andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[dev-v2.9] Forward port from dev-v2.8 after 2.8.8 #2 (#4465)

pull/4468/head
Nicholas openSUSE Software Engineer 2024-09-18 12:27:38 -03:00 committed by GitHub
parent 31d3694ed5
commit de78a0f62d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
37 changed files with 1235 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/harvester-cloud-provider/harvester-cloud-provider-103.0.3+up0.2.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/rancher-webhook/rancher-webhook-103.0.10+up0.4.11.tgz Normal file
View File

Binary file not shown.

23
charts/harvester-cloud-provider/103.0.3+up0.2.6/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/harvester-cloud-provider/103.0.3+up0.2.6/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: kube-vip
repository: file://dependency_charts/kube-vip
version: 0.4.2
digest: sha256:bbbff44d39375203f4880e5a76f0d9705f25edc53f89532e8ef39cd23d9ca92b
generated: "2023-06-07T17:47:05.632456+08:00"

25
charts/harvester-cloud-provider/103.0.3+up0.2.6/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Harvester Cloud Provider
catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
catalog.cattle.io/namespace: kube-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
