFs&KP!!$foe_yDO-SL0+n?bg3~p z#r^(Nn6wxNT+KJC_ZtG=p$n-(bEMew?@euM)hHYUQ4s#I$ae}owSWHB&>8<1OcqFA zEdlI_|KUkAYRCWKXn2VKj{#Gu#!ObB-$=Aq0A+A|ixXBzbBR+yMlWON^*j$}bY7hk zi!0`AT5ZypD-uRo%uYwMNQO;gSnT}EvtD|k)#sAD^V!|sOzo~&k_a1Dn0&8o)JRU> zPz)0$3B98uI8zCNWMh<6#u}9XBNEfhMX#eHxWvgW#MoS-Gc-sx+9irpzaZ59v=9mQ zGnJrED3M!^eedYVvrAWQMd=t;YfJHaK?c+W>^(3{WQM>fFiKjD5&mD}&xO!P@ZFXj zxU@C;gI8g>%nLt#^en*(EtD2!c`6yv8JlCJ0w$Jjg1J;nt4`qMZA@pQFMs}>{%>%e zOJ zezk(2Y!TjUivU=!y|?w`|2`G8-Mh>D)Xe)6t>$*+v|KoKRS}$CQt&^Yd4C_U$NxX2 zD09>lnEc_Tz`p)3dhxR5|0kp9<-z|S16Hg4H?R=%7zhnaghaE<@%7xAg{K(9H~sb6 z^HwV#5}b$(p;s0MpOUgV_@t}ypa=eX?GVKTf*;EgvMet)eMM(kvE7zyk(mkf{*U^- z2N6I?xc$@H$%9#PR#tL>Ow z*&bJW?E+3F$W08rGj&z*x62zpkD>SO=Yq*z+cKSEP*wbtGBoR_UB}#@^wfv@0DECi z{I48CD~S(p2lv%~qfu-AHwa%24*lPwz)WOG3|0AcsU$Y$JbKJ{zzUNpE&lC7P%wK% z)ud{Uh9%4}+x?XjnO3)V>(EUX65Y7b2bPP!YE|U62Rc6fST&NHDGvN}Ovp7Fs%|Y% zkKOVV&GB>abhH89>PD{$Cq8J$xFx$Nz`XV9?J0 zFJ6oe{{I+I_kWh>v~%^h+ed#(rY|$rz5IuAhTnf%8hR6fhbQIusNjF?wW`eWP{KiQUDtPEwm=RD-ao%MRHp=6u>W#i7dg)z$>`f z0@ulvx520nY%aSoet|YE+fJ?5m2i!z@h!478peI%)mzt2>FNl3gri23J?jdw7FrVA z7-jDWc1^igt6Mj&*S#8xmT0_ixGFRF+3XI+gsQv~h2hC|RTtSC`a7X+taFtaCNk99 zgXMQ8k`l^yBlan6&gvb*lK|H1)oN>$+H01;(Fu01S75!4??g3hy3@Rpypt9ufmTdAC# z--AT;zNq7vcfCETvpH%!LYUhFOl}sw+X;4$$iQ4H$R*=gi!Tc$i#h(_w#79WEoCk#e9-Pabx_L~ii1dR>Fotj#hD}M`jDc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUUziX9M5fz%0l#ogJ4on9Lpf?%~A ziCe9>yq%>SSEv78?2@8LnzkHY&bbzvFQS&S^TwT5QnQSwsC}H1uX5DPC_Ow)nKr=< zTgYc$0>Us1kH=&88-`)`cQhV{&qm{M6rCK6k6(^BzS@^4Y zb(Q-s0hVRTFe6k(u?N7JVN%Tk&Ww>52sLDdQNGB?Fezi`J1#!g$*To3JnbdGQ5!K8 znAE#_(Nd8ln8h$Ky1+p%%DkAMzeG(!WicH7`4x99uvBwLdFF zg2PND=o3ohmgCSnIPmP!m0M9dhSl0q{9cd&H3fSQ3=^3lFba&4R%3+!*Z6ZGG!lGQ zvjdm5j{o3QST6IzPaix>@Inivg}FJEjOdIluu=gNOEsvE0L;N@LRXQR)5{=NQh zaFI)9kcMaH@7`Vo=9Bp~XKa`MM@Lb||Bp}h_21LLdsRTnmRKDwd(cvZ%kosX99_F_ zo$gmF2+9`WbzKC&dhNYwCjWP-pnC5%^HV$TPqkXumD6(J)Kx`rdP%|meCGXqzz+Za zn4-*4Q(*GPmjb)`ztPc)j{lz=M<;v#e+pQwhTp(aEMg!uFclKbO^&Y?)+{{57`_>< z*Pgdp`H9)xk$yl?Max*K3C;rV#vCmXKw6vFR&%%Zhqiu0>|1F!(xtZd?PltqDqoL~7 z67|F_&(It`heIjI{c?@WpuM_ghNlj@L%cO<>*I85IJbjmktbiC=a39D#VytquMb~5 zq(0pLCn8HkHhV-E*yaD@acBM$Md8W5|9cX6u(#g|6n`ntLr)lZcpOj?FL7#jZrtV` zDLjDN(W*D}P%-%za^t4J<(4bdOTqCq=c>reX9ujW{gi$?*x~<;k<;U+!8`naJc^=j z{y%yV?*0EMpy~fC&uQ!GZ|X;XN2V_`)`R?qa^!Zi##{={D29;-u<0nu@v(b@_`Mt8 zmJ0xLY`&GNyB3_22e3J$)$WFf7G#Ui4pIOc0WEYUy(y z-2yksmAApD_iQ2iF@AwAE!$45*OhRssqr1MwHn4<;x${>Ug??$JA|WFls)SUu@*WK z+!|$X3HD97SF1ZWuGfPGi;if#aJVWn_{nS!#+0hOGYZ3#dQ}(MYx+B(Zmn~b874B+ z^}+J{6G;i>yAk`8HfQyo;Yk4N^=efcrSY02aCCz0>lIk9<9ksJn{73(z5K+eC86 znZK1f$lYfSTPW>mB>62ozf_@xO2wpPaX&?kEIH5QO$K2#?rAk_IYqd2xW(4RjNKX;kJOWXq-ujiFeE{dOr*0q9DkA-$5{w}nhhbY%x8tmzf!B(+U%R5& z!{@+``oGHPtjy?->;ZQ5|D&UB|38Yt{rvAqp!HSPru6T0%iZ$-jt}X2Dxt5f-5&O^ Xhdu1!F8EIX00960aIsjI05AXm^{Dws literal 0 HcmV?d00001 diff --git a/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc1/Chart.yaml b/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc2/Chart.yaml similarity index 87% rename from charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc1/Chart.yaml rename to charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc2/Chart.yaml index b06254a91..99d8f887b 100644 --- a/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc1/Chart.yaml +++ b/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc2/Chart.yaml @@ -6,7 +6,7 @@ annotations: catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/release-name: rancher-eks-operator-crd apiVersion: v2 -appVersion: 1.2.1-rc1 +appVersion: 1.2.1-rc2 description: EKS Operator CustomResourceDefinitions name: rancher-eks-operator-crd -version: 102.1.0+up1.2.1-rc1 +version: 102.1.0+up1.2.1-rc2 diff --git a/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc1/templates/crds.yaml b/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc2/templates/crds.yaml similarity index 100% rename from charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc1/templates/crds.yaml rename to charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc2/templates/crds.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/Chart.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/Chart.yaml similarity index 93% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/Chart.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/Chart.yaml index 4423a7a6c..2d121343b 100644 --- a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/Chart.yaml +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/Chart.yaml @@ -11,10 +11,10 @@ annotations: catalog.cattle.io/release-name: rancher-eks-operator catalog.cattle.io/scope: management apiVersion: v2 -appVersion: 1.2.1-rc1 +appVersion: 1.2.1-rc2 description: A Helm chart for provisioning EKS clusters home: https://github.com/rancher/eks-operator name: rancher-eks-operator sources: - https://github.com/rancher/eks-operator -version: 102.1.0+up1.2.1-rc1 +version: 102.1.0+up1.2.1-rc2 diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/NOTES.txt b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/NOTES.txt similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/NOTES.txt rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/NOTES.txt diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/_helpers.tpl b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/_helpers.tpl similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/_helpers.tpl rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/_helpers.tpl diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrole.