diff --git a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up0.1.6.tgz b/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up0.1.6.tgz deleted file mode 100644 index 574435780..000000000 Binary files a/assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up0.1.6.tgz and /dev/null differ diff --git a/assets/rancher-operator-crd/rancher-operator-crd-100.0.0+up0.1.4.tgz b/assets/rancher-operator-crd/rancher-operator-crd-100.0.0+up0.1.4.tgz deleted file mode 100644 index 42cb4be29..000000000 Binary files a/assets/rancher-operator-crd/rancher-operator-crd-100.0.0+up0.1.4.tgz and /dev/null differ diff --git a/assets/rancher-operator/rancher-operator-100.0.0+up0.1.4.tgz b/assets/rancher-operator/rancher-operator-100.0.0+up0.1.4.tgz deleted file mode 100644 index c70c400ba..000000000 Binary files a/assets/rancher-operator/rancher-operator-100.0.0+up0.1.4.tgz and /dev/null differ diff --git a/assets/rio/rio-100.0.0.tgz b/assets/rio/rio-100.0.0.tgz deleted file mode 100644 index 472398c1c..000000000 Binary files a/assets/rio/rio-100.0.0.tgz and /dev/null differ diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/.helmignore b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/.helmignore deleted file mode 100644 index f0c131944..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/Chart.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/Chart.yaml deleted file mode 100644 index 4fe5d2614..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/Chart.yaml +++ /dev/null @@ -1,24 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook -apiVersion: v1 -appVersion: v0.1.6 -description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 -home: https://github.com/rancher/externalip-webhook -keywords: -- cve -- externalip -- webhook -- security -maintainers: -- email: raul@rancher.com - name: rawmind0 -name: rancher-external-ip-webhook -sources: -- https://github.com/rancher/externalip-webhook -version: 100.0.0+up0.1.6 diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/README.md b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/README.md deleted file mode 100644 index 4890065a7..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/README.md +++ /dev/null @@ -1,69 +0,0 @@ -# externalip-webhook - -## Chart Details - -This chart will create a deployment of `externalip-webhook` within your Kubernetes Cluster. It's required to mitigate k8s CVE-2020-8554. - -## Installing the Chart - -To install the chart with the release name `rancher-external-ip-webhook`: - -```bash -$ helm repo add rancher-chart https://charts.rancher.io -$ helm repo update -$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml -``` - -## Configuration - -The following table lists the configurable parameters of the externalip-webhook chart and their default values. - - -| Parameter | Description | Default | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | -| `allowedExternalIPCidrs` | Set allowed external IP CIDRs separated by a comma | `""` | -| `certificates.caBundle` | If cert-manager integration is disabled, add here self signed ca.crt in base64 format | `""` | -| `certificates.certManager.enabled` | Enable cert manager integration. Cert manager should be already installed at the k8s cluster | `true` | -| `certificates.certManager.version` | Cert manager version to use | `""` | -| `certificates.secretName` | If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt & tls.key) as k8s secretName in the namespace | `"webhook-server-cert"` | -| `global.systemDefaultRegistry` | Pull docker images from systemDefaultRegistry | `""` | -| `image.pullPolicy` | Webhook server docker pull policy | `"IfNotPresent"` | -| `image.pullSecrets` | Webhook server docker pull secret | `""` | -| `image.repository` | Webhook server docker image repository | `"rancher/externalip-webhook"` | -| `image.tag` | Webhook server docker image tag Defaults to | `".Chart.appVersion"` | -| `metrics.enabled` | Enable metrics endpoint | `false` | -| `metrics.port` | Webhook metrics pod port | `8443` | -| `metrics.prometheusExport` | Enable Prometheus export. Follow [exporting-metrics-for-prometheus](https://book.kubebuilder.io/reference/metrics.html#exporting-metrics-for-prometheus) to export the webhook metrics | `false` | -| `metrics.authProxy.enabled` | Enable auth proxy for metrics endpoint | `false` | -| `metrics.authProxy.port` | Webhook auth proxy pod port | `8080` | -| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker pull policy | `"IfNotPresent"` | -| `metrics.authProxy.image.pullSecrets`| Webhook auth proxy docker pull secrets | `""` | -| `metrics.authProxy.image.repository` | Webhook auth proxy docker image repository | `"gcr.io/kubebuilder/kube-rbac-proxy"` | -| `metrics.authProxy.image.pullPolicy` | Webhook auth proxy docker image tag | `"v0.5.0"` | -| `metrics.authProxy.resources.limits.cpu` | Webhook auth proxy resource cpu limit | `"100m"` | -| `metrics.authProxy.resources.limits.memory` | Webhook auth proxy resource memory limit | `"30Mi"` | -| `metrics.authProxy.resources.requests.cpu` | Webhook auth proxy wesource cpu reservation | `"100m"` | -| `metrics.authProxy.resources.requests.memory` | Webhook auth proxy resource memory reservation | `"20Mi"` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `rbac.apiVersion` | Rbac API version to use | `"v1"` | -| `resources.limits.cpu` | Resource cpu limit | `"100m"` | -| `resources.limits.memory` | Resource memory limit | `"30Mi"` | -| `resources.requests.cpu` | Resource cpu reservation | `"100m"` | -| `resources.requests.memory` | Resource memory reservation | `"20Mi"` | -| `service.metricsPort` | Webhook metrics service port | `8443` | -| `service.webhookPort` | Webhook server service port | `443` | -| `serviceAccountName` | Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false | `"default"` | -| `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` | -| `webhookPort` | Webhook server pod port | `9443` | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -$ helm repo add rancher-chart https://charts.rancher.io -$ helm repo update -$ helm install rancher-external-ip-webhook rancher-chart/rancher-external-ip-webhook --namespace cattle-externalip-system -f values.yaml -``` - -> **Tip**: You can use the default [values.yaml](https://github.com/rancher/externalip-webhook/blob/master/chart/values.yaml) diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/app-README.md b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/app-README.md deleted file mode 100644 index bd8acd382..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/app-README.md +++ /dev/null @@ -1,12 +0,0 @@ -# externalip-webhook - -This chart was created to mitigate [CVE-2020-8554](https://www.cvedetails.com/cve/CVE-2020-8554/) - -External IP Webhook is a validating k8s webhook which prevents services from using random external IPs. -Cluster administrators can specify list of CIDRs allowed to be used as external IP by specifying `allowed-external-ip-cidrs` parameter. The webhook will only allow services which either don’t set external IP, or whose external IPs are within the range specified by the administrator. - -External IP Webhook certificates are required. They can be generated in 2 ways: -* cert-manager: This is the default chart configuration. Cert manager should be already installed at the k8s cluster -* uploading certs: Disable `Cert Manager integration` and set `Secret name` and `CA Bundle` at `Certificates` section. - -For more information, review the Helm README of this chart. diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/questions.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/questions.yaml deleted file mode 100644 index 3ea9edd93..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/questions.yaml +++ /dev/null @@ -1,26 +0,0 @@ -questions: -# allowedExternalIPCidrs -- variable: allowedExternalIPCidrs - label: Allowed external IP cidrs - description: Set allowed external IP CIDRs separated by a comma - type: string - group: Configuration -- variable: certificates.certManager.enabled - default: true - description: Enable cert manager integration. Cert manager should be already installed - label: Enable Cert Manager integration - type: boolean - group: "Certificates" - show_subquestion_if: false - subquestions: - - variable: certificates.secretName - default: webhook-server-cert - description: Use certificates from secret. Secret should exists in the app namespace, with certs data (ca.crt, tls.crt & tls.key) - label: Secret name - type: string - required: true - - variable: certificates.caBundle - description: Use self signed CA Bundle. It should be provided in base64 format - label: CA Bundle - type: string - required: true diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/NOTES.txt b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/NOTES.txt deleted file mode 100644 index 74271bdd5..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/NOTES.txt +++ /dev/null @@ -1,3 +0,0 @@ -To verify that externalip-webhook has started, run: - - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "externalip-webhook.name" . }},release={{ .Release.Name }}" diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/_helpers.tpl b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/_helpers.tpl deleted file mode 100644 index cc8a9a0d3..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/_helpers.tpl +++ /dev/null @@ -1,50 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "externalip-webhook.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "externalip-webhook.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if ne $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s" $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{/* Generate basic labels */}} -{{- define "externalip-webhook.labels" }} -app: {{ template "externalip-webhook.name" . }} -heritage: {{.Release.Service }} -release: {{.Release.Name }} -{{- end }} - -{{/* -Windows cluster will add default taint for linux nodes, -add below linux tolerations to workloads could be scheduled to those linux nodes -*/}} -{{- define "linux-node-tolerations" -}} -- key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" -{{- end -}} - -{{- define "linux-node-selector" -}} -kubernetes.io/os: linux -{{- end -}} - -{{- define "system_default_registry" -}} -{{- if .Values.global.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/admissionregistration.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/admissionregistration.yaml deleted file mode 100644 index d8152faa5..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/admissionregistration.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: -{{- if .Values.certificates.certManager.enabled }} - annotations: - cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ template "externalip-webhook.fullname" . }}-server-cert -{{- end }} - creationTimestamp: null - name: {{ template "externalip-webhook.fullname" . }}-validating-webhook-configuration -webhooks: -- clientConfig: -{{- if not (.Values.certificates.certManager.enabled) }} - caBundle: {{ .Values.certificates.caBundle }} -{{- end }} - service: - name: {{ template "externalip-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} - path: /validate-service - failurePolicy: Ignore - name: {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - services \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/clusterrole.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/clusterrole.yaml deleted file mode 100644 index 46e18bf00..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/clusterrole.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) -}} -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRole -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/clusterrolebinding.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/clusterrolebinding.yaml deleted file mode 100644 index 2fa40817f..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,31 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-cluster-view -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: view -subjects: -- kind: ServiceAccount - name: {{ template "externalip-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} ---- -apiVersion: rbac.authorization.k8s.io/{{ .Values.rbac.apiVersion }} -kind: ClusterRoleBinding -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ template "externalip-webhook.fullname" . }}-proxy-role -subjects: -- kind: ServiceAccount - name: {{ template "externalip-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/deployment.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/deployment.yaml deleted file mode 100644 index c82754deb..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/deployment.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - annotations: - seccomp.security.alpha.kubernetes.io/pod: runtime/default - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.replicas }} - selector: - matchLabels: - app: {{ template "externalip-webhook.name" . }} - template: - metadata: - annotations: - seccomp.security.alpha.kubernetes.io/pod: runtime/default - labels: {{ include "externalip-webhook.labels" . | indent 8 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - spec: - containers: - {{- if and (.Values.metrics.enabled) (.Values.metrics.authProxy.enabled) }} - - name: {{ template "externalip-webhook.fullname" . }}-auth-proxy - args: - - --secure-listen-address=0.0.0.0:{{ .Values.metrics.port }} - - --upstream=http://127.0.0.1:{{ .Values.metrics.authProxy.port }}/ - - --logtostderr=true - - --v=10 - image: {{ template "system_default_registry" . }}{{ .Values.metrics.authProxy.image.repository}}:{{ .Values.metrics.authProxy.image.tag }} - imagePullPolicy: "{{ .Values.metrics.authProxy.image.pullPolicy }}" - ports: - - containerPort: {{ .Values.metrics.port }} - name: webhook-metrics - protocol: TCP - resources: -{{ toYaml .Values.metrics.authProxy.resources | indent 10 }} - readinessProbe: - tcpSocket: - port: webhook-metrics - initialDelaySeconds: 5 - periodSeconds: 10 - livenessProbe: - tcpSocket: - port: webhook-metrics - initialDelaySeconds: 5 - failureThreshold: 10 - periodSeconds: 30 - {{- end }} - - name: {{ template "externalip-webhook.fullname" . }} - image: {{ template "system_default_registry" . }}{{ .Values.image.repository}}:{{ default .Chart.AppVersion .Values.image.tag }} - imagePullPolicy: "{{ .Values.image.pullPolicy }}" - command: - - /webhook - args: - - --webhook-port={{ .Values.webhookPort }} - {{- if .Values.allowedExternalIPCidrs }} - - --allowed-external-ip-cidrs={{ .Values.allowedExternalIPCidrs }} - {{- end }} - {{- if .Values.metrics.enabled }} - {{- if .Values.metrics.authProxy.enabled }} - - --metrics-addr=127.0.0.1:{{ .Values.metrics.authProxy.port }} - {{- else }} - - --metrics-addr=0.0.0.0:{{ .Values.metrics.port }} - {{- end }} - {{- end }} - ports: - - containerPort: {{ .Values.webhookPort }} - name: webhook-server - protocol: TCP - {{- if and (.Values.metrics.enabled) (not (.Values.metrics.authProxy.enabled)) }} - - containerPort: {{ .Values.metrics.port }} - name: webhook-metrics - protocol: TCP - {{- end }} - volumeMounts: - - name: server-cert - mountPath: /tmp/k8s-webhook-server/serving-certs - readOnly: true - resources: -{{ toYaml .Values.resources | indent 10 }} - readinessProbe: - tcpSocket: - port: webhook-server - initialDelaySeconds: 5 - failureThreshold: 10 - periodSeconds: 30 - livenessProbe: - tcpSocket: - port: webhook-server - initialDelaySeconds: 5 - failureThreshold: 10 - periodSeconds: 30 - nodeSelector: {{ include "linux-node-selector" . | nindent 8 }} - {{- if .Values.nodeSelector }} -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - tolerations: {{ include "linux-node-tolerations" . | nindent 6}} - {{- if .Values.tolerations }} -{{ toYaml .Values.tolerations | indent 6 }} - {{- end }} - serviceAccountName: {{ template "externalip-webhook.fullname" . }} - volumes: - - name: server-cert - secret: - defaultMode: 420 - secretName: {{ .Values.certificates.secretName }} diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/issuer.