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/clusterrole.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrole.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/clusterrole.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/clusterrolebinding.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/clusterrolebinding.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/deployment.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/deployment.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/deployment.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/deployment.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/serviceaccount.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/serviceaccount.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/templates/serviceaccount.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/templates/serviceaccount.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/values.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/values.yaml similarity index 95% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/values.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/values.yaml index 9dcd704c8..16b52a0e9 100644 --- a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc1/values.yaml +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc2/values.yaml @@ -5,7 +5,7 @@ global: eksOperator: image: repository: rancher/eks-operator - tag: v1.2.1-rc1 + tag: v1.2.1-rc2 httpProxy: "" httpsProxy: "" diff --git a/index.yaml b/index.yaml index 7b52bdea3..41c2fb633 100755 --- a/index.yaml +++ b/index.yaml @@ -6128,17 +6128,17 @@ entries: catalog.cattle.io/release-name: rancher-eks-operator catalog.cattle.io/scope: management apiVersion: v2 - appVersion: 1.2.1-rc1 - created: "2023-04-24T17:43:12.871437338+02:00" + appVersion: 1.2.1-rc2 + created: "2023-04-28T12:18:49.074930036Z" description: A Helm chart for provisioning EKS clusters - digest: d26dab1e2a9637e8a4c7cfb233920042c45869c676b6a142ddf342f1d4eefad4 + digest: 66fd68a892c1cc10089b18c30a3d2f1c414aca34d165a486d6440169d58866ec home: https://github.com/rancher/eks-operator name: rancher-eks-operator sources: - https://github.com/rancher/eks-operator urls: - - assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc1.tgz - version: 102.1.0+up1.2.1-rc1 + - assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc2.tgz + version: 102.1.0+up1.2.1-rc2 - annotations: catalog.cattle.io/auto-install: rancher-eks-operator-crd=match catalog.cattle.io/certified: rancher @@ -6314,14 +6314,14 @@ entries: catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/release-name: rancher-eks-operator-crd apiVersion: v2 - appVersion: 1.2.1-rc1 - created: "2023-04-24T17:43:14.471090252+02:00" + appVersion: 1.2.1-rc2 + created: "2023-04-28T12:18:50.749253962Z" description: EKS Operator CustomResourceDefinitions - digest: 309c9dfb618ce3fa94b9d625cc294519aa7e594a924d4cdf19be85698f432ad4 + digest: 636eaf84303950bf6d9bd493cb421c358af4e4ad980f58d2c4f1bcf614cd0a71 name: rancher-eks-operator-crd urls: - - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc1.tgz - version: 102.1.0+up1.2.1-rc1 + - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz + version: 102.1.0+up1.2.1-rc2 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" From 9f810c1fd976f5086cc88cf0a6aa5f2baac9d9ce Mon Sep 17 00:00:00 2001 From: highlander-ci-bot Date: Wed, 3 May 2023 08:52:34 +0000 Subject: [PATCH 11/18] Updating to EKS Operator v1.2.1-rc3 --- .../rancher-eks-operator-crd/package.yaml | 2 +- .../rancher-eks-operator/rancher-eks-operator/package.yaml | 2 +- release.yaml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml index 117c9b2f6..38fcf9571 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc2/rancher-eks-operator-crd-1.2.1-rc2.tgz +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc3/rancher-eks-operator-crd-1.2.1-rc3.tgz version: 102.1.0 diff --git a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml index 97c267ce1..08a2cbaa9 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc2/rancher-eks-operator-1.2.1-rc2.tgz +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc3/rancher-eks-operator-1.2.1-rc3.tgz version: 102.1.0 diff --git a/release.yaml b/release.yaml index f6b1b835b..ee2562b9b 100644 --- a/release.yaml +++ b/release.yaml @@ -1,7 +1,7 @@ rancher-eks-operator: - - 102.1.0+up1.2.1-rc2 + - 102.1.0+up1.2.1-rc3 rancher-eks-operator-crd: - - 102.1.0+up1.2.1-rc2 + - 102.1.0+up1.2.1-rc3 neuvector: - 102.0.2+up2.4.5 neuvector-crd: From 42bfc4d231689c898608f4e2a323befc4a16660f Mon Sep 17 00:00:00 2001 From: highlander-ci-bot Date: Wed, 3 May 2023 08:52:40 +0000 Subject: [PATCH 12/18] Autogenerated changes for EKS Operator v1.2.1-rc3 --- ...r-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz | Bin 1204 -> 0 bytes ...r-eks-operator-crd-102.1.0+up1.2.1-rc3.tgz | Bin 0 -> 1204 bytes ...ncher-eks-operator-102.1.0+up1.2.1-rc2.tgz | Bin 2041 -> 0 bytes ...ncher-eks-operator-102.1.0+up1.2.1-rc3.tgz | Bin 0 -> 2040 bytes .../Chart.yaml | 4 ++-- .../templates/crds.yaml | 0 .../Chart.yaml | 4 ++-- .