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/issuer.yaml deleted file mode 100644 index ff1c2de10..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/issuer.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.certificates.certManager.enabled -}} - {{- $certmanagerVer := split "." .Values.certificates.certManager.version -}} - {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} -apiVersion: cert-manager.io/v1 - {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} -apiVersion: cert-manager.io/v1beta1 - {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} -apiVersion: cert-manager.io/v1alpha2 - {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} -apiVersion: certmanager.k8s.io/v1alpha1 - {{- else }} -# Setting latest version as default -apiVersion: cert-manager.io/v1 - {{- end }} -kind: Certificate -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-server-cert - namespace: {{ .Release.Namespace }} -spec: - dnsNames: - - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc - - {{ template "externalip-webhook.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - issuerRef: - kind: Issuer - name: {{ template "externalip-webhook.fullname" . }}-issuer - secretName: {{ .Values.certificates.secretName }} ---- - {{- if or (.Capabilities.APIVersions.Has "cert-manager.io/v1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 1) (ge (int $certmanagerVer._1) 0)) }} -apiVersion: cert-manager.io/v1 - {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1beta1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 16)) }} -apiVersion: cert-manager.io/v1beta1 - {{- else if or (.Capabilities.APIVersions.Has "cert-manager.io/v1alpha2") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (ge (int $certmanagerVer._1) 11)) }} -apiVersion: cert-manager.io/v1alpha2 - {{- else if or (.Capabilities.APIVersions.Has "certmanager.k8s.io/v1alpha1") (and (gt (len $certmanagerVer._0) 0) (eq (int $certmanagerVer._0) 0) (lt (int $certmanagerVer._1) 11)) }} -apiVersion: certmanager.k8s.io/v1alpha1 - {{- else }} -# Setting latest version as default -apiVersion: cert-manager.io/v1 - {{- end }} -kind: Issuer -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-issuer - namespace: {{ .Release.Namespace }} -spec: - selfSigned: {} -{{- end -}} - - diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/service.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/service.yaml deleted file mode 100644 index 256add3e4..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/service.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: webhook-server - port: {{ .Values.service.webhookPort }} - protocol: TCP - targetPort: {{ .Values.webhookPort }} - selector: - app: {{ template "externalip-webhook.name" . }} - type: "ClusterIP" -{{- if .Values.metrics.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-metrics-service - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: webhook-metrics - port: {{ .Values.service.metricsPort }} - protocol: TCP - targetPort: {{ .Values.metrics.port }} - selector: - app: {{ template "externalip-webhook.name" . }} - type: "ClusterIP" -{{- end }} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/serviceaccount.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/serviceaccount.yaml deleted file mode 100644 index 895df4f5b..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }} - namespace: {{ .Release.Namespace }} diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/servicemonitor.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/servicemonitor.yaml deleted file mode 100644 index c481ea31d..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/templates/servicemonitor.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and (.Values.metrics.enabled) (.Values.metrics.prometheusExport) -}} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: {{ include "externalip-webhook.labels" . | indent 4 }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - name: {{ template "externalip-webhook.fullname" . }}-monitor - namespace: {{ .Release.Namespace }} -spec: - endpoints: - - path: /metrics - port: https - selector: - matchLabels: - app: {{ template "externalip-webhook.name" . }} -{{- end }} \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/admissionregistration_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/admissionregistration_test.yaml deleted file mode 100644 index 0660aa6e8..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/admissionregistration_test.yaml +++ /dev/null @@ -1,32 +0,0 @@ -suite: Test Admission Registration -templates: -- admissionregistration.yaml -tests: -- it: should render Admission Registration - asserts: - - equal: - path: apiVersion - value: admissionregistration.k8s.io/v1beta1 -- it: should render Admission Registration annotation and not caBundle if certificates.certManager.enabled = true - release: - name: rancher-externalip-webhook - namespace: test - set: - certificates.certManager.enabled: true - asserts: - - equal: - path: metadata.annotations - value: - cert-manager.io/inject-ca-from: test/rancher-externalip-webhook-server-cert - - isNull: - path: webhooks[0].clientConfig.caBundle -- it: should render Admission Registration caBundle and not annotation if certificates.certManager.enabled = false - set: - certificates.caBundle: test - certificates.certManager.enabled: false - asserts: - - equal: - path: webhooks[0].clientConfig.caBundle - value: test - - isNull: - path: metadata.annotations diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/clusterrole_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/clusterrole_test.yaml deleted file mode 100644 index 9e563807b..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/clusterrole_test.yaml +++ /dev/null @@ -1,37 +0,0 @@ -suite: Test Cluster Roles -templates: -- clusterrole.yaml -tests: -- it: should not render Cluster Roles if metrics.enabled = false or metrics.authProxy.enabled = false - set: - metrics.enabled: false - metrics.authProxy.enabled: false - asserts: - - hasDocuments: - count: 0 - template: clusterrole.yaml -- it: should render Cluster Roles if metrics.enabled = true and metrics.authProxy.enabled = true - set: - metrics.enabled: true - metrics.authProxy.enabled: true - asserts: - - hasDocuments: - count: 2 - template: clusterrole.yaml -- it: should render Cluster Roles with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true - set: - metrics.enabled: true - metrics.authProxy.enabled: true - asserts: - - equal: - path: apiVersion - value: rbac.authorization.k8s.io/v1 -- it: should render Cluster Roles with custom rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true - set: - metrics.enabled: true - metrics.authProxy.enabled: true - rbac.apiVersion: v1beta - asserts: - - equal: - path: apiVersion - value: rbac.authorization.k8s.io/v1beta \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/clusterrolebinding_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/clusterrolebinding_test.yaml deleted file mode 100644 index 2129573a3..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/clusterrolebinding_test.yaml +++ /dev/null @@ -1,42 +0,0 @@ -suite: Test Cluster Role Bindings -templates: -- clusterrolebinding.yaml -tests: -- it: should render Cluster Role Bindings with default rbac api version - set: - rbac.apiVersion: v1 - asserts: - - equal: - path: apiVersion - value: rbac.authorization.k8s.io/v1 -- it: should render Cluster Role Bindings with custom rbac api version - set: - rbac.apiVersion: v1beta - asserts: - - equal: - path: apiVersion - value: rbac.authorization.k8s.io/v1beta -- it: should not render Cluster Role Binding proxy if metrics.enabled = false or metrics.authProxy.enabled = false - set: - metrics.enabled: false - metrics.authProxy.enabled: false - asserts: - - hasDocuments: - count: 1 - template: clusterrolebinding.yaml -- it: should render Cluster Role Bindings proxy if metrics.enabled = true and metrics.authProxy.enabled = true - set: - metrics.enabled: true - metrics.authProxy.enabled: true - asserts: - - hasDocuments: - count: 2 - template: clusterrolebinding.yaml -- it: should render Cluster Role Bindings with default rbac api version if metrics.enabled = true and metrics.authProxy.enabled = true - set: - metrics.enabled: true - metrics.authProxy.enabled: true - asserts: - - equal: - path: apiVersion - value: rbac.authorization.k8s.io/v1 \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/deployment_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/deployment_test.yaml deleted file mode 100644 index 50e3f9ec1..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/deployment_test.yaml +++ /dev/null @@ -1,202 +0,0 @@ -suite: Test Deployments -templates: -- deployment.yaml -tests: -- it: should render Deployment with allowed-external-ip-cidrs arg if allowedExternalIPCidrs is set - release: - name: rancher-externalip-webhook - set: - allowedExternalIPCidrs: "1,2" - asserts: - - equal: - path: spec.template.spec.containers[0].args[1] - value: --allowed-external-ip-cidrs=1,2 -- it: should render Deployment with default port, nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false - release: - name: rancher-externalip-webhook - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: rancher-externalip-webhook - - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 9443 - name: webhook-server - protocol: TCP - - equal: - path: spec.template.spec.tolerations[0] - value: - key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" - - equal: - path: spec.template.spec.nodeSelector - value: - kubernetes.io/os: linux -- it: should render Deployment with default port and custom nodeSelector and tolerations if metrics.enabled = false and metrics.authProxy.enabled = false - release: - name: rancher-externalip-webhook - set: - tolerations: - - key: "cattle.io/test" - value: "linux" - effect: "NoSchedule" - operator: "Equal" - nodeSelector: - kubernetes.io/test: linux - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: rancher-externalip-webhook - - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 9443 - name: webhook-server - protocol: TCP - - equal: - path: spec.template.spec.tolerations[0] - value: - key: "cattle.io/os" - value: "linux" - effect: "NoSchedule" - operator: "Equal" - - equal: - path: spec.template.spec.tolerations[1] - value: - key: "cattle.io/test" - value: "linux" - effect: "NoSchedule" - operator: "Equal" - - equal: - path: spec.template.spec.nodeSelector - value: - kubernetes.io/os: linux - kubernetes.io/test: linux -- it: should render Deployment with custom port and image if metrics.enabled = false and metrics.authProxy.enabled = false - release: - name: rancher-externalip-webhook - set: - webhookPort: 9000 - image.repository: test - image.tag: dev-test - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: rancher-externalip-webhook - - equal: - path: spec.template.spec.containers[0].image - value: test:dev-test - - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 9000 - name: webhook-server - protocol: TCP -- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = false - release: - name: rancher-externalip-webhook - set: - metrics.enabled: true - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: rancher-externalip-webhook - - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 9443 - name: webhook-server - protocol: TCP - - equal: - path: spec.template.spec.containers[0].ports[1] - value: - containerPort: 8443 - name: webhook-metrics - protocol: TCP -- it: should render Deployment with custom metrics port if metrics.enabled = true and metrics.authProxy.enabled = false - release: - name: rancher-externalip-webhook - set: - metrics.enabled: true - metrics.port: 8000 - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: rancher-externalip-webhook - - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 9443 - name: webhook-server - protocol: TCP - - equal: - path: spec.template.spec.containers[0].ports[1] - value: - containerPort: 8000 - name: webhook-metrics - protocol: TCP -- it: should render Deployment with default metrics port if metrics.enabled = true and metrics.authProxy.enabled = true - release: - name: rancher-externalip-webhook - set: - metrics.enabled: true - metrics.authProxy.enabled: true - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: rancher-externalip-webhook-auth-proxy - - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 8443 - name: webhook-metrics - protocol: TCP - - equal: - path: spec.template.spec.containers[1].name - value: rancher-externalip-webhook - - equal: - path: spec.template.spec.containers[1].ports[0] - value: - containerPort: 9443 - name: webhook-server - protocol: TCP -- it: should render Deployment with custom metrics port and image if metrics.enabled = true and metrics.authProxy.enabled = true - release: - name: rancher-externalip-webhook - set: - metrics.enabled: true - metrics.authProxy.enabled: true - metrics.port: 8000 - webhookPort: 9000 - image.repository: test - image.tag: dev-test - metrics.authProxy.image.repository: auth - metrics.authProxy.image.tag: auth-test - asserts: - - equal: - path: spec.template.spec.containers[0].name - value: rancher-externalip-webhook-auth-proxy - - equal: - path: spec.template.spec.containers[0].image - value: auth:auth-test - - equal: - path: spec.template.spec.containers[0].ports[0] - value: - containerPort: 8000 - name: webhook-metrics - protocol: TCP - - equal: - path: spec.template.spec.containers[1].name - value: rancher-externalip-webhook - - equal: - path: spec.template.spec.containers[1].image - value: test:dev-test - - equal: - path: spec.template.spec.containers[1].ports[0] - value: - containerPort: 9000 - name: webhook-server - protocol: TCP \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/issuer_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/issuer_test.yaml deleted file mode 100644 index eeeb660b2..