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/deployment.yaml | 0 .../templates/serviceaccount.yaml | 0 .../values.yaml | 2 +- index.yaml | 20 +++++++++--------- 15 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz create mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc3.tgz delete mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc2.tgz create mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz rename charts/rancher-eks-operator-crd/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/Chart.yaml (87%) rename charts/rancher-eks-operator-crd/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/templates/crds.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/Chart.yaml (93%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/templates/NOTES.txt (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/templates/_helpers.tpl (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/templates/clusterrole.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/templates/clusterrolebinding.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/templates/deployment.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/templates/serviceaccount.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc2 => 102.1.0+up1.2.1-rc3}/values.yaml (95%) diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc2.tgz deleted file mode 100644 index ac7b57a76d4db50ad9dd4b41eaaa87ed49d97109..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1204 zcmV;l1WWrLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI=cQzN$z=Xw7M&%J)X37e3EPTp>Sb{JZEbD_K|Ua@iGwOz{& zjPI;6UoM%fUH`U7`0mS|_drCPP-$N^sjmBnhe^`{b<0Pr)q;G9&{Whpb%e z(3~7*!Ofb6ObX?1gIa?&6OKA}yZ(P8RHAPvxZ9#cAnfE0+(ofg@evqtg_eX?LpJM2 zV9eduUbo-vbu8~k2@zW5yz(o#7v9s`QQeS)fd4$gV*WMvM{H28ZloL4HZZSk>_bQm0D6 ztXD$u31(2bz?e3uzI;8qIv71z&O!5Lbzsnb-b^m1<2pB!VtVHQ|^67W&ThVFv3FkjIro!~EdYd*)<`qC^V zK@t{|k@y}cpN8SyyDgN%w3uB2NP?z2fI;3L(Ii-f&&H{Fg1Mx|w*V0CqEbW#DV_xy zu+1=pA_t0N-U8c2k}yVDQ-q8`k`%8wkYArD*v1|;@ab8x>G7Y)T}^CW@yTU1%Wag$ zr}{M)QCk#^VOX>DRFlKb&}MZU|6;($sG`A>&ER$ioRtZ+1C;#z@lDGu_j!&|43Oc8 zq)jM`e|aP~GTNP0JXYH^Es^qKz`lg^opKp1WwT~5Dy4Sh_qhjyzW|IOrg8cc3R%@mb~9)w#)>mUFvvi4EkoMZl#nj^$AK0-Lbqj z&u79q5Avd{U~A>|Nd}I%a?Wv-Q73KjcF`Dc zVQyr3R8em|NM&qo0PI=cQzN$z=Xw7M&%J)X37e3EPTp>Sb{JZEbD_K|Ua@iGwOz{& zjPI;6UoM%fUH`U7`0mS|_drCPP-$N^sjmBnhe^`{b<0Pr)q;G9&{Whpb%e z(3~7*!Ofb6ObX?1gIa?&6OKA}yZ(P8RHAPvxZ9#cAnfE0+(ofg@evqtg_eX?LpJM2 zV9eduUbo-vbu2%K5+rVgamDiK`H1~qnPA7BoX)->X>U26;I&Yq$ZPZj?(7aF?st3L z_}|%t&xZ``jk95fMDz|Gm%s!-JLnKRP@*_~`##$a2wx5qRrR<=?0~ z{fYACnf0QnP|2{izM~8sB;X+Dj}eF=i|h+8O?#rb^$ap9RW13yf)l>dV)&tAo*leym}$_bDoS+jLt)ntUW-~potL+wZ6=wJdn?@h*@w#?lwU$S6TD`Y*&xYv zuZY(cf0+K868{dI4iHz3f*d$cO>fh#K}c`$Hzb0z)n}igLJJO)i`pUi<;F8mkYe)d zgHz(!$<`sRmM%aa%ImHb#uU06ZKvfeZ^`>@X3I=~+NF-S#-MM8>Q+kmQlFs2&>hQb z^L!?(^B^zEN^Y;%f?cz=So~L#EZHWfZO)lXD}KB<&EDm$qGR^=KU@Dx^g}-6Lq6m` SA^!#d0RR76?@B%ZCIA4nJ5<#G literal 0 HcmV?d00001 diff --git a/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc2.tgz b/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc2.tgz deleted file mode 100644 index 35bdac34170bb5efc6360fcac8a27cb372202a90..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2041 zcmVDc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUUziX9M5fz%0l#ogJ4on9Lpf?%~A ziCe9>yq%>SSEv78?2@8LnzkHY&bbzvFQS&S^TwT5QnQSwsC}H1uX5DPC_Ow)nKr=< zTgYc$0>Us1kH=&88-`)`cQhV{&qm{M6rCK6k6(^BzS@^4Y zb(Q-s0hVRTFe6k(u?N7JVN%Tk&Ww>52sLDdQNGB?Fezi`J1#!g$*To3JnbdGQ5!K8 znAE#_(Nd8ln8h$Ky1+p%%DkAMzeG(!WicH7`4x99uvBwLdFF zg2PND=o3ohmgCSnIPmP!m0M9dhSl0q{9cd&H3fSQ3=^3lFba&4R%3+!*Z6ZGG!lGQ zvjdm5j{o3QST6IzPaix>@Inivg}FJEjOdIluu=gNOEsvE0L;N@LRXQR)5{=NQh zaFI)9kcMaH@7`Vo=9Bp~XKa`MM@Lb||Bp}h_21LLdsRTnmRKDwd(cvZ%kosX99_F_ zo$gmF2+9`WbzKC&dhNYwCjWP-pnC5%^HV$TPqkXumD6(J)Kx`rdP%|meCGXqzz+Za zn4-*4Q(*GPmjb)`ztPc)j{lz=M<;v#e+pQwhTp(aEMg!uFclKbO^&Y?)+{{57`_>< z*Pgdp`H9)xk$yl?Max*K3C;rV#vCmXKw6vFR&%%Zhqiu0>|1F!(xtZd?PltqDqoL~7 z67|F_&(It`heIjI{c?@WpuM_ghNlj@L%cO<>*I85IJbjmktbiC=a39D#VytquMb~5 zq(0pLCn8HkHhV-E*yaD@acBM$Md8W5|9cX6u(#g|6n`ntLr)lZcpOj?FL7#jZrtV` zDLjDN(W*D}P%-%za^t4J<(4bdOTqCq=c>reX9ujW{gi$?*x~<;k<;U+!8`naJc^=j z{y%yV?*0EMpy~fC&uQ!GZ|X;XN2V_`)`R?qa^!Zi##{={D29;-u<0nu@v(b@_`Mt8 zmJ0xLY`&GNyB3_22e3J$)$WFf7G#Ui4pIOc0WEYUy(y z-2yksmAApD_iQ2iF@AwAE!$45*OhRssqr1MwHn4<;x${>Ug??$JA|WFls)SUu@*WK z+!|$X3HD97SF1ZWuGfPGi;if#aJVWn_{nS!#+0hOGYZ3#dQ}(MYx+B(Zmn~b874B+ z^}+J{6G;i>yAk`8HfQyo;Yk4N^=efcrSY02aCCz0>lIk9<9ksJn{73(z5K+eC86 znZK1f$lYfSTPW>mB>62ozf_@xO2wpPaX&?kEIH5QO$K2#?rAk_IYqd2xW(4RjNKX;kJOWXq-ujiFeE{dOr*0q9DkA-$5{w}nhhbY%x8tmzf!B(+U%R5& z!