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/issuer_test.yaml +++ /dev/null @@ -1,106 +0,0 @@ -suite: Test Issuers -templates: -- issuer.yaml -tests: -- it: should not render issuer if certificates.certManager.enabled = false - set: - certificates.certManager.enabled: false - asserts: - - hasDocuments: - count: 0 - template: issuer.yaml -- it: should render issuer if certificates.certManager.enabled = true - set: - certificates.certManager.enabled: true - asserts: - - hasDocuments: - count: 2 - template: issuer.yaml -- it: should set issuer apiVersion with default cert-manager - set: - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: cert-manager.io/v1 - template: issuer.yaml -- it: should set issuer apiVersion with cert-manager >= 1.0.0 using capabilities - capabilities: - apiversions: - - cert-manager.io/v1 - set: - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: cert-manager.io/v1 - template: issuer.yaml -- it: should set issuer apiVersion with cert-manager >= 0.16.0 using capabilities - capabilities: - apiversions: - - cert-manager.io/v1beta1 - set: - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: cert-manager.io/v1beta1 - template: issuer.yaml -- it: should set issuer apiVersion with cert-manager >= 0.11.0 using capabilities - capabilities: - apiversions: - - cert-manager.io/v1alpha2 - set: - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: cert-manager.io/v1alpha2 - template: issuer.yaml -- it: should set issuer apiVersion with cert-manager < 0.11.0 using capabilities - capabilities: - apiversions: - - certmanager.k8s.io/v1alpha1 - set: - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: certmanager.k8s.io/v1alpha1 - template: issuer.yaml -- it: should set issuer apiVersion with cert-manager >= 1.0.0 using parameter - set: - certificates.certManager.version: 1.0.0 - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: cert-manager.io/v1 - template: issuer.yaml -- it: should set issuer apiVersion with cert-manager >= 0.16.0 using parameter - set: - certificates.certManager.version: 0.16.0 - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: cert-manager.io/v1beta1 - template: issuer.yaml -- it: should set issuer apiVersion with cert-manager >= 0.11.0 using parameter - set: - certificates.certManager.version: 0.11.0 - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: cert-manager.io/v1alpha2 - template: issuer.yaml -- it: should set letsEncrypt apiVersion with cert-manager < 0.11.0 using parameter - set: - certificates.certManager.version: 0.9.0 - certificates.certManager.enabled: true - asserts: - - equal: - path: apiVersion - value: certmanager.k8s.io/v1alpha1 - template: issuer.yaml diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/service_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/service_test.yaml deleted file mode 100644 index a0ba4d352..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/service_test.yaml +++ /dev/null @@ -1,69 +0,0 @@ -suite: Test Services -templates: -- service.yaml -tests: -- it: should render webhook-server service with default webhookPort if metrics.enabled = false - set: - metrics.enabled: false - asserts: - - equal: - path: spec.ports[0] - value: - name: webhook-server - port: 443 - protocol: TCP - targetPort: 9443 -- it: should render webhook-server service with custom webhookPort if metrics.enabled = false - set: - metrics.enabled: false - webhookPort: 9000 - asserts: - - equal: - path: spec.ports[0] - value: - name: webhook-server - port: 443 - protocol: TCP - targetPort: 9000 -- it: should render webhook-server and webhook-metrics services with default webhookPort and metrics.port, if metrics.enabled = true - set: - metrics.enabled: true - asserts: - - equal: - path: spec.ports[0] - value: - name: webhook-server - port: 443 - protocol: TCP - targetPort: 9443 - documentIndex: 0 - - equal: - path: spec.ports[0] - value: - name: webhook-metrics - port: 8443 - protocol: TCP - targetPort: 8443 - documentIndex: 1 -- it: should render webhook-server and webhook-metrics services with custom webhookPort and metrics.port, if metrics.enabled = true - set: - metrics.enabled: true - metrics.port: 8000 - webhookPort: 9000 - asserts: - - equal: - path: spec.ports[0] - value: - name: webhook-server - port: 443 - protocol: TCP - targetPort: 9000 - documentIndex: 0 - - equal: - path: spec.ports[0] - value: - name: webhook-metrics - port: 8443 - protocol: TCP - targetPort: 8000 - documentIndex: 1 \ No newline at end of file diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/serviceaccount_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/serviceaccount_test.yaml deleted file mode 100644 index 5aebbc74b..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/serviceaccount_test.yaml +++ /dev/null @@ -1,9 +0,0 @@ -suite: Test Service Accounts -templates: -- serviceaccount.yaml -tests: -- it: should render Service Account - asserts: - - hasDocuments: - count: 1 - template: serviceaccount.yaml diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/servicemonitor_test.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/servicemonitor_test.yaml deleted file mode 100644 index 21989265e..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/tests/servicemonitor_test.yaml +++ /dev/null @@ -1,20 +0,0 @@ -suite: Test Service Monitors -templates: -- servicemonitor.yaml -tests: -- it: should not render Service Monitor if metrics.enabled = false or metrics.prometheusExport = false - set: - metrics.enabled: false - metrics.prometheusExport: false - asserts: - - hasDocuments: - count: 0 - template: servicemonitor.yaml -- it: should render Service Account if metrics.enabled = true and metrics.authProxy.enabled = true - set: - metrics.enabled: true - metrics.prometheusExport: true - asserts: - - hasDocuments: - count: 1 - template: servicemonitor.yaml diff --git a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/values.yaml b/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/values.yaml deleted file mode 100644 index 832d2199e..000000000 --- a/charts/rancher-external-ip-webhook/rancher-external-ip-webhook/100.0.0+up0.1.6/values.yaml +++ /dev/null @@ -1,67 +0,0 @@ -## Allowed external IP cidrs -allowedExternalIPCidrs: "" -## Certificates generation for webhook -certificates: - certManager: - # Enable cert manager integration. Cert manager should be already installed at the k8s cluster - enabled: true - version: "" - # If cert-manager integration is disabled, add self signed ca.crt in base64 format - caBundle: "" - # If cert-manager integration is disabled, upload certs data (ca.crt, tls.crt and tls.key) as k8s secretName in the namespace - secretName: webhook-server-cert -## Details about the image to be pulled. -image: - pullPolicy: IfNotPresent - pullSecrets: [] - repository: rancher/externalip-webhook - tag: v0.1.6 -## Enabling metrics endpoint -# Webhook emits `webhook_failed_request_count` metrics whenever it rejects service creation or update operation -metrics: - enabled: false - port: 8443 - # Enable webhook metrics export to Prometheus - prometheusExport: false - # Webhook metrics auth proxy. This option is just available for amd64 arch - authProxy: - enabled: false - port: 8080 - image: - pullPolicy: IfNotPresent - pullSecrets: [] - repository: rancher/mirrored-kube-rbac-proxy - tag: v0.5.0 - resources: - limits: - memory: 30Mi - cpu: 100m - requests: - memory: 20Mi - cpu: 100m -## Node labels for pod assignment -## Ref: https://kubernetes.io/docs/user-guide/node-selection/ -## -nodeSelector: {} -## RBAC -rbac: - apiVersion: v1 -## CPU and Memory limit and request for externalip-webhook -resources: - limits: - memory: 30Mi - cpu: 100m - requests: - memory: 20Mi - cpu: 100m -service: - metricsPort: 8443 - webhookPort: 443 -## Webhook serviceAccountName. Just used if metrics.authProxy.enabled = false -serviceAccountName: default -## List of node taints to tolerate (requires Kubernetes >= 1.6) -tolerations: [] -## Webhook server pod port -webhookPort: 9443 -global: - systemDefaultRegistry: "" diff --git a/charts/rancher-operator-crd/rancher-operator-crd/100.0.0+up0.1.4/Chart.yaml b/charts/rancher-operator-crd/rancher-operator-crd/100.0.0+up0.1.4/Chart.yaml deleted file mode 100644 index ffbb83102..000000000 --- a/charts/rancher-operator-crd/rancher-operator-crd/100.0.0+up0.1.4/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd -apiVersion: v2 -appVersion: 0.1.4 -description: Rancher Operator CustomResourceDefinitions -name: rancher-operator-crd -version: 100.0.0+up0.1.4 diff --git a/charts/rancher-operator-crd/rancher-operator-crd/100.0.0+up0.1.4/templates/crds.yaml b/charts/rancher-operator-crd/rancher-operator-crd/100.0.0+up0.1.4/templates/crds.yaml deleted file mode 100644 index 4117d488c..000000000 --- a/charts/rancher-operator-crd/rancher-operator-crd/100.0.0+up0.1.4/templates/crds.yaml +++ /dev/null @@ -1,3304 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusters.rancher.cattle.io -spec: - additionalPrinterColumns: - - JSONPath: .status.ready - name: Ready - type: string - - JSONPath: .status.clientSecretName - name: Kubeconfig - type: string - group: rancher.cattle.io - names: - kind: Cluster - plural: clusters - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - controlPlaneEndpoint: - nullable: true - properties: - host: - nullable: true - type: string - port: - type: integer - type: object - eksConfig: - nullable: true - properties: - amazonCredentialSecret: - nullable: true - type: string - displayName: - nullable: true - type: string - imported: - type: boolean - kmsKey: - nullable: true - type: string - kubernetesVersion: - nullable: true - type: string - loggingTypes: - items: - nullable: true - type: string - nullable: true - type: array - nodeGroups: - items: - properties: - desiredSize: - nullable: true - type: integer - diskSize: - nullable: true - type: integer - ec2SshKey: - nullable: true - type: string - gpu: - nullable: true - type: boolean - imageId: - nullable: true - type: string - instanceType: - nullable: true - type: string - labels: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - launchTemplate: - nullable: true - properties: - id: - nullable: true - type: string - name: - nullable: true - type: string - version: - nullable: true - type: integer - type: object - maxSize: - nullable: true - type: integer - minSize: - nullable: true - type: integer - nodegroupName: - nullable: true - type: string - requestSpotInstances: - nullable: true - type: boolean - resourceTags: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - spotInstanceTypes: - items: - nullable: true - type: string - nullable: true - type: array - subnets: - items: - nullable: true - type: string - nullable: true - type: array - tags: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - userData: - nullable: true - type: string - version: - nullable: true - type: string - required: - - nodegroupName - type: object - nullable: true - type: array - privateAccess: - nullable: true - type: boolean - publicAccess: - nullable: true - type: boolean - publicAccessSources: - items: - nullable: true - type: string - nullable: true - type: array - region: - nullable: true - type: string - secretsEncryption: - nullable: true - type: boolean - securityGroups: - items: - nullable: true - type: string - nullable: true - type: array - serviceRole: - nullable: true - type: string - subnets: - items: - nullable: true - type: string - nullable: true - type: array - tags: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - importedConfig: - nullable: true - properties: - kubeConfigSecret: - nullable: true - type: string - type: object - k3sConfig: - nullable: true - properties: - k3supgradeStrategy: - properties: - drainServerNodes: - type: boolean - drainWorkerNodes: - type: boolean - serverConcurrency: - type: integer - workerConcurrency: - type: integer - type: object - kubernetesVersion: - nullable: true - type: string - type: object - localClusterAuthEndpoint: - properties: - caCerts: - nullable: true - type: string - enabled: - type: boolean - fqdn: - nullable: true - type: string - type: object - rancherKubernetesEngineConfig: - nullable: true - properties: - addonJobTimeout: - type: integer - addons: - nullable: true - type: string - addonsInclude: - items: - nullable: true - type: string - nullable: true - type: array - authentication: - properties: - sans: - items: - nullable: true - type: string - nullable: true - type: array - strategy: - nullable: true - type: string - webhook: - nullable: true - properties: - cacheTimeout: - nullable: true - type: string - configFile: - nullable: true - type: string - type: object - type: object - authorization: - properties: - mode: - nullable: true - type: string - options: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - bastionHost: - properties: - address: - nullable: true - type: string - port: - nullable: true - type: string - sshAgentAuth: - type: boolean - sshCert: - nullable: true - type: string - sshCertPath: - nullable: true - type: string - sshKey: - nullable: true - type: string - sshKeyPath: - nullable: true - type: string - user: - nullable: true - type: string - type: object - cloudProvider: - properties: - awsCloudProvider: - nullable: true - properties: - global: - properties: - disable-security-group-ingress: - type: boolean - disable-strict-zone-check: - type: boolean - elb-security-group: - nullable: true - type: string - kubernetes-cluster-id: - nullable: true - type: string - kubernetes-cluster-tag: - nullable: true - type: string - role-arn: - nullable: true - type: string - routetable-id: - nullable: true - type: string - subnet-id: - nullable: true - type: string - vpc: - nullable: true - type: string - zone: - nullable: true - type: string - type: object - serviceOverride: - nullable: true - type: object - type: object - azureCloudProvider: - nullable: true - properties: - aadClientCertPassword: - nullable: true - type: string - aadClientCertPath: - nullable: true - type: string - aadClientId: - nullable: true - type: string - aadClientSecret: - nullable: true - type: string - cloud: - nullable: true - type: string - cloudProviderBackoff: - type: boolean - cloudProviderBackoffDuration: - type: integer - cloudProviderBackoffExponent: - type: integer - cloudProviderBackoffJitter: - type: integer - cloudProviderBackoffRetries: - type: integer - cloudProviderRateLimit: - type: boolean - cloudProviderRateLimitBucket: - type: integer - cloudProviderRateLimitQPS: - type: integer - excludeMasterFromStandardLB: - nullable: true - type: boolean - loadBalancerSku: - nullable: true - type: string - location: - nullable: true - type: string - maximumLoadBalancerRuleCount: - type: integer - primaryAvailabilitySetName: - nullable: true - type: string - primaryScaleSetName: - nullable: true - type: string - resourceGroup: - nullable: true - type: string - routeTableName: - nullable: true - type: string - securityGroupName: - nullable: true - type: string - subnetName: - nullable: true - type: string - subscriptionId: - nullable: true - type: string - tenantId: - nullable: true - type: string - useInstanceMetadata: - type: boolean - useManagedIdentityExtension: - type: boolean - userAssignedIdentityID: - nullable: true - type: string - vmType: - nullable: true - type: string - vnetName: - nullable: true - type: string - vnetResourceGroup: - nullable: true - type: string - type: object - customCloudProvider: - nullable: true - type: string - name: - nullable: true - type: string - openstackCloudProvider: - nullable: true - properties: - blockStorage: - properties: - bs-version: - nullable: true - type: string - ignore-volume-az: - type: boolean - trust-device-path: - type: boolean - type: object - global: - properties: - auth-url: - nullable: true - type: string - ca-file: - nullable: true - type: string - domain-id: - nullable: true - type: string - domain-name: - nullable: true - type: string - password: - nullable: true - type: string - region: - nullable: true - type: string - tenant-id: - nullable: true - type: string - tenant-name: - nullable: true - type: string - trust-id: - nullable: true - type: string - user-id: - nullable: true - type: string - username: - nullable: true - type: string - type: object - loadBalancer: - properties: - create-monitor: - type: boolean - floating-network-id: - nullable: true - type: string - lb-method: - nullable: true - type: string - lb-provider: - nullable: true - type: string - lb-version: - nullable: true - type: string - manage-security-groups: - type: boolean - monitor-delay: - nullable: true - type: string - monitor-max-retries: - type: integer - monitor-timeout: - nullable: true - type: string - subnet-id: - nullable: true - type: string - use-octavia: - type: boolean - type: object - metadata: - properties: - request-timeout: - type: integer - search-order: - nullable: true - type: string - type: object - route: - properties: - router-id: - nullable: true - type: string - type: object - type: object - vsphereCloudProvider: - nullable: true - properties: - disk: - properties: - scsicontrollertype: - nullable: true - type: string - type: object - global: - properties: - datacenter: - nullable: true - type: string - datacenters: - nullable: true - type: string - datastore: - nullable: true - type: string - insecure-flag: - type: boolean - password: - nullable: true - type: string - port: - nullable: true - type: string - server: - nullable: true - type: string - soap-roundtrip-count: - type: integer - user: - nullable: true - type: string - vm-name: - nullable: true - type: string - vm-uuid: - nullable: true - type: string - working-dir: - nullable: true - type: string - type: object - network: - properties: - public-network: - nullable: true - type: string - type: object - virtualCenter: - nullable: true - type: object - workspace: - properties: - datacenter: - nullable: true - type: string - default-datastore: - nullable: true - type: string - folder: - nullable: true - type: string - resourcepool-path: - nullable: true - type: string - server: - nullable: true - type: string - type: object - type: object - type: object - clusterName: - nullable: true - type: string - dns: - nullable: true - properties: - linearAutoscalerParams: - nullable: true - properties: - coresPerReplica: - type: number - max: - type: integer - min: - type: integer - nodesPerReplica: - type: number - preventSinglePointFailure: - type: boolean - type: object - nodeSelector: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - nodelocal: - nullable: true - properties: - ipAddress: - nullable: true - type: string - nodeLocalDnsPriorityClassName: - nullable: true - type: string - nodeSelector: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - updateStrategy: - nullable: true - properties: - rollingUpdate: - nullable: true - properties: - maxUnavailable: - nullable: true - type: string - type: object - strategy: - nullable: true - type: string - type: object - type: object - options: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - provider: - nullable: true - type: string - reversecidrs: - items: - nullable: true - type: string - nullable: true - type: array - stubdomains: - additionalProperties: - items: - nullable: true - type: string - nullable: true - type: array - nullable: true - type: object - tolerations: - items: - properties: - effect: - nullable: true - type: string - key: - nullable: true - type: string - operator: - nullable: true - type: string - tolerationSeconds: - nullable: true - type: integer - value: - nullable: true - type: string - type: object - nullable: true - type: array - updateStrategy: - nullable: true - properties: - rollingUpdate: - nullable: true - properties: - maxSurge: - nullable: true - type: string - maxUnavailable: - nullable: true - type: string - type: object - strategy: - nullable: true - type: string - type: object - upstreamnameservers: - items: - nullable: true - type: string - nullable: true - type: array - type: object - ignoreDockerVersion: - nullable: true - type: boolean - ingress: - properties: - defaultBackend: - nullable: true - type: boolean - defaultHttpBackendPriorityClassName: - nullable: true - type: string - dnsPolicy: - nullable: true - type: string - extraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - extraEnvs: - items: - properties: - name: - nullable: true - type: string - value: - nullable: true - type: string - valueFrom: - nullable: true - properties: - configMapKeyRef: - nullable: true - properties: - key: - nullable: true - type: string - name: - nullable: true - type: string - optional: - nullable: true - type: boolean - type: object - fieldRef: - nullable: true - properties: - apiVersion: - nullable: true - type: string - fieldPath: - nullable: true - type: string - type: object - resourceFieldRef: - nullable: true - properties: - containerName: - nullable: true - type: string - divisor: - nullable: true - type: string - resource: - nullable: true - type: string - type: object - secretKeyRef: - nullable: true - properties: - key: - nullable: true - type: string - name: - nullable: true - type: string - optional: - nullable: true - type: boolean - type: object - type: object - type: object - nullable: true - type: array - extraVolumeMounts: - items: - properties: - mountPath: - nullable: true - type: string - mountPropagation: - nullable: true - type: string - name: - nullable: true - type: string - readOnly: - type: boolean - subPath: - nullable: true - type: string - subPathExpr: - nullable: true - type: string - type: object - nullable: true - type: array - extraVolumes: - items: - properties: - awsElasticBlockStore: - nullable: true - properties: - fsType: - nullable: true - type: string - partition: - type: integer - readOnly: - type: boolean - volumeID: - nullable: true - type: string - type: object - azureDisk: - nullable: true - properties: - cachingMode: - nullable: true - type: string - diskName: - nullable: true - type: string - diskURI: - nullable: true - type: string - fsType: - nullable: true - type: string - kind: - nullable: true - type: string - readOnly: - nullable: true - type: boolean - type: object - azureFile: - nullable: true - properties: - readOnly: - type: boolean - secretName: - nullable: true - type: string - shareName: - nullable: true - type: string - type: object - cephfs: - nullable: true - properties: - monitors: - items: - nullable: true - type: string - nullable: true - type: array - path: - nullable: true - type: string - readOnly: - type: boolean - secretFile: - nullable: true - type: string - secretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - user: - nullable: true - type: string - type: object - cinder: - nullable: true - properties: - fsType: - nullable: true - type: string - readOnly: - type: boolean - secretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - volumeID: - nullable: true - type: string - type: object - configMap: - nullable: true - properties: - defaultMode: - nullable: true - type: integer - items: - items: - properties: - key: - nullable: true - type: string - mode: - nullable: true - type: integer - path: - nullable: true - type: string - type: object - nullable: true - type: array - name: - nullable: true - type: string - optional: - nullable: true - type: boolean - type: object - csi: - nullable: true - properties: - driver: - nullable: true - type: string - fsType: - nullable: true - type: string - nodePublishSecretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - readOnly: - nullable: true - type: boolean - volumeAttributes: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - downwardAPI: - nullable: true - properties: - defaultMode: - nullable: true - type: integer - items: - items: - properties: - fieldRef: - nullable: true - properties: - apiVersion: - nullable: true - type: string - fieldPath: - nullable: true - type: string - type: object - mode: - nullable: true - type: integer - path: - nullable: true - type: string - resourceFieldRef: - nullable: true - properties: - containerName: - nullable: true - type: string - divisor: - nullable: true - type: string - resource: - nullable: true - type: string - type: object - type: object - nullable: true - type: array - type: object - emptyDir: - nullable: true - properties: - medium: - nullable: true - type: string - sizeLimit: - nullable: true - type: string - type: object - ephemeral: - nullable: true - properties: - readOnly: - type: boolean - volumeClaimTemplate: - nullable: true - properties: - metadata: - properties: - annotations: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - clusterName: - nullable: true - type: string - creationTimestamp: - nullable: true - type: string - deletionGracePeriodSeconds: - nullable: true - type: integer - deletionTimestamp: - nullable: true - type: string - finalizers: - items: - nullable: true - type: string - nullable: true - type: array - generateName: - nullable: true - type: string - generation: - type: integer - labels: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - managedFields: - items: - properties: - apiVersion: - nullable: true - type: string - fieldsType: - nullable: true - type: string - fieldsV1: - nullable: true - type: object - manager: - nullable: true - type: string - operation: - nullable: true - type: string - time: - nullable: true - type: string - type: object - nullable: true - type: array - name: - nullable: true - type: string - namespace: - nullable: true - type: string - ownerReferences: - items: - properties: - apiVersion: - nullable: true - type: string - blockOwnerDeletion: - nullable: true - type: boolean - controller: - nullable: true - type: boolean - kind: - nullable: true - type: string - name: - nullable: true - type: string - uid: - nullable: true - type: string - type: object - nullable: true - type: array - resourceVersion: - nullable: true - type: string - selfLink: - nullable: true - type: string - uid: - nullable: true - type: string - type: object - spec: - properties: - accessModes: - items: - nullable: true - type: string - nullable: true - type: array - dataSource: - nullable: true - properties: - apiGroup: - nullable: true - type: string - kind: - nullable: true - type: string - name: - nullable: true - type: string - type: object - resources: - properties: - limits: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - requests: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - selector: - nullable: true - properties: - matchExpressions: - items: - properties: - key: - nullable: true - type: string - operator: - nullable: true - type: string - values: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - matchLabels: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - storageClassName: - nullable: true - type: string - volumeMode: - nullable: true - type: string - volumeName: - nullable: true - type: string - type: object - type: object - type: object - fc: - nullable: true - properties: - fsType: - nullable: true - type: string - lun: - nullable: true - type: integer - readOnly: - type: boolean - targetWWNs: - items: - nullable: true - type: string - nullable: true - type: array - wwids: - items: - nullable: true - type: string - nullable: true - type: array - type: object - flexVolume: - nullable: true - properties: - driver: - nullable: true - type: string - fsType: - nullable: true - type: string - options: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - readOnly: - type: boolean - secretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - type: object - flocker: - nullable: true - properties: - datasetName: - nullable: true - type: string - datasetUUID: - nullable: true - type: string - type: object - gcePersistentDisk: - nullable: true - properties: - fsType: - nullable: true - type: string - partition: - type: integer - pdName: - nullable: true - type: string - readOnly: - type: boolean - type: object - gitRepo: - nullable: true - properties: - directory: - nullable: true - type: string - repository: - nullable: true - type: string - revision: - nullable: true - type: string - type: object - glusterfs: - nullable: true - properties: - endpoints: - nullable: true - type: string - path: - nullable: true - type: string - readOnly: - type: boolean - type: object - hostPath: - nullable: true - properties: - path: - nullable: true - type: string - type: - nullable: true - type: string - type: object - iscsi: - nullable: true - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - nullable: true - type: string - initiatorName: - nullable: true - type: string - iqn: - nullable: true - type: string - iscsiInterface: - nullable: true - type: string - lun: - type: integer - portals: - items: - nullable: true - type: string - nullable: true - type: array - readOnly: - type: boolean - secretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - targetPortal: - nullable: true - type: string - type: object - name: - nullable: true - type: string - nfs: - nullable: true - properties: - path: - nullable: true - type: string - readOnly: - type: boolean - server: - nullable: true - type: string - type: object - persistentVolumeClaim: - nullable: true - properties: - claimName: - nullable: true - type: string - readOnly: - type: boolean - type: object - photonPersistentDisk: - nullable: true - properties: - fsType: - nullable: true - type: string - pdID: - nullable: true - type: string - type: object - portworxVolume: - nullable: true - properties: - fsType: - nullable: true - type: string - readOnly: - type: boolean - volumeID: - nullable: true - type: string - type: object - projected: - nullable: true - properties: - defaultMode: - nullable: true - type: integer - sources: - items: - properties: - configMap: - nullable: true - properties: - items: - items: - properties: - key: - nullable: true - type: string - mode: - nullable: true - type: integer - path: - nullable: true - type: string - type: object - nullable: true - type: array - name: - nullable: true - type: string - optional: - nullable: true - type: boolean - type: object - downwardAPI: - nullable: true - properties: - items: - items: - properties: - fieldRef: - nullable: true - properties: - apiVersion: - nullable: true - type: string - fieldPath: - nullable: true - type: string - type: object - mode: - nullable: true - type: integer - path: - nullable: true - type: string - resourceFieldRef: - nullable: true - properties: - containerName: - nullable: true - type: string - divisor: - nullable: true - type: string - resource: - nullable: true - type: string - type: object - type: object - nullable: true - type: array - type: object - secret: - nullable: true - properties: - items: - items: - properties: - key: - nullable: true - type: string - mode: - nullable: true - type: integer - path: - nullable: true - type: string - type: object - nullable: true - type: array - name: - nullable: true - type: string - optional: - nullable: true - type: boolean - type: object - serviceAccountToken: - nullable: true - properties: - audience: - nullable: true - type: string - expirationSeconds: - nullable: true - type: integer - path: - nullable: true - type: string - type: object - type: object - nullable: true - type: array - type: object - quobyte: - nullable: true - properties: - group: - nullable: true - type: string - readOnly: - type: boolean - registry: - nullable: true - type: string - tenant: - nullable: true - type: string - user: - nullable: true - type: string - volume: - nullable: true - type: string - type: object - rbd: - nullable: true - properties: - fsType: - nullable: true - type: string - image: - nullable: true - type: string - keyring: - nullable: true - type: string - monitors: - items: - nullable: true - type: string - nullable: true - type: array - pool: - nullable: true - type: string - readOnly: - type: boolean - secretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - user: - nullable: true - type: string - type: object - scaleIO: - nullable: true - properties: - fsType: - nullable: true - type: string - gateway: - nullable: true - type: string - protectionDomain: - nullable: true - type: string - readOnly: - type: boolean - secretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - sslEnabled: - type: boolean - storageMode: - nullable: true - type: string - storagePool: - nullable: true - type: string - system: - nullable: true - type: string - volumeName: - nullable: true - type: string - type: object - secret: - nullable: true - properties: - defaultMode: - nullable: true - type: integer - items: - items: - properties: - key: - nullable: true - type: string - mode: - nullable: true - type: integer - path: - nullable: true - type: string - type: object - nullable: true - type: array - optional: - nullable: true - type: boolean - secretName: - nullable: true - type: string - type: object - storageos: - nullable: true - properties: - fsType: - nullable: true - type: string - readOnly: - type: boolean - secretRef: - nullable: true - properties: - name: - nullable: true - type: string - type: object - volumeName: - nullable: true - type: string - volumeNamespace: - nullable: true - type: string - type: object - vsphereVolume: - nullable: true - properties: - fsType: - nullable: true - type: string - storagePolicyID: - nullable: true - type: string - storagePolicyName: - nullable: true - type: string - volumePath: - nullable: true - type: string - type: object - type: object - nullable: true - type: array - httpPort: - type: integer - httpsPort: - type: integer - networkMode: - nullable: true - type: string - nginxIngressControllerPriorityClassName: - nullable: true - type: string - nodeSelector: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - options: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - provider: - nullable: true - type: string - tolerations: - items: - properties: - effect: - nullable: true - type: string - key: - nullable: true - type: string - operator: - nullable: true - type: string - tolerationSeconds: - nullable: true - type: integer - value: - nullable: true - type: string - type: object - nullable: true - type: array - updateStrategy: - nullable: true - properties: - rollingUpdate: - nullable: true - properties: - maxUnavailable: - nullable: true - type: string - type: object - strategy: - nullable: true - type: string - type: object - type: object - kubernetesVersion: - nullable: true - type: string - monitoring: - properties: - metricsServerPriorityClassName: - nullable: true - type: string - nodeSelector: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - options: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - provider: - nullable: true - type: string - replicas: - nullable: true - type: integer - tolerations: - items: - properties: - effect: - nullable: true - type: string - key: - nullable: true - type: string - operator: - nullable: true - type: string - tolerationSeconds: - nullable: true - type: integer - value: - nullable: true - type: string - type: object - nullable: true - type: array - updateStrategy: - nullable: true - properties: - rollingUpdate: - nullable: true - properties: - maxSurge: - nullable: true - type: string - maxUnavailable: - nullable: true - type: string - type: object - strategy: - nullable: true - type: string - type: object - type: object - network: - properties: - aciNetworkProvider: - nullable: true - properties: - aep: - nullable: true - type: string - apicHosts: - items: - nullable: true - type: string - nullable: true - type: array - apicRefreshTime: - nullable: true - type: string - apicUserCrt: - nullable: true - type: string - apicUserKey: - nullable: true - type: string - apicUserName: - nullable: true - type: string - capic: - nullable: true - type: string - controllerLogLevel: - nullable: true - type: string - dropLogEnable: - nullable: true - type: string - enableEndpointSlice: - nullable: true - type: string - encapType: - nullable: true - type: string - epRegistry: - nullable: true - type: string - externDynamic: - nullable: true - type: string - externStatic: - nullable: true - type: string - gbpPodSubnet: - nullable: true - type: string - hostAgentLogLevel: - nullable: true - type: string - imagePullPolicy: - nullable: true - type: string - imagePullSecret: - nullable: true - type: string - infraVlan: - nullable: true - type: string - installIstio: - nullable: true - type: string - istioProfile: - nullable: true - type: string - kafkaBrokers: - items: - nullable: true - type: string - nullable: true - type: array - kafkaClientCrt: - nullable: true - type: string - kafkaClientKey: - nullable: true - type: string - kubeApiVlan: - nullable: true - type: string - l3out: - nullable: true - type: string - l3outExternalNetworks: - items: - nullable: true - type: string - nullable: true - type: array - maxNodesSvcGraph: - nullable: true - type: string - mcastRangeEnd: - nullable: true - type: string - mcastRangeStart: - nullable: true - type: string - noPriorityClass: - nullable: true - type: string - nodeSubnet: - nullable: true - type: string - nodeSvcSubnet: - nullable: true - type: string - opflexClientSsl: - nullable: true - type: string - opflexLogLevel: - nullable: true - type: string - opflexMode: - nullable: true - type: string - opflexServerPort: - nullable: true - type: string - overlayVrfName: - nullable: true - type: string - ovsMemoryLimit: - nullable: true - type: string - pbrTrackingNonSnat: - nullable: true - type: string - podSubnetChunkSize: - nullable: true - type: string - runGbpContainer: - nullable: true - type: string - runOpflexServerContainer: - nullable: true - type: string - serviceMonitorInterval: - nullable: true - type: string - serviceVlan: - nullable: true - type: string - snatContractScope: - nullable: true - type: string - snatNamespace: - nullable: true - type: string - snatPortRangeEnd: - nullable: true - type: string - snatPortRangeStart: - nullable: true - type: string - snatPortsPerNode: - nullable: true - type: string - subnetDomainName: - nullable: true - type: string - systemId: - nullable: true - type: string - tenant: - nullable: true - type: string - token: - nullable: true - type: string - useAciAnywhereCrd: - nullable: true - type: string - useAciCniPriorityClass: - nullable: true - type: string - useHostNetnsVolume: - nullable: true - type: string - useOpflexServerVolume: - nullable: true - type: string - usePrivilegedContainer: - nullable: true - type: string - vmmController: - nullable: true - type: string - vmmDomain: - nullable: true - type: string - vrfName: - nullable: true - type: string - vrfTenant: - nullable: true - type: string - type: object - calicoNetworkProvider: - nullable: true - properties: - cloudProvider: - nullable: true - type: string - type: object - canalNetworkProvider: - nullable: true - properties: - iface: - nullable: true - type: string - type: object - flannelNetworkProvider: - nullable: true - properties: - iface: - nullable: true - type: string - type: object - mtu: - type: integer - nodeSelector: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - options: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - plugin: - nullable: true - type: string - tolerations: - items: - properties: - effect: - nullable: true - type: string - key: - nullable: true - type: string - operator: - nullable: true - type: string - tolerationSeconds: - nullable: true - type: integer - value: - nullable: true - type: string - type: object - nullable: true - type: array - updateStrategy: - nullable: true - properties: - rollingUpdate: - nullable: true - properties: - maxUnavailable: - nullable: true - type: string - type: object - strategy: - nullable: true - type: string - type: object - weaveNetworkProvider: - nullable: true - properties: - password: - nullable: true - type: string - type: object - type: object - nodes: - items: - properties: - address: - nullable: true - type: string - dockerSocket: - nullable: true - type: string - hostnameOverride: - nullable: true - type: string - internalAddress: - nullable: true - type: string - labels: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - nodeName: - nullable: true - type: string - port: - nullable: true - type: string - role: - items: - nullable: true - type: string - nullable: true - type: array - sshAgentAuth: - type: boolean - sshCert: - nullable: true - type: string - sshCertPath: - nullable: true - type: string - sshKey: - nullable: true - type: string - sshKeyPath: - nullable: true - type: string - taints: - items: - properties: - effect: - nullable: true - type: string - key: - nullable: true - type: string - timeAdded: - nullable: true - type: string - value: - nullable: true - type: string - type: object - nullable: true - type: array - user: - nullable: true - type: string - type: object - nullable: true - type: array - prefixPath: - nullable: true - type: string - privateRegistries: - items: - properties: - isDefault: - type: boolean - password: - nullable: true - type: string - url: - nullable: true - type: string - user: - nullable: true - type: string - type: object - nullable: true - type: array - restore: - properties: - restore: - type: boolean - snapshotName: - nullable: true - type: string - type: object - rotateCertificates: - nullable: true - properties: - caCertificates: - type: boolean - services: - items: - nullable: true - type: string - nullable: true - type: array - type: object - rotateEncryptionKey: - type: boolean - services: - properties: - etcd: - properties: - backupConfig: - nullable: true - properties: - enabled: - nullable: true - type: boolean - intervalHours: - type: integer - retention: - type: integer - s3BackupConfig: - nullable: true - properties: - accessKey: - nullable: true - type: string - bucketName: - nullable: true - type: string - customCa: - nullable: true - type: string - endpoint: - nullable: true - type: string - folder: - nullable: true - type: string - region: - nullable: true - type: string - secretKey: - nullable: true - type: string - type: object - safeTimestamp: - type: boolean - timeout: - type: integer - type: object - caCert: - nullable: true - type: string - cert: - nullable: true - type: string - creation: - nullable: true - type: string - externalUrls: - items: - nullable: true - type: string - nullable: true - type: array - extraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - extraBinds: - items: - nullable: true - type: string - nullable: true - type: array - extraEnv: - items: - nullable: true - type: string - nullable: true - type: array - gid: - type: integer - image: - nullable: true - type: string - key: - nullable: true - type: string - path: - nullable: true - type: string - retention: - nullable: true - type: string - snapshot: - nullable: true - type: boolean - uid: - type: integer - winExtraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - winExtraBinds: - items: - nullable: true - type: string - nullable: true - type: array - winExtraEnv: - items: - nullable: true - type: string - nullable: true - type: array - type: object - kubeApi: - properties: - admissionConfiguration: - nullable: true - properties: - apiVersion: - nullable: true - type: string - kind: - nullable: true - type: string - plugins: - items: - properties: - configuration: - nullable: true - properties: - apiVersion: - nullable: true - type: string - contentEncoding: - nullable: true - type: string - contentType: - nullable: true - type: string - kind: - nullable: true - type: string - raw: - nullable: true - type: string - type: object - name: - nullable: true - type: string - path: - nullable: true - type: string - type: object - nullable: true - type: array - type: object - alwaysPullImages: - type: boolean - auditLog: - nullable: true - properties: - configuration: - nullable: true - properties: - format: - nullable: true - type: string - maxAge: - type: integer - maxBackup: - type: integer - maxSize: - type: integer - path: - nullable: true - type: string - policy: - nullable: true - properties: - omitStages: - items: - nullable: true - type: string - nullable: true - type: array - rules: - items: - properties: - level: - nullable: true - type: string - namespaces: - items: - nullable: true - type: string - nullable: true - type: array - nonResourceURLs: - items: - nullable: true - type: string - nullable: true - type: array - omitStages: - items: - nullable: true - type: string - nullable: true - type: array - resources: - items: - properties: - group: - nullable: true - type: string - resourceNames: - items: - nullable: true - type: string - nullable: true - type: array - resources: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - userGroups: - items: - nullable: true - type: string - nullable: true - type: array - users: - items: - nullable: true - type: string - nullable: true - type: array - verbs: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - type: object - type: object - enabled: - type: boolean - type: object - eventRateLimit: - nullable: true - properties: - configuration: - nullable: true - properties: - apiVersion: - nullable: true - type: string - kind: - nullable: true - type: string - limits: - items: - properties: - burst: - type: integer - cacheSize: - type: integer - qps: - type: integer - type: - nullable: true - type: string - type: object - nullable: true - type: array - type: object - enabled: - type: boolean - type: object - extraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - extraBinds: - items: - nullable: true - type: string - nullable: true - type: array - extraEnv: - items: - nullable: true - type: string - nullable: true - type: array - image: - nullable: true - type: string - podSecurityPolicy: - type: boolean - secretsEncryptionConfig: - nullable: true - properties: - customConfig: - nullable: true - properties: - apiVersion: - nullable: true - type: string - kind: - nullable: true - type: string - resources: - items: - properties: - providers: - items: - properties: - aescbc: - nullable: true - properties: - keys: - items: - properties: - name: - nullable: true - type: string - secret: - nullable: true - type: string - type: object - nullable: true - type: array - type: object - aesgcm: - nullable: true - properties: - keys: - items: - properties: - name: - nullable: true - type: string - secret: - nullable: true - type: string - type: object - nullable: true - type: array - type: object - identity: - nullable: true - type: object - kms: - nullable: true - properties: - cacheSize: - nullable: true - type: integer - endpoint: - nullable: true - type: string - name: - nullable: true - type: string - timeout: - nullable: true - type: string - type: object - secretbox: - nullable: true - properties: - keys: - items: - properties: - name: - nullable: true - type: string - secret: - nullable: true - type: string - type: object - nullable: true - type: array - type: object - type: object - nullable: true - type: array - resources: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - type: object - enabled: - type: boolean - type: object - serviceClusterIpRange: - nullable: true - type: string - serviceNodePortRange: - nullable: true - type: string - winExtraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - winExtraBinds: - items: - nullable: true - type: string - nullable: true - type: array - winExtraEnv: - items: - nullable: true - type: string - nullable: true - type: array - type: object - kubeController: - properties: - clusterCidr: - nullable: true - type: string - extraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - extraBinds: - items: - nullable: true - type: string - nullable: true - type: array - extraEnv: - items: - nullable: true - type: string - nullable: true - type: array - image: - nullable: true - type: string - serviceClusterIpRange: - nullable: true - type: string - winExtraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - winExtraBinds: - items: - nullable: true - type: string - nullable: true - type: array - winExtraEnv: - items: - nullable: true - type: string - nullable: true - type: array - type: object - kubelet: - properties: - clusterDnsServer: - nullable: true - type: string - clusterDomain: - nullable: true - type: string - extraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - extraBinds: - items: - nullable: true - type: string - nullable: true - type: array - extraEnv: - items: - nullable: true - type: string - nullable: true - type: array - failSwapOn: - type: boolean - generateServingCertificate: - type: boolean - image: - nullable: true - type: string - infraContainerImage: - nullable: true - type: string - winExtraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - winExtraBinds: - items: - nullable: true - type: string - nullable: true - type: array - winExtraEnv: - items: - nullable: true - type: string - nullable: true - type: array - type: object - kubeproxy: - properties: - extraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - extraBinds: - items: - nullable: true - type: string - nullable: true - type: array - extraEnv: - items: - nullable: true - type: string - nullable: true - type: array - image: - nullable: true - type: string - winExtraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - winExtraBinds: - items: - nullable: true - type: string - nullable: true - type: array - winExtraEnv: - items: - nullable: true - type: string - nullable: true - type: array - type: object - scheduler: - properties: - extraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - extraBinds: - items: - nullable: true - type: string - nullable: true - type: array - extraEnv: - items: - nullable: true - type: string - nullable: true - type: array - image: - nullable: true - type: string - winExtraArgs: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - winExtraBinds: - items: - nullable: true - type: string - nullable: true - type: array - winExtraEnv: - items: - nullable: true - type: string - nullable: true - type: array - type: object - type: object - sshAgentAuth: - type: boolean - sshCertPath: - nullable: true - type: string - sshKeyPath: - nullable: true - type: string - systemImages: - properties: - aciCniDeployContainer: - nullable: true - type: string - aciControllerContainer: - nullable: true - type: string - aciGbpServerContainer: - nullable: true - type: string - aciHostContainer: - nullable: true - type: string - aciMcastContainer: - nullable: true - type: string - aciOpflexContainer: - nullable: true - type: string - aciOpflexServerContainer: - nullable: true - type: string - aciOvsContainer: - nullable: true - type: string - alpine: - nullable: true - type: string - calicoCni: - nullable: true - type: string - calicoControllers: - nullable: true - type: string - calicoCtl: - nullable: true - type: string - calicoFlexVol: - nullable: true - type: string - calicoNode: - nullable: true - type: string - canalCni: - nullable: true - type: string - canalControllers: - nullable: true - type: string - canalFlannel: - nullable: true - type: string - canalFlexVol: - nullable: true - type: string - canalNode: - nullable: true - type: string - certDownloader: - nullable: true - type: string - coredns: - nullable: true - type: string - corednsAutoscaler: - nullable: true - type: string - dnsmasq: - nullable: true - type: string - etcd: - nullable: true - type: string - flannel: - nullable: true - type: string - flannelCni: - nullable: true - type: string - ingress: - nullable: true - type: string - ingressBackend: - nullable: true - type: string - kubedns: - nullable: true - type: string - kubednsAutoscaler: - nullable: true - type: string - kubednsSidecar: - nullable: true - type: string - kubernetes: - nullable: true - type: string - kubernetesServicesSidecar: - nullable: true - type: string - metricsServer: - nullable: true - type: string - nginxProxy: - nullable: true - type: string - nodelocal: - nullable: true - type: string - podInfraContainer: - nullable: true - type: string - weaveCni: - nullable: true - type: string - weaveNode: - nullable: true - type: string - windowsPodInfraContainer: - nullable: true - type: string - type: object - upgradeStrategy: - nullable: true - properties: - drain: - nullable: true - type: boolean - maxUnavailableControlplane: - nullable: true - type: string - maxUnavailableWorker: - nullable: true - type: string - nodeDrainInput: - nullable: true - properties: - deleteLocalData: - type: boolean - force: - type: boolean - gracePeriod: - type: integer - ignoreDaemonSets: - nullable: true - type: boolean - timeout: - type: integer - type: object - type: object - winPrefixPath: - nullable: true - type: string - type: object - referencedConfig: - nullable: true - properties: - selector: - nullable: true - properties: - matchExpressions: - items: - properties: - key: - nullable: true - type: string - operator: - nullable: true - type: string - values: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - matchLabels: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - type: object - rke2Config: - nullable: true - properties: - kubernetesVersion: - nullable: true - type: string - rke2upgradeStrategy: - properties: - drainServerNodes: - type: boolean - drainWorkerNodes: - type: boolean - serverConcurrency: - type: integer - workerConcurrency: - type: integer - type: object - type: object - type: object - status: - properties: - agentDeployed: - type: boolean - clientSecretName: - nullable: true - type: string - clusterName: - nullable: true - type: string - conditions: - items: - properties: - lastTransitionTime: - nullable: true - type: string - lastUpdateTime: - nullable: true - type: string - message: - nullable: true - type: string - reason: - nullable: true - type: string - status: - nullable: true - type: string - type: - nullable: true - type: string - type: object - nullable: true - type: array - observedGeneration: - type: integer - ready: - type: boolean - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: projects.rancher.cattle.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.clusterSelector - name: Selector - type: string - group: rancher.cattle.io - names: - kind: Project - plural: projects - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - clusterSelector: - nullable: true - properties: - matchExpressions: - items: - properties: - key: - nullable: true - type: string - operator: - nullable: true - type: string - values: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - matchLabels: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - type: object - status: - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: roletemplates.rancher.cattle.io -spec: - group: rancher.cattle.io - names: - kind: RoleTemplate - plural: roletemplates - scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - rules: - items: - properties: - apiGroups: - items: - nullable: true - type: string - nullable: true - type: array - nonResourceURLs: - items: - nullable: true - type: string - nullable: true - type: array - resourceNames: - items: - nullable: true - type: string - nullable: true - type: array - resources: - items: - nullable: true - type: string - nullable: true - type: array - verbs: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - status: - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: roletemplatebindings.rancher.cattle.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.roleTemplateName - name: Role - type: string - group: rancher.cattle.io - names: - kind: RoleTemplateBinding - plural: roletemplatebindings - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - bindingScope: - properties: - apiGroup: - nullable: true - type: string - kind: - nullable: true - type: string - selector: - nullable: true - properties: - matchExpressions: - items: - properties: - key: - nullable: true - type: string - operator: - nullable: true - type: string - values: - items: - nullable: true - type: string - nullable: true - type: array - type: object - nullable: true - type: array - matchLabels: - additionalProperties: - nullable: true - type: string - nullable: true - type: object - type: object - type: object - roleTemplateName: - nullable: true - type: string - status: - type: object - subjects: - items: - properties: - apiGroup: - nullable: true - type: string - kind: - nullable: true - type: string - name: - nullable: true - type: string - namespace: - nullable: true - type: string - type: object - nullable: true - type: array - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true diff --git a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/Chart.yaml b/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/Chart.yaml deleted file mode 100644 index 679191dbf..000000000 --- a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/Chart.yaml +++ /dev/null @@ -1,14 +0,0 @@ -annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator -apiVersion: v2 -appVersion: 0.1.4 -description: Control Rancher using GitOps -name: rancher-operator -version: 100.0.0+up0.1.4 diff --git a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/_helpers.tpl b/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/_helpers.tpl deleted file mode 100644 index f652b5643..000000000 --- a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/_helpers.tpl +++ /dev/null @@ -1,7 +0,0 @@ -{{- define "system_default_registry" -}} -{{- if .Values.global.cattle.systemDefaultRegistry -}} -{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}} -{{- else -}} -{{- "" -}} -{{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/deployment.yaml b/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/deployment.yaml deleted file mode 100644 index 25c7b93ed..000000000 --- a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/deployment.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rancher-operator -spec: - selector: - matchLabels: - app: rancher-operator - template: - metadata: - labels: - app: rancher-operator - spec: - containers: - - env: - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}' - name: rancher-operator - imagePullPolicy: "{{ .Values.image.imagePullPolicy }}" - serviceAccountName: rancher-operator diff --git a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/rbac.yaml b/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/rbac.yaml deleted file mode 100644 index 9fe9ad9a7..000000000 --- a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/rbac.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rancher-operator -rules: -- apiGroups: - - "" - resources: - - secrets - - configmaps - - namespaces - verbs: - - '*' -- apiGroups: - - apps - resources: - - daemonsets - - deployments - verbs: - - list - - get - - watch -- apiGroups: - - "rancher.cattle.io" - - "management.cattle.io" - - "fleet.cattle.io" - resources: - - '*' - verbs: - - '*' - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: rancher-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rancher-operator -subjects: -- kind: ServiceAccount - name: rancher-operator - namespace: {{.Release.Namespace}} diff --git a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/serviceaccount.yaml b/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/serviceaccount.yaml deleted file mode 100644 index a6370fcdf..000000000 --- a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/templates/serviceaccount.