{@+``oGHPtjy?->;ZQ5|D&UB|38Yt{rvAqp!HSPru6T0%iZ$-jt}X2Dxt5f-5&O^ Xhdu1!F8EIX00960aIsjI05AXm^{Dws diff --git a/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz b/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz new file mode 100644 index 0000000000000000000000000000000000000000..919fa0f756fa6c86dec44de6d3096f2ccce7fba0 GIT binary patch literal 2040 zcmVDc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUUriX0G4fz%0l#ogJ4on9Lpf?%~A ziCe9>yq%>SRj2=6?2@8LnzkHY&bbzvFQS&S^TwT5QnQpNsC}H1uQJrkDBV9xm^Q(R zE#$K=0bv-1gaCS?R&$HnJ5ezjnRC!GX1Y9pos z<7#&&S|Z{Y(+GM-=h*8+ndcMqm#9goG=k$lzk)$941>@Q;ZOE*Y%h;Hx29}?lrfGG z6pKEs$l#(ASy2R1r1_`LyBX?*FyvQQ&u>H;s~hUZ)@mtYB!9Nl5#XG-%*mkUDxHcM z1vsY~_HxikWNY$@`ql#7&#!YEag|{N3zo7OE-*D7%fydc z{>!1qvaI?$2!_GH*Zjnbk+>F_am%maTa*jnHk!axX>i7{TSPj8x8GeuX$5C5H+;{Q{?OsWZ!W#~5&?G-=~9N*xS<+U3#((fiESGuVrw^Vbc&UZb!mQ3DBRXdbELFhR(v2~bYGu_4ysVAsZ1nlhztjH> zE;7jsQvdwo-P`NHd@{f0jP3LP;mNS&|Krm`{r5ERUgeOmC6B{M5|*Q>_+u<*ZmZb5#+XT~Y8qpLu^Du*d&D zCMYx16qxMsrNF-aZ*cOW<^QMS!Rf*Op90qF{x`4`iwFn}Ooc?V%J9{~nuRAA!8iTQ z#`D%|A7Y$}6rooX2Os02I{2u|@}LL)X5$dW6oMa%60#^SwtYosSy64vv`EbqdjCiL z-lGVhB&`1QcJg2v-@5j!;@&@s&TSiy;6_LZERLa6u1M;xo^Y+6%k=cz)*>)Lscy>U zS}wPV`bO!wR4gXoDwh@&h$k55vPk46QG|7hp0je@$nK`^>W~`oLMI>QXltT+$7(xf zSGGsxUb}$PDRL7*?_6D%{O$7A&m-u){W)i{*S1Wj7*rNNg$&L5Y1c6~D1Gh2eSp2N zC;pd?p_RnPw}boYzwx*={~LxchKK&|NnkG0ID)eLx>6Dwa~?fmJYcy=lotPXAt;!? zq;gWVK*M5YnCi*BNjCQX6rh4>uWcngwJ;;A3LvA-~%%tFqA{cl8+m50bAGdf~`dhiGYr#2r0NX=a?yiYwK{g2OAqB7%&_Zj{y9SYRna6i^Ljn8(sYqi?4ZMWg zEpVM&aT|YtvhCDnQwrCZ8s8yXqhZ`9UcGhgl&+4jM>uLk+4HUtYoR5< ztx@)lVAqs;y}onfX49*&Xo<#ihpSS9pUm!HOsUK}gD^a;R&}1froR*F#yVH2VIoCc z9W1{)krYt88?jGmdsgomo&>Pjtk;!MYOh%WM<>|5UV+Ufx);^3*-rCPj>}xiOC<$g zMew)jxiXg;30*EM0Mq5pDqFq2efRG2* z9zddeU(|8TyWSqv*&H<mALcE{(QTJ~0Oz8oZXVMzBK@FZj369^VN+7K Date: Fri, 2 Jun 2023 16:11:43 -0700 Subject: [PATCH 13/18] Add kube 1.27 support for eks operator --- .../generated-changes/patch/Chart.yaml.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch index 535be0b25..3df8c974b 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch +++ b/packages/rancher-eks-operator/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch @@ -5,7 +5,7 @@ catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.18.0-0' -+ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.26.0-0' ++ catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.27.0-0' catalog.cattle.io/namespace: cattle-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux,windows From 2d30ca201133d6641b651ab682d69894f6cf1a3a Mon Sep 17 00:00:00 2001 From: Venkata Krishna Rohit Sakala Date: Fri, 2 Jun 2023 16:16:28 -0700 Subject: [PATCH 14/18] make charts --- ...ncher-eks-operator-102.1.0+up1.2.1-rc3.tgz | Bin 2040 -> 2041 bytes .../102.1.0+up1.2.1-rc3/Chart.yaml | 2 +- index.yaml | 6 +++--- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz b/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz index 919fa0f756fa6c86dec44de6d3096f2ccce7fba0..7ce4938db180d8e83094393de80818aed7fac673 100644 GIT binary patch delta 1788 zcmVJ8n8!D%pbst<#gcWbUuA|v#z1-hSK=QiRh!w42EWiwo0YCM*SAGiFMLyu)y z^>+{qe}jRq`H2@JaV;|AmS4lSC>OwOG=Zto;EZ9nh;#;Tzq^Lg8000&N|zXuQPl6x zgh}#Az|~@_dcPs?J-U#}HAjj(|H0HMs}90pFbKjw=Gji6ukD||HFU=RC6hVQ7fS$p z;(vHL7`Nm9i*Rs=|4#uksU}R8q2EZfR{%wDe|&>emP>PmGeJhLBIxxz59f4Io)e2J z7Hn2-(wHd{Mp?{GN3%$V%_3Ot{L8amda2c?g1qzD-QQI0u2~!l8&{Zor)|`T&t6jm zQzi+$qa!$1F@j_hlvKnT6$2v@v(!beqa(P&=`O_BT%uDnNH*HVic>!))c!0NG4@jx zf1^(*kz0;^@94<0OV@5i=?K;vOYwU_2GkVnJupn9hQKH=N?MH({$JzIxzI@PUBwPu z+8Y1CE3sVWg`Ylnmf)opN(-|(lZ@z`EwEGpV@o&2OsbVtC-Aa1rnAxKKmShuH@L_o zGf4gOi+69Y1M|uJnlrY~|A!~Tmj91We-HKF)4+R`L&BC=9xi*(5`?SbRJa^nxo?&3 z*J}uh7U6YO1i)tFy{RYvcZr~C?=JIGGw)BeTG*AdV&TkHMR0aS!T)^b{e8e5|Noev z%urKcvd5PK`})7Z$%~f%pN>z42mgNxSg-rvz)~zCAT%%)63r^ZR|{(vo?ryufAlvS z&s(p3h;b@XgkDh`e2k0g;G-_fgC6*sjYAYu2!1R|$fCU1_7$CFMYS!{A~jR!{U7yv zk0OAQu=>;6$%AQp>)Nx5d;cgpw{1Lv8zCjIIEGTWBB{H2!nJxX)6;WXi@*e>x+#}y zx!fk|8>Qz`v6z6XTv}8ho?x8IeFr^rnNy>oS4^0&)dKaZgI_UD|*UfVLAVo+K96f!jHr(MU~p!Bs5_W}08 zp7>unhE@_E-wy7p|Hk9i{BIb(7#;e*CxN+0;|R*~>q<#%%z5;L@qpzfe^FZe+l8QD z{*uZ`)dCHRnPIm3D<(3nZtu>ao6aS=aib3`6Mxkz&ukBLeEgwoB)3x>`01FCYcy2e zTB4q~|;ZC#vh4d?do%(M8*^X!vhCcnkH7^%e}=>G^w9r32|U=_Zv~3K6z8EM3_LszD2Z1%wL7-BPDTQlHjqi}H(J<~4uim@kNBOEoN?0Hv+ zwa}8_)+l>NuxrY_e_r3YakJ^wShPgrxx-bd!B1v)Fs4-Iok19$R;xNsU(??Sbz_~Y z)G(2vt`3&pok$8O-i_F&v^}f$3{L{sY}V__D7Dutfuj@bUa!Dr6Wxny*leeHDaU0l z<)xB>uOj%{^jw)sjf5^27J%t;XO*p9-@bcy`SJ4V;-BxUe_Pd@p(aB05~t3#PUHH4 zMCeW`=NAtkQNAzgIObh%kLqlW8jlbb_5hQch3|HP-6K*kHwrSzIM(9JQptRQKe%mC zO-4)EjlyH0orAAH5U86JW0%wAXAV0k>}e$V4LrY4p@B;Iq+oGBMU5=JNaZR5qjTJ=y;jQjg$e4K z#tJDtHcn%w@bea>Np76MIBH|*SRDI2I3t9jL$WHBADnPoz*scSq{P@gxCCLEn_MF( zy*2;E_5Fs;=Av)xndw^#D^0%-^A_ajw#z<%bJ0^bVvlJVk$zAyMi7p|uqmnAao)|q zYsA~HUC|uib6`*XUuJYxWb{Y&0Q>s?!AZOS9}EYF`QMX3EG&>+vWcqAJTPH eLSI|E103K02ROi8@Sgwx0RR6~MWz`5FaQ8}1Cwb0 delta 1787 zcmV>V+`mS6I()L>j9b>c-Y;DPkmlw$u^eoVd)%pyn!