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: rancher-operator diff --git a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/values.yaml b/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/values.yaml deleted file mode 100644 index b95c23c8e..000000000 --- a/charts/rancher-operator/rancher-operator/100.0.0+up0.1.4/values.yaml +++ /dev/null @@ -1,8 +0,0 @@ -image: - repository: rancher/rancher-operator - tag: v0.1.4 - imagePullPolicy: IfNotPresent - -global: - cattle: - systemDefaultRegistry: "" diff --git a/charts/rio/rio/100.0.0/.helmignore b/charts/rio/rio/100.0.0/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/charts/rio/rio/100.0.0/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/rio/rio/100.0.0/Chart.yaml b/charts/rio/rio/100.0.0/Chart.yaml deleted file mode 100644 index 25a5269ee..000000000 --- a/charts/rio/rio/100.0.0/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rio-system - catalog.cattle.io/release-name: rio - catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 -apiVersion: v1 -appVersion: 0.8.0 -description: The application deployment engine for Kubernetes -home: https://rio.io -icon: https://charts.rancher.io/assets/logos/rio.svg -name: rio -version: 100.0.0 diff --git a/charts/rio/rio/100.0.0/README.md b/charts/rio/rio/100.0.0/README.md deleted file mode 100644 index 376e91a7b..000000000 --- a/charts/rio/rio/100.0.0/README.md +++ /dev/null @@ -1,46 +0,0 @@ -# Rio - -[Rio](https://rio.io) is an application deployment engine for Kubernetes. - -This chart will install the rio controller, which will then install the Rio system. - -Note that the [Rio CLI](https://github.com/rancher/rio/releases) is the preferred installation route, see `rio install -h` for more information. - -## Configuration - -See values.yaml for installation options. - -## Prerequisites - -Rio requires Kubernetes 1.15 or newer cluster. - -## Installation - -Create the namespace where Rio will be installed, `rio-system` is standard but not required: - -```bash -$ kubectl create namespace rio-system -$ kubectl label namespace rio-system rio.cattle.io/is-system=true -``` - -Install the chart: - -```bash -$ helm install --namespace rio-system --name rio ./ -``` - -Wait for the controller to come up, and then ensure a cluster domain and IP exists: - -```bash -$ kubectl -n rio-system rollout status deploy/rio-controller -$ rio info -``` - -## Uninstallation - -To completely uninstall Rio from your system: - -```bash -$ rio uninstall -$ helm delete --purge rio -``` diff --git a/charts/rio/rio/100.0.0/templates/NOTES.txt b/charts/rio/rio/100.0.0/templates/NOTES.txt deleted file mode 100644 index c815f6797..000000000 --- a/charts/rio/rio/100.0.0/templates/NOTES.txt +++ /dev/null @@ -1,17 +0,0 @@ -{{ .Chart.Name | title }} {{ .Values.tag }} is now installing. -Please wait for the system to come up. - - * Check the controller install with: kubectl -n {{ .Release.Namespace }} rollout status deploy/rio-controller - * Check `rio info` to ensure you get a cluster domain and IP - -To troubleshoot check: - - * rio system logs - * kubectl -n {{ .Release.Namespace }} get pods - -To start an application try: rio run -p 80 -n demo nginx - -For more info see: - - * The official site: https://rio.io - * The docs: https://github.com/rancher/rio/tree/master/docs diff --git a/charts/rio/rio/100.0.0/templates/_helpers.tpl b/charts/rio/rio/100.0.0/templates/_helpers.tpl deleted file mode 100644 index a753e2814..000000000 --- a/charts/rio/rio/100.0.0/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "featuresList" -}} -{{- $local := dict "first" true -}} -"features":{ {{- range $k, $v := . -}} - {{- if not $local.first -}},{{- end -}} - "{{$k}}":{"enabled":{{$v}}}{{- $_ := set $local "first" false -}} - {{- end -}} -{{- end -}}} - diff --git a/charts/rio/rio/100.0.0/templates/clusterrole.yaml b/charts/rio/rio/100.0.0/templates/clusterrole.yaml deleted file mode 100644 index c26a10e60..000000000 --- a/charts/rio/rio/100.0.0/templates/clusterrole.yaml +++ /dev/null @@ -1,394 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-cluster-admin -rules: -- apiGroups: - - "" - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - extensions - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - '*' -- apiGroups: - - build.knative.dev - - caching.internal.knative.dev - resources: - - '*' - verbs: - - '*' -- apiGroups: - - cert-manager.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - - ingresses/status - verbs: - - '*' -- apiGroups: - - batch - resources: - - '*' - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - admin.rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - gitwatcher.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - linkerd.io - resources: - - serviceprofiles - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - '*' -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - '*' -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - '*' -- apiGroups: - - gateway.solo.io.v2 - - gateway.solo.io - - gloo.solo.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - tekton.dev - resources: - - tasks - - clustertasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - taskruns/finalizers - - pipelineruns/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - tasks/status - - clustertasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - - pipelineresources/status - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - resources: - - podsecuritypolicies - verbs: - - use -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-admin -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - admin.rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - autoscale.rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - '*' -- apiGroups: - - "" - resources: - - '*' - verbs: - - '*' -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - '*' -- apiGroups: - - certmanager.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - split.smi-spec.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - linkerd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-readonly -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-privileged -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - '*' - verbs: - - get - - list - - watch - - create -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-standard -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - delete - - patch -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - '*' - verbs: - - get - - list - - watch - - create -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - get - - list - - watch diff --git a/charts/rio/rio/100.0.0/templates/clusterrolebinding.yaml b/charts/rio/rio/100.0.0/templates/clusterrolebinding.yaml deleted file mode 100644 index c489b4482..000000000 --- a/charts/rio/rio/100.0.0/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: rio-controller-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rio-cluster-admin -subjects: -- kind: ServiceAccount - name: rio-controller-serviceaccount - namespace: {{ .Release.Namespace }} diff --git a/charts/rio/rio/100.0.0/templates/configmap.yaml b/charts/rio/rio/100.0.0/templates/configmap.yaml deleted file mode 100644 index d261ce917..000000000 --- a/charts/rio/rio/100.0.0/templates/configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: rio-config - namespace: {{ .Release.Namespace }} -data: - config: '{"letsEncrypt":{ {{- if .Values.letsEncryptEmail -}} "email":"{{ .Values.letsEncryptEmail }}" {{- end -}} },"gateway":{ {{- if .Values.ipAddress -}} "staticAddresses":[{"ip":"{{ .Values.ipAddress }}"}] {{- end -}}}, {{ include "featuresList" .Values.features }} }}' diff --git a/charts/rio/rio/100.0.0/templates/deployment.yaml b/charts/rio/rio/100.0.0/templates/deployment.yaml deleted file mode 100644 index 988630f5a..000000000 --- a/charts/rio/rio/100.0.0/templates/deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rio-controller - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - rio-controller: "true" - template: - metadata: - labels: - rio-controller: "true" - spec: - containers: - - args: - - rio-controller -{{- if .Values.debug }} - - --debug -{{- end }} - - --features - - "" -{{- if .Values.gatewayServiceName }} - - --gateway-service-name - - {{ .Values.gatewayServiceName }} -{{- end }} -{{- if .Values.gatewayServiceNamespace }} - - --gateway-service-namespace - - {{ .Values.gatewayServiceNamespace }} -{{- end }} - env: - - name: RUN_API_VALIDATOR - value: "TRUE" - - name: RIO_NAMESPACE - value: {{ .Release.Namespace }} - image: "{{ .Values.image }}:{{ .Values.tag }}" - imagePullPolicy: Always - name: rio-controller - volumeMounts: - - mountPath: /var/run/rio/ssl - name: secret-api-validator - readOnly: true - serviceAccountName: rio-controller-serviceaccount - volumes: - - name: secret-api-validator - secret: - defaultMode: 420 - optional: true - secretName: rio-api-validator diff --git a/charts/rio/rio/100.0.0/templates/envoyfilter.yaml b/charts/rio/rio/100.0.0/templates/envoyfilter.yaml deleted file mode 100644 index b16294580..000000000 --- a/charts/rio/rio/100.0.0/templates/envoyfilter.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.addRemoteAddressFilter }} -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: xff-trust-hops - namespace: {{ .Release.Namespace }} -spec: - workloadSelector: - labels: - istio: ingressgateway - configPatches: - - applyTo: NETWORK_FILTER - match: - context: ANY - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - patch: - operation: MERGE - value: - typed_config: - "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager" - use_remote_address: true - xff_num_trusted_hops: 1 -{{- end }} \ No newline at end of file diff --git a/charts/rio/rio/100.0.0/templates/secret.yaml b/charts/rio/rio/100.0.0/templates/secret.yaml deleted file mode 100644 index 109fb8f65..000000000 --- a/charts/rio/rio/100.0.0/templates/secret.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: rio-api-validator - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/rio/rio/100.0.0/templates/service.yaml b/charts/rio/rio/100.0.0/templates/service.yaml deleted file mode 100644 index 6ba1162f9..000000000 --- a/charts/rio/rio/100.0.0/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: rio-api-validator - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: https-443 - port: 443 - protocol: TCP - targetPort: 443 - selector: - rio-controller: "true" diff --git a/charts/rio/rio/100.0.0/templates/serviceaccount.yaml b/charts/rio/rio/100.0.0/templates/serviceaccount.yaml deleted file mode 100644 index 67abba407..000000000 --- a/charts/rio/rio/100.0.0/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: rio-controller-serviceaccount - namespace: {{ .Release.Namespace }} diff --git a/charts/rio/rio/100.0.0/values.yaml b/charts/rio/rio/100.0.0/values.yaml deleted file mode 100644 index 7d8355bdf..000000000 --- a/charts/rio/rio/100.0.0/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -image: rancher/rio-controller -tag: v0.8.0 # Rio version to install -letsEncryptEmail: "" # Provide an email for Let's Encrypt account registration -ipAddress: "" # Manually specify IP addresses to generate rdns domain, supports comma separated values -debug: false # Enable debug logging in controller - -# Manually specify features to disable, supports comma separated values - -# Istio configuration with ingress enabled -features: - autoscaling: true - build: true - dashboard: false - gloo: false - linkerd: false - istio: true - ingress: false - letsencrypt: true - rdns: true - -gatewayServiceName: istio-ingressgateway -gatewayServiceNamespace: istio-system -addRemoteAddressFilter: true diff --git a/index.yaml b/index.yaml index b00b2b37b..9b174a711 100755 --- a/index.yaml +++ b/index.yaml @@ -1308,34 +1308,6 @@ entries: - assets/rancher-eks-operator-crd/rancher-eks-operator-crd-100.0.0+up1.1.1-rc4.tgz version: 100.0.0+up1.1.1-rc4 rancher-external-ip-webhook: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-external-ip-webhook - catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.6 - created: "2021-06-23T08:47:16.849564-07:00" - description: | - Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - digest: 4b9b7fb786850ab8f56481e49a7d7ac9af716e8fe8d49b869c724617e394f035 - home: https://github.com/rancher/externalip-webhook - keywords: - - cve - - externalip - - webhook - - security - maintainers: - - email: raul@rancher.com - name: rawmind0 - name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - urls: - - assets/rancher-external-ip-webhook/rancher-external-ip-webhook-100.0.0+up0.1.6.tgz - version: 100.0.0+up0.1.6 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: External IP Webhook @@ -3515,24 +3487,6 @@ entries: - assets/rancher-node-exporter/rancher-node-exporter-1.16.201.tgz version: 1.16.201 rancher-operator: - - annotations: - catalog.cattle.io/auto-install: rancher-operator-crd=match - catalog.cattle.io/certified: rancher - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/provides-gvr: clusters.rancher.cattle.io/v1 - catalog.cattle.io/release-name: rancher-operator - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-06-23T08:47:17.096366-07:00" - description: Control Rancher using GitOps - digest: dbc732b459976d113e540c7928a52b11ad6ef5d4bebbde80e3d68b940043fa36 - name: rancher-operator - urls: - - assets/rancher-operator/rancher-operator-100.0.0+up0.1.4.tgz - version: 100.0.0+up0.1.4 - annotations: catalog.cattle.io/auto-install: rancher-operator-crd=match catalog.cattle.io/certified: rancher @@ -3624,21 +3578,6 @@ entries: - assets/rancher-operator/rancher-operator-0.1.000.tgz version: 0.1.000 rancher-operator-crd: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rancher-operator-system - catalog.cattle.io/os: linux - catalog.cattle.io/release-name: rancher-operator-crd - apiVersion: v2 - appVersion: 0.1.4 - created: "2021-06-23T08:47:17.100128-07:00" - description: Rancher Operator CustomResourceDefinitions - digest: 05ff4d198ee2293642e4eab76029b85221376c9e8336137bcfcebacbd79db13b - name: rancher-operator-crd - urls: - - assets/rancher-operator-crd/rancher-operator-crd-100.0.0+up0.1.4.tgz - version: 100.0.0+up0.1.4 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/hidden: "true" @@ -4271,25 +4210,6 @@ entries: - assets/rancher-wins-upgrader/rancher-wins-upgrader-0.0.100.tgz version: 0.0.100 rio: - - annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/display-name: Rio - catalog.cattle.io/experimental: "true" - catalog.cattle.io/hidden: "true" - catalog.cattle.io/namespace: rio-system - catalog.cattle.io/release-name: rio - catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 - apiVersion: v1 - appVersion: 0.8.0 - created: "2021-06-23T08:47:17.119138-07:00" - description: The application deployment engine for Kubernetes - digest: b5b461ac335f07628016da02837eae88ed8cae224f73d2fcd7c63be5b9ca10db - home: https://rio.io - icon: https://charts.rancher.io/assets/logos/rio.svg - name: rio - urls: - - assets/rio/rio-100.0.0.tgz - version: 100.0.0 - annotations: catalog.cattle.io/certified: rancher catalog.cattle.io/display-name: Rio diff --git a/packages/rancher-external-ip-webhook/generated-changes/patch/Chart.yaml.patch b/packages/rancher-external-ip-webhook/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index 07b913d97..000000000 --- a/packages/rancher-external-ip-webhook/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -3,12 +3,12 @@ - catalog.cattle.io/display-name: External IP Webhook - catalog.cattle.io/namespace: cattle-externalip-system - catalog.cattle.io/os: linux -- catalog.cattle.io/release-name: rancher-externalip-webhook -- catalog.cattle.io/ui-component: rancher-externalip-webhook -+ catalog.cattle.io/release-name: rancher-external-ip-webhook -+ catalog.cattle.io/ui-component: rancher-external-ip-webhook - apiVersion: v1 - appVersion: v0.1.6 - description: | -- Deploy the externalip-webhook to mitigate k8s CVE-2020-8554 -+ Deploy the external-ip-webhook to mitigate k8s CVE-2020-8554 - home: https://github.com/rancher/externalip-webhook - keywords: - - cve -@@ -18,7 +18,7 @@ - maintainers: - - email: raul@rancher.com - name: rawmind0 --name: rancher-externalip-webhook -+name: rancher-external-ip-webhook - sources: - - https://github.com/rancher/externalip-webhook - version: 0.1.6 diff --git a/packages/rancher-external-ip-webhook/generated-changes/patch/values.yaml.patch b/packages/rancher-external-ip-webhook/generated-changes/patch/values.yaml.patch deleted file mode 100644 index 37318c9ba..000000000 --- a/packages/rancher-external-ip-webhook/generated-changes/patch/values.yaml.