_iWvnsryBNh z&`D%#^@i@l;4~OI)rY~$yEWG+krDdV0^QHAa~pA$VFU}7vKcNgH6F{vk6ZrBp~teU z`a1}Qf5E`l{KSiqxE7gl%dg>ElndZCn!r?PaK^A(L^^}F-(5p#4Du3XrAv&-DC+lT z!X)`5;A*i|z26Y{9$iS~nj=M?|6ppBRR`fP7zE)T^K7Tk*Y?lf8am_ulF1zDizR?P z@jpBrjN9>lG#($~|5LzBstJ>2=r1_1*&%e|E4K6at z3{wC6;@#WpzCm83le@NseQG|7hp0je@$nK`^>W~`oLMI>QXltT+$7(xf zSGGsxUb}$PDRL7*?_6D%{O$7A&m-u){W)i{*S1Wj7*rNNg$&L5Y1c6~D1Gh2eSp2N zC;pd?p_RnPw}boYzwx*={~LxchKK&|NnkG0ID)eLx>6Dwa~?fmJYcy=f0P#gb|EO3 zzoc?fwLrsSW|-~%iiu3C+q-kcp`r1$Fw}UT|3`!2 zu$});M&ZH#p91Rs&$5hmuKuQa^mk;!Bu8y!rIBG=M^R5tU zp(VksQTC2t*OYs`f4+0$X49*&Xo<#ihpSS9pUm!HOsUK}gD^a;R&}1froR*F#yVH2 zVIoCc9W1{)krYt88?jGmdsgomo&>Pjtk;!MYOh%WM<>|5UV+Ufx);^3*-rCPj>}xi zOC<$gMew)jxiXg;30*EM0Mq5pDqFq2efRG2#n)3+8@ntmVVEy&Srmwf=|qNi>iVbd}q{h(ruARL8ZQ&P9%yqkg7 zh__$6qB+3lz@GZQ%;>Dh=#T6H_VxdRlXm|<7@QvFe@_C9ue!FSf2&(=m;ZNsNY_yb deQoUyaDW3G-~e~Qe*ypi|NjbS{Q&?l0036`nkE1M diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/Chart.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/Chart.yaml index 15fc698b4..d092ac14f 100644 --- a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/Chart.yaml +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/Chart.yaml @@ -2,7 +2,7 @@ annotations: catalog.cattle.io/auto-install: rancher-eks-operator-crd=match catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.26.0-0' + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.27.0-0' catalog.cattle.io/namespace: cattle-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux,windows diff --git a/index.yaml b/index.yaml index f0cb8d5a4..fb043d608 100755 --- a/index.yaml +++ b/index.yaml @@ -6119,7 +6119,7 @@ entries: catalog.cattle.io/auto-install: rancher-eks-operator-crd=match catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" - catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.26.0-0' + catalog.cattle.io/kube-version: '>= 1.20.0-0 < 1.27.0-0' catalog.cattle.io/namespace: cattle-system catalog.cattle.io/os: linux catalog.cattle.io/permits-os: linux,windows @@ -6129,9 +6129,9 @@ entries: catalog.cattle.io/scope: management apiVersion: v2 appVersion: 1.2.1-rc3 - created: "2023-05-03T08:52:37.74093892Z" + created: "2023-06-02T16:16:03.132961-07:00" description: A Helm chart for provisioning EKS clusters - digest: a707d1324f29007f26d8a98605966a719f84ead1bf3a409a4ee61f9e0ee3ea69 + digest: 724aaa1e2bfb2ec104e2767937a233c8ab8f0cc80404d8b9bdd56421073cdf33 home: https://github.com/rancher/eks-operator name: rancher-eks-operator sources: From ffa7b5324f3ee55de44e5ce5aed7d401e32edd76 Mon Sep 17 00:00:00 2001 From: highlander-ci-bot Date: Wed, 24 May 2023 07:15:21 +0000 Subject: [PATCH 15/18] Updating to EKS Operator v1.2.1 --- .../rancher-eks-operator/rancher-eks-operator-crd/package.yaml | 2 +- packages/rancher-eks-operator/rancher-eks-operator/package.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml index 38fcf9571..fd9668cdf 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator-crd/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc3/rancher-eks-operator-crd-1.2.1-rc3.tgz +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1/rancher-eks-operator-crd-1.2.1.tgz version: 102.1.0 diff --git a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml index 08a2cbaa9..27287fa2e 100644 --- a/packages/rancher-eks-operator/rancher-eks-operator/package.yaml +++ b/packages/rancher-eks-operator/rancher-eks-operator/package.yaml @@ -1,2 +1,2 @@ -url: https://github.com/rancher/eks-operator/releases/download/v1.2.1-rc3/rancher-eks-operator-1.2.1-rc3.tgz +url: https://github.com/rancher/eks-operator/releases/download/v1.2.1/rancher-eks-operator-1.2.1.tgz version: 102.1.0 From 6e70db326adc2d3bf7f19577ac51b5fd59420375 Mon Sep 17 00:00:00 2001 From: highlander-ci-bot Date: Wed, 24 May 2023 07:15:28 +0000 Subject: [PATCH 16/18] Autogenerated changes for EKS Operator v1.2.1 --- ...r-eks-operator-crd-102.1.0+up1.2.1-rc3.tgz | Bin 1204 -> 0 bytes ...ncher-eks-operator-crd-102.1.0+up1.2.1.tgz | Bin 0 -> 1197 bytes ...ncher-eks-operator-102.1.0+up1.2.1-rc3.tgz | Bin 2041 -> 0 bytes .../rancher-eks-operator-102.1.0+up1.2.1.tgz | Bin 0 -> 2036 bytes .../Chart.yaml | 4 ++-- .../templates/crds.yaml | 0 .../Chart.yaml | 4 ++-- .../templates/NOTES.txt | 0 .../templates/_helpers.tpl | 0 .../templates/clusterrole.yaml | 0 .../templates/clusterrolebinding.yaml | 0 .../templates/deployment.yaml | 0 .../templates/serviceaccount.yaml | 0 .../values.yaml | 2 +- index.yaml | 20 +++++++++--------- 15 files changed, 15 insertions(+), 15 deletions(-) delete mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc3.tgz create mode 100644 assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1.tgz delete mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz create mode 100644 assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1.tgz rename charts/rancher-eks-operator-crd/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/Chart.yaml (87%) rename charts/rancher-eks-operator-crd/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/templates/crds.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/Chart.yaml (93%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/templates/NOTES.txt (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/templates/_helpers.tpl (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/templates/clusterrole.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/templates/clusterrolebinding.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/templates/deployment.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/templates/serviceaccount.yaml (100%) rename charts/rancher-eks-operator/{102.1.0+up1.2.1-rc3 => 102.1.0+up1.2.1}/values.yaml (95%) diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc3.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc3.tgz deleted file mode 100644 index ba557e5da2e654ca8e5da8d0cf833f98cdf4832a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1204 zcmV;l1WWrLiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI=cQzN$z=Xw7M&%J)X37e3EPTp>Sb{JZEbD_K|Ua@iGwOz{& zjPI;6UoM%fUH`U7`0mS|_drCPP-$N^sjmBnhe^`{b<0Pr)q;G9&{Whpb%e z(3~7*!Ofb6ObX?1gIa?&6OKA}yZ(P8RHAPvxZ9#cAnfE0+(ofg@evqtg_eX?LpJM2 zV9eduUbo-vbu2%K5+rVgamDiK`H1~qnPA7BoX)->X>U26;I&Yq$ZPZj?(7aF?st3L z_}|%t&xZ``jk95fMDz|Gm%s!-JLnKRP@*_~`##$a2wx5qRrR<=?0~ z{fYACnf0QnP|2{izM~8sB;X+Dj}eF=i|h+8O?#rb^$ap9RW13yf)l>dV)&tAo*leym}$_bDoS+jLt)ntUW-~potL+wZ6=wJdn?@h*@w#?lwU$S6TD`Y*&xYv zuZY(cf0+K868{dI4iHz3f*d$cO>fh#K}c`$Hzb0z)n}igLJJO)i`pUi<;F8mkYe)d zgHz(!$<`sRmM%aa%ImHb#uU06ZKvfeZ^`>@X3I=~+NF-S#-MM8>Q+kmQlFs2&>hQb z^L!?(^B^zEN^Y;%f?cz=So~L#EZHWfZO)lXD}KB<&EDm$qGR^=KU@Dx^g}-6Lq6m` SA^!#d0RR76?@B%ZCIA4nJ5<#G diff --git a/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1.tgz b/assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..4ca8a6bb4922135c9cfdd024136a3b0cfe4f0892 GIT binary patch literal 1197 zcmV;e1XBASiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PI;`Q{y%e=h>e^bFXcJLnw6eb_2A-(9)X=<$WVBjv84~wW~m` z)9-%cKY@_g5QxbE!@gu9$@|+~?f$%yJs3Gg-@yrWtV0iMeMkCa_h<~ByEDl2&ZZK_ zaeT19U;M^#y!;y<^y8i0{(isT@9!V<4tL_-K^*sXM7%Nb8WM=X@5CEpEj#x{1dOo^ ztgN9yB!mP8ZPTsymM~y(($ql&mVkP4vaOx60DQgB|x)*_S zw|{%xy>2f`kfc|Ri=mUVq4=wMTpR^rn|(#H!Am^GD`iv>)94Y*=`BLM*X?!VpMoo~ zwzdC__0O0&4UDuaeL@=%!Nc|6`(^K-zf}K+hadI79a&6za0+i2P5zI%lV2$>o@p)m838IUHDC+|!By}K0FRi&!DRpr| zcNH9wLz(MKy$!BdzA#xTsqji$PtJx%rM{y=Uoqu$@StnJidh<4&*yiFI>kC!&MA`y z4Sx06NC@YV&`on3uN%knj?=18dji(C_VD>Dj`hJ8b%ri zB4_rMX`bcY5qo9QrO8B*(=f|DZ&R(xob`;!s?PGEk+mAZEX__bI>T9;c1*$uy+KBr z7f_4JwM|oH(u|idb3oQWDS5YY{gA`9|3b0K#lpzKq zF)x9aMba=r-H?PrK#~-%InZAoN!Yb5TEnI%`DRD|pyUSMf|28ks+Zd+j*r!AE~+sp z)`k)5g{SHqwuUxs;`nC+K13C3>}&=%Ti~ornJu8??~kumzi^%BC`AKV-;uNlvT) z+znA4u=bJHOdB9MH|33W9Y*IqNj4rJ8shZq1BCNx3XGqnM5@V&we;4LqYERgtw4r(6LmJg~_TpQ4dk$zU*jJ6qMLK(c`*^>{KKPbM0eyU_cFS9|An_dyG&HsA( zUzhl|U~~;}HB1l#2U_Npeww|FTSdp>zyG)PY4k%rB>UCZ|X00960 LSK7|3044wcd@DIr literal 0 HcmV?d00001 diff --git a/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz b/assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz deleted file mode 100644 index 7ce4938db180d8e83094393de80818aed7fac673..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2041 zcmVDc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUUriX0G4fz%0l#ogJ4on9Lpf?%~A ziCe9>yq%>SRj2=6?2@8LnzkHY&bbzvFQS&S^TwT5QnQpNsC}H1uQJrkDBV9xm^Q(R zE#$K=0bv-1gaCS?R&$HnJ5ezjnRC!GX1Y9pos z<7#&&S|Z{Y(+GM-=h*8+ndcMqm#9goG=k$lzk)$941>@Q;ZOGR)LtHUZcW(&DPtTX zC>DKMk-PmGeJhLBIxxz59f4I zo)e2J7Hn2-(wHd{Mp?{GN3%$V%_3Ot{L8amda2c?g1qzD-QQI0u2~!l8&{Zor)|`T z&t6jmQzi+$qa!$1F@j_hlvKnT6$2v@v(!beqa(P&=`O_BT%uDnNH*HVic>!))c!0N zG4@jxqfaQ2TaJD2=*Y86*KS4W2-X`*@q0lA)D-MJFifO|z$h?ET8$C@U*pfY&`9uI z#SUEB8vns7v0UbbpFVh&;H4Hy3$r?tjOd&#uv7tKOE<<$s+CnI@Uk|hv(e{2|4#om zxX2_kNd5DRcWeTZ=?QiNVn9DIz6>foa;%Yz>Hn~g&hQwV-6O30$T*!C5jWkt0u(;_uf==~q{ zdygW3lCb*I+sT7zeCyh?ihKVkI=5{+f*TKmo!Qn8qTt6W-CAf8~H%Oa7RL=o00dd|vqBfFcvt3ztU3!QwJqpgYR9jon_ zUD+O$d+h>Fr^rnNy>oS4^0&)dKaZgI_UD|*UfVLAVo+K96f!jHr(MU~p!Bs5_W}08 zp7>unhE@_E-wy7p|Hk9i{BIb(7#;e*CxN+0;|R*~>q<#%%z5;L@qpzfQCj@lg`i;m zlFCWd0u76qVYd4#CNiyV@6Mr{&Lz5WqYo?-f7L3_Y!7sN{Gn_lw^JPW>6nmfG*sSN zqMo?r8Jgqga4ZG6U#^iEv{yIG@Wf%ah&Lu}U7T(W=l1Z-v-r#N?2}<8zs0)b_2G+$ z)Q9{3M5M7uXO9R2`}}`2YR!L!!|?Rb|2+vj*xPRfioX=+p(6}DJPs&{S2(phw{CNf z6du6sXw?~dD4+Zbxp7nAV#_t^rQrCQbCsv&vjf)GeoDU`?D7BF$m#LZ;64678VrZ+ z{D1P|*XEqB*Mv>+RV_K*VD3TUA<>0N_Jxy<9cx}gAmfmEb1rUqWZ z?H0IBuDA_Gy=M#AjqwY#Y1wvavnhpZOpWi5t zuOj%{^jw)sjf5^27J%t;XO*p9-@bcy`SJ4V;-BxUTh*MQCPMWRr_Q!cTHf0j}R920F#@A?{lYGUGLuBmN5iXE+eEU@ znZJ`d$lPZRJ1FdFB>4?IzfhrpO8KNYBz1DLpn$ zW2f-*7NtpUoWVG1W9e8N`#d-!grY;TDwQ9ca9hAwG|r^N*gd!eVVavDc zVQyr3R8em|NM&qo0PH$#Z`;Vx`OIH2knzAzuOUUf#14q2KT%7ym9B1)GXx*Y9Ht1s|+7zCaPVq43SU6@Rk-hgoD9=1!r#oR zt=xYJuryVM8KF{&JOIuNlWG=lW{ku@s6NY$@&3-3;|Y81gHump3Af)eUuHYqb%($hu@GZ&(a2rWrsx&x5Sagxj;Qe>kP#S`~L|MraV={{R z{h2UHJ_)#5Y}M{JguO=(Qn}_xk>@{{T4m8eI1C0s`1?F7lzDEyd@AUS|4Sxwq_36$ z_Qe12bTDkk|MBS|{yz!Kq?#~UhJGW_UI7%r@f}WCF3lCr1R1@Gpx5&}oYO^lPAsli zuvxiDW2Q(LWidOQ%_12#i(py!m}kB8QmZcoY3H-Mzp2_?vp5zut}yvQ+o%zry`>1I zOcHuWM{urU1j!