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- charts-original/values.yaml -+++ charts/values.yaml -@@ -30,7 +30,7 @@ - image: - pullPolicy: IfNotPresent - pullSecrets: [] -- repository: rancher/kube-rbac-proxy -+ repository: rancher/mirrored-kube-rbac-proxy - tag: v0.5.0 - resources: - limits: diff --git a/packages/rancher-external-ip-webhook/package.yaml b/packages/rancher-external-ip-webhook/package.yaml deleted file mode 100644 index 2ebe4f0ae..000000000 --- a/packages/rancher-external-ip-webhook/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: https://github.com/rancher/externalip-webhook/releases/download/v0.1.6/rancher-externalip-webhook-0.1.6.tgz -version: 100.0.0 diff --git a/packages/rancher-operator-crd/package.yaml b/packages/rancher-operator-crd/package.yaml deleted file mode 100644 index a63f3b54a..000000000 --- a/packages/rancher-operator-crd/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: https://github.com/rancher/rancher-operator/releases/download/v0.1.4/rancher-operator-crd-0.1.4.tgz -version: 100.0.0 diff --git a/packages/rancher-operator/package.yaml b/packages/rancher-operator/package.yaml deleted file mode 100644 index 719a39da5..000000000 --- a/packages/rancher-operator/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: https://github.com/rancher/rancher-operator/releases/download/v0.1.4/rancher-operator-0.1.4.tgz -version: 100.0.0 diff --git a/packages/rio/charts/.helmignore b/packages/rio/charts/.helmignore deleted file mode 100644 index 50af03172..000000000 --- a/packages/rio/charts/.helmignore +++ /dev/null @@ -1,22 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/packages/rio/charts/Chart.yaml b/packages/rio/charts/Chart.yaml deleted file mode 100644 index bbc0ca468..000000000 --- a/packages/rio/charts/Chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -name: rio -version: 0.8.0 -appVersion: 0.8.0 -description: The application deployment engine for Kubernetes -home: https://rio.io -icon: https://charts.rancher.io/assets/logos/rio.svg -annotations: - catalog.cattle.io/certified: rancher - catalog.cattle.io/namespace: rio-system - catalog.cattle.io/release-name: rio - catalog.cattle.io/hidden: true - catalog.cattle.io/experimental: true - catalog.cattle.io/requires-gvr: networking.istio.io.virtualservice/v1beta1 - catalog.cattle.io/display-name: "Rio" diff --git a/packages/rio/charts/README.md b/packages/rio/charts/README.md deleted file mode 100644 index 376e91a7b..000000000 --- a/packages/rio/charts/README.md +++ /dev/null @@ -1,46 +0,0 @@ -# Rio - -[Rio](https://rio.io) is an application deployment engine for Kubernetes. - -This chart will install the rio controller, which will then install the Rio system. - -Note that the [Rio CLI](https://github.com/rancher/rio/releases) is the preferred installation route, see `rio install -h` for more information. - -## Configuration - -See values.yaml for installation options. - -## Prerequisites - -Rio requires Kubernetes 1.15 or newer cluster. - -## Installation - -Create the namespace where Rio will be installed, `rio-system` is standard but not required: - -```bash -$ kubectl create namespace rio-system -$ kubectl label namespace rio-system rio.cattle.io/is-system=true -``` - -Install the chart: - -```bash -$ helm install --namespace rio-system --name rio ./ -``` - -Wait for the controller to come up, and then ensure a cluster domain and IP exists: - -```bash -$ kubectl -n rio-system rollout status deploy/rio-controller -$ rio info -``` - -## Uninstallation - -To completely uninstall Rio from your system: - -```bash -$ rio uninstall -$ helm delete --purge rio -``` diff --git a/packages/rio/charts/templates/NOTES.txt b/packages/rio/charts/templates/NOTES.txt deleted file mode 100644 index c815f6797..000000000 --- a/packages/rio/charts/templates/NOTES.txt +++ /dev/null @@ -1,17 +0,0 @@ -{{ .Chart.Name | title }} {{ .Values.tag }} is now installing. -Please wait for the system to come up. - - * Check the controller install with: kubectl -n {{ .Release.Namespace }} rollout status deploy/rio-controller - * Check `rio info` to ensure you get a cluster domain and IP - -To troubleshoot check: - - * rio system logs - * kubectl -n {{ .Release.Namespace }} get pods - -To start an application try: rio run -p 80 -n demo nginx - -For more info see: - - * The official site: https://rio.io - * The docs: https://github.com/rancher/rio/tree/master/docs diff --git a/packages/rio/charts/templates/_helpers.tpl b/packages/rio/charts/templates/_helpers.tpl deleted file mode 100644 index a753e2814..000000000 --- a/packages/rio/charts/templates/_helpers.tpl +++ /dev/null @@ -1,8 +0,0 @@ -{{- define "featuresList" -}} -{{- $local := dict "first" true -}} -"features":{ {{- range $k, $v := . -}} - {{- if not $local.first -}},{{- end -}} - "{{$k}}":{"enabled":{{$v}}}{{- $_ := set $local "first" false -}} - {{- end -}} -{{- end -}}} - diff --git a/packages/rio/charts/templates/clusterrole.yaml b/packages/rio/charts/templates/clusterrole.yaml deleted file mode 100644 index c26a10e60..000000000 --- a/packages/rio/charts/templates/clusterrole.yaml +++ /dev/null @@ -1,394 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-cluster-admin -rules: -- apiGroups: - - "" - resources: - - '*' - verbs: - - '*' -- nonResourceURLs: - - '*' - verbs: - - '*' -- apiGroups: - - apiregistration.k8s.io - resources: - - apiservices - verbs: - - '*' -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - '*' -- apiGroups: - - extensions - - apps - resources: - - replicasets - - deployments - - daemonsets - - statefulsets - verbs: - - '*' -- apiGroups: - - build.knative.dev - - caching.internal.knative.dev - resources: - - '*' - verbs: - - '*' -- apiGroups: - - cert-manager.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.k8s.io - - extensions - resources: - - ingresses - - ingresses/status - verbs: - - '*' -- apiGroups: - - batch - resources: - - '*' - verbs: - - '*' -- apiGroups: - - autoscaling - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rbac.authorization.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - admin.rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - gitwatcher.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - linkerd.io - resources: - - serviceprofiles - verbs: - - '*' -- apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' -- apiGroups: - - authentication.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - policy - resources: - - podsecuritypolicies - verbs: - - '*' -- apiGroups: - - split.smi-spec.io - resources: - - trafficsplits - verbs: - - '*' -- apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - '*' -- apiGroups: - - gateway.solo.io.v2 - - gateway.solo.io - - gloo.solo.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - tekton.dev - resources: - - tasks - - clustertasks - - taskruns - - pipelines - - pipelineruns - - pipelineresources - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - taskruns/finalizers - - pipelineruns/finalizers - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - tekton.dev - resources: - - tasks/status - - clustertasks/status - - taskruns/status - - pipelines/status - - pipelineruns/status - - pipelineresources/status - verbs: - - get - - list - - create - - update - - delete - - patch - - watch -- apiGroups: - - policy - resourceNames: - - tekton-pipelines - resources: - - podsecuritypolicies - verbs: - - use -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-admin -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - admin.rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - autoscale.rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - '*' -- apiGroups: - - "" - resources: - - '*' - verbs: - - '*' -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - '*' -- apiGroups: - - certmanager.k8s.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - split.smi-spec.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - linkerd.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - networking.istio.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - "" - resources: - - '*' - verbs: - - '*' ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-readonly -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - '*' - verbs: - - get - - list - - watch -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-privileged -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - '*' -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - '*' - verbs: - - get - - list - - watch - - create -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: rio-standard -rules: -- apiGroups: - - rio.cattle.io - resources: - - '*' - verbs: - - get - - list - - watch - - create - - update - - delete - - patch -- apiGroups: - - tekton.dev - resources: - - taskruns - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - '*' - verbs: - - get - - list - - watch - - create -- apiGroups: - - apps - - extensions - resources: - - '*' - verbs: - - get - - list - - watch diff --git a/packages/rio/charts/templates/clusterrolebinding.yaml b/packages/rio/charts/templates/clusterrolebinding.yaml deleted file mode 100644 index c489b4482..000000000 --- a/packages/rio/charts/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: rio-controller-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: rio-cluster-admin -subjects: -- kind: ServiceAccount - name: rio-controller-serviceaccount - namespace: {{ .Release.Namespace }} diff --git a/packages/rio/charts/templates/configmap.yaml b/packages/rio/charts/templates/configmap.yaml deleted file mode 100644 index d261ce917..000000000 --- a/packages/rio/charts/templates/configmap.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: rio-config - namespace: {{ .Release.Namespace }} -data: - config: '{"letsEncrypt":{ {{- if .Values.letsEncryptEmail -}} "email":"{{ .Values.letsEncryptEmail }}" {{- end -}} },"gateway":{ {{- if .Values.ipAddress -}} "staticAddresses":[{"ip":"{{ .Values.ipAddress }}"}] {{- end -}}}, {{ include "featuresList" .Values.features }} }}' diff --git a/packages/rio/charts/templates/deployment.yaml b/packages/rio/charts/templates/deployment.yaml deleted file mode 100644 index 988630f5a..000000000 --- a/packages/rio/charts/templates/deployment.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rio-controller - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - rio-controller: "true" - template: - metadata: - labels: - rio-controller: "true" - spec: - containers: - - args: - - rio-controller -{{- if .Values.debug }} - - --debug -{{- end }} - - --features - - "" -{{- if .Values.gatewayServiceName }} - - --gateway-service-name - - {{ .Values.gatewayServiceName }} -{{- end }} -{{- if .Values.gatewayServiceNamespace }} - - --gateway-service-namespace - - {{ .Values.gatewayServiceNamespace }} -{{- end }} - env: - - name: RUN_API_VALIDATOR - value: "TRUE" - - name: RIO_NAMESPACE - value: {{ .Release.Namespace }} - image: "{{ .Values.image }}:{{ .Values.tag }}" - imagePullPolicy: Always - name: rio-controller - volumeMounts: - - mountPath: /var/run/rio/ssl - name: secret-api-validator - readOnly: true - serviceAccountName: rio-controller-serviceaccount - volumes: - - name: secret-api-validator - secret: - defaultMode: 420 - optional: true - secretName: rio-api-validator diff --git a/packages/rio/charts/templates/envoyfilter.yaml b/packages/rio/charts/templates/envoyfilter.yaml deleted file mode 100644 index b16294580..000000000 --- a/packages/rio/charts/templates/envoyfilter.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.addRemoteAddressFilter }} -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: xff-trust-hops - namespace: {{ .Release.Namespace }} -spec: - workloadSelector: - labels: - istio: ingressgateway - configPatches: - - applyTo: NETWORK_FILTER - match: - context: ANY - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - patch: - operation: MERGE - value: - typed_config: - "@type": "type.googleapis.com/envoy.config.filter.network.http_connection_manager.v2.HttpConnectionManager" - use_remote_address: true - xff_num_trusted_hops: 1 -{{- end }} \ No newline at end of file diff --git a/packages/rio/charts/templates/secret.yaml b/packages/rio/charts/templates/secret.yaml deleted file mode 100644 index 109fb8f65..000000000 --- a/packages/rio/charts/templates/secret.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: rio-api-validator - namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/packages/rio/charts/templates/service.yaml b/packages/rio/charts/templates/service.yaml deleted file mode 100644 index 6ba1162f9..000000000 --- a/packages/rio/charts/templates/service.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: rio-api-validator - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: https-443 - port: 443 - protocol: TCP - targetPort: 443 - selector: - rio-controller: "true" diff --git a/packages/rio/charts/templates/serviceaccount.yaml b/packages/rio/charts/templates/serviceaccount.yaml deleted file mode 100644 index 67abba407..000000000 --- a/packages/rio/charts/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: rio-controller-serviceaccount - namespace: {{ .Release.Namespace }} diff --git a/packages/rio/charts/values.yaml b/packages/rio/charts/values.yaml deleted file mode 100644 index 7d8355bdf..000000000 --- a/packages/rio/charts/values.yaml +++ /dev/null @@ -1,23 +0,0 @@ -image: rancher/rio-controller -tag: v0.8.0 # Rio version to install -letsEncryptEmail: "" # Provide an email for Let's Encrypt account registration -ipAddress: "" # Manually specify IP addresses to generate rdns domain, supports comma separated values -debug: false # Enable debug logging in controller - -# Manually specify features to disable, supports comma separated values - -# Istio configuration with ingress enabled -features: - autoscaling: true - build: true - dashboard: false - gloo: false - linkerd: false - istio: true - ingress: false - letsencrypt: true - rdns: true - -gatewayServiceName: istio-ingressgateway -gatewayServiceNamespace: istio-system -addRemoteAddressFilter: true diff --git a/packages/rio/package.yaml b/packages/rio/package.yaml deleted file mode 100644 index 3b5eacdf6..000000000 --- a/packages/rio/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: local -version: 100.0.0