~SsfaZy21X=isf%1kM{tGHU5K%HM5kzwY@~}7r+!YT{aG$z?58S5 zpHL#V9Q)qUk!P2#-HOr?tT&e8_ks+lDcE~pm`DwQQDBs`+9LeF#-DSck>I3+fiqI>HgU@kM9embhdC&uYvvG)G3c-&>30agE+rFZ+tf;nSTBK$Qz5k|hDJ9#jTZ(VyoWqW#Q>k*isR5#^vEuY(D zeWUbTDi#xPl}n2X#1o8jStN6lD8f2L&sn){WOvhdwMdP4p_31Dv~^LvW3?T#E8C-T zuU)|D6uF6@cdo8W{&som=MnVY|C}?~Yg?vM3@QttLWX7ywdLe+rn3G>)Jwzpj+T#+*k_7!O!(5~amIT?h*1uc@3= zEzq!-8D_h`Vk*<>_U;_I>0F{4H~PRb@n@~_%=SUY$DhhZay!X^pN3{M<(i+E$w*2U@8aBdIJJd3|R&psJu@>{G+UZ1{tNPW2f zPedAvboPiau+RU;*XEqB*Mv>+RV_K*VD3TUAM zN3d(syuOj%% z^jw)sjf5^27J%t;XO*p9-+uUT`T6qd;_n};Th*MQCPMWhr_Q!cTHf0j}R920F#@A?{lYGUGLuBmN5iYv+eEU@nZJ`d z$lPZRJ1FdFB>4?IzfhrpO8KNYBz1DLpn$W2f-T z7NtpUoWVG1W9e8N`#d-!grY;TDwQ9ca9hAwG|r^N*gd!eVVav;d-m|ASGx{~rv)!~E|_pz&4Lw)Agx%kA?2jt}WNDxv4r?f?fkzyS_$ S7yK�RR6w0))~4FaQ8jzXtID literal 0 HcmV?d00001 diff --git a/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc3/Chart.yaml b/charts/rancher-eks-operator-crd/102.1.0+up1.2.1/Chart.yaml similarity index 87% rename from charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc3/Chart.yaml rename to charts/rancher-eks-operator-crd/102.1.0+up1.2.1/Chart.yaml index e449c181d..c32f0470f 100644 --- a/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc3/Chart.yaml +++ b/charts/rancher-eks-operator-crd/102.1.0+up1.2.1/Chart.yaml @@ -6,7 +6,7 @@ annotations: catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/release-name: rancher-eks-operator-crd apiVersion: v2 -appVersion: 1.2.1-rc3 +appVersion: 1.2.1 description: EKS Operator CustomResourceDefinitions name: rancher-eks-operator-crd -version: 102.1.0+up1.2.1-rc3 +version: 102.1.0+up1.2.1 diff --git a/charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc3/templates/crds.yaml b/charts/rancher-eks-operator-crd/102.1.0+up1.2.1/templates/crds.yaml similarity index 100% rename from charts/rancher-eks-operator-crd/102.1.0+up1.2.1-rc3/templates/crds.yaml rename to charts/rancher-eks-operator-crd/102.1.0+up1.2.1/templates/crds.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/Chart.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1/Chart.yaml similarity index 93% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/Chart.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1/Chart.yaml index d092ac14f..99321b99d 100644 --- a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/Chart.yaml +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1/Chart.yaml @@ -11,10 +11,10 @@ annotations: catalog.cattle.io/release-name: rancher-eks-operator catalog.cattle.io/scope: management apiVersion: v2 -appVersion: 1.2.1-rc3 +appVersion: 1.2.1 description: A Helm chart for provisioning EKS clusters home: https://github.com/rancher/eks-operator name: rancher-eks-operator sources: - https://github.com/rancher/eks-operator -version: 102.1.0+up1.2.1-rc3 +version: 102.1.0+up1.2.1 diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/NOTES.txt b/charts/rancher-eks-operator/102.1.0+up1.2.1/templates/NOTES.txt similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/NOTES.txt rename to charts/rancher-eks-operator/102.1.0+up1.2.1/templates/NOTES.txt diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/_helpers.tpl b/charts/rancher-eks-operator/102.1.0+up1.2.1/templates/_helpers.tpl similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/_helpers.tpl rename to charts/rancher-eks-operator/102.1.0+up1.2.1/templates/_helpers.tpl diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/clusterrole.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1/templates/clusterrole.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/clusterrole.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1/templates/clusterrole.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/clusterrolebinding.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1/templates/clusterrolebinding.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/clusterrolebinding.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1/templates/clusterrolebinding.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/deployment.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1/templates/deployment.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/deployment.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1/templates/deployment.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/serviceaccount.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1/templates/serviceaccount.yaml similarity index 100% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/templates/serviceaccount.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1/templates/serviceaccount.yaml diff --git a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/values.yaml b/charts/rancher-eks-operator/102.1.0+up1.2.1/values.yaml similarity index 95% rename from charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/values.yaml rename to charts/rancher-eks-operator/102.1.0+up1.2.1/values.yaml index 0a1c93cec..1d7a0346b 100644 --- a/charts/rancher-eks-operator/102.1.0+up1.2.1-rc3/values.yaml +++ b/charts/rancher-eks-operator/102.1.0+up1.2.1/values.yaml @@ -5,7 +5,7 @@ global: eksOperator: image: repository: rancher/eks-operator - tag: v1.2.1-rc3 + tag: v1.2.1 httpProxy: "" httpsProxy: "" diff --git a/index.yaml b/index.yaml index fb043d608..61808b118 100755 --- a/index.yaml +++ b/index.yaml @@ -6128,17 +6128,17 @@ entries: catalog.cattle.io/release-name: rancher-eks-operator catalog.cattle.io/scope: management apiVersion: v2 - appVersion: 1.2.1-rc3 - created: "2023-06-02T16:16:03.132961-07:00" + appVersion: 1.2.1 + created: "2023-05-24T07:15:25.81248011Z" description: A Helm chart for provisioning EKS clusters - digest: 724aaa1e2bfb2ec104e2767937a233c8ab8f0cc80404d8b9bdd56421073cdf33 + digest: f0f398fb747f3719302902a679a40f02d59b41d765e320c24500a98117691773 home: https://github.com/rancher/eks-operator name: rancher-eks-operator sources: - https://github.com/rancher/eks-operator urls: - - assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1-rc3.tgz - version: 102.1.0+up1.2.1-rc3 + - assets/rancher-eks-operator/rancher-eks-operator-102.1.0+up1.2.1.tgz + version: 102.1.0+up1.2.1 - annotations: catalog.cattle.io/auto-install: rancher-eks-operator-crd=match catalog.cattle.io/certified: rancher @@ -6314,14 +6314,14 @@ entries: catalog.cattle.io/permits-os: linux,windows catalog.cattle.io/release-name: rancher-eks-operator-crd apiVersion: v2 - appVersion: 1.2.1-rc3 - created: "2023-05-03T08:52:39.223070124Z" + appVersion: 1.2.1 + created: "2023-05-24T07:15:27.448483831Z" description: EKS Operator CustomResourceDefinitions - digest: f1e5b6ff732933a244ab58ec0d4834ce631ca01b8e9271e53d0b5ec0295a8c72 + digest: 85bdb033077154767ab16016f06568c7e5876a40e7ade62a755b9e9c58669f6a name: rancher-eks-operator-crd urls: - - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1-rc3.tgz - version: 102.1.0+up1.2.1-rc3 + - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-102.1.0+up1.2.1.tgz + version: 102.1.0+up1.2.1 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" From dba76e046af53febd5672ec4877aad7281813919 Mon Sep 17 00:00:00 2001 From: Venkata Krishna Rohit Sakala Date: Fri, 2 Jun 2023 16:24:10 -0700 Subject: [PATCH 17/18] Update release.yaml --- release.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/release.yaml b/release.yaml index ee2562b9b..d7e4b63d5 100644 --- a/release.yaml +++ b/release.yaml @@ -1,7 +1,7 @@ rancher-eks-operator: - - 102.1.0+up1.2.1-rc3 + - 102.1.0+up1.2.1 rancher-eks-operator-crd: - - 102.1.0+up1.2.1-rc3 + - 102.1.0+up1.2.1 neuvector: - 102.0.2+up2.4.5 neuvector-crd: From e31015e71dff0f6a6f9d6b1d1656649fa2167452 Mon Sep 17 00:00:00 2001 From: rohitsakala Date: Fri, 2 Jun 2023 23:45:20 +0000 Subject: [PATCH 18/18] [create-pull-request] automated change --- regsync.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/regsync.yaml b/regsync.yaml index e39de6b73..45b0cb2c4 100644 --- a/regsync.yaml +++ b/regsync.yaml @@ -122,6 +122,7 @@ sync: - v1.1.4 - v1.1.5 - v1.2.0 + - v1.2.1 - source: docker.io/rancher/externalip-webhook target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/externalip-webhook' type: repository @@ -892,6 +893,7 @@ sync: allow: - v1.4.0 - v1.4.1 + - v1.4.2 - v1_20210422 - v1_20210422_patch1 - v2_20210820 @@ -970,6 +972,7 @@ sync: - v1.3.3 - v1.4.0 - v1.4.1 + - v1.4.2 - source: docker.io/rancher/mirrored-longhornio-longhorn-instance-manager target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-longhornio-longhorn-instance-manager' type: repository @@ -977,6 +980,7 @@ sync: allow: - v1.4.0 - v1.4.1 + - v1.4.2 - v1_20201216 - v1_20210621 - v1_20210731 @@ -1008,6 +1012,7 @@ sync: - v1.3.3 - v1.4.0 - v1.4.1 + - v1.4.2 - source: docker.io/rancher/mirrored-longhornio-longhorn-share-manager target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-longhornio-longhorn-share-manager' type: repository @@ -1015,6 +1020,7 @@ sync: allow: - v1.4.0 - v1.4.1 + - v1.4.2 - v1_20201204 - v1_20210416 - v1_20210416_patch1 @@ -1046,6 +1052,7 @@ sync: - v1.3.3 - v1.4.0 - v1.4.1 + - v1.4.2 - source: docker.io/rancher/mirrored-longhornio-support-bundle-kit target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-longhornio-support-bundle-kit' type: repository @@ -1053,6 +1060,7 @@ sync: allow: - v0.0.17 - v0.0.19 + - v0.0.24 - source: docker.io/rancher/mirrored-messagebird-sachet target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-messagebird-sachet' type: repository @@ -1086,6 +1094,7 @@ sync: - 5.0.4 - 5.1.1 - 5.1.2 + - 5.1.3 - source: docker.io/rancher/mirrored-neuvector-enforcer target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-neuvector-enforcer' type: repository @@ -1097,6 +1106,7 @@ sync: - 5.0.4 - 5.1.1 - 5.1.2 + - 5.1.3 - source: docker.io/rancher/mirrored-neuvector-manager target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-neuvector-manager' type: repository @@ -1108,6 +1118,7 @@ sync: - 5.0.4 - 5.1.1 - 5.1.2 + - 5.1.3 - source: docker.io/rancher/mirrored-neuvector-scanner target: '{{ env "REGISTRY_ENDPOINT" }}/rancher/mirrored-neuvector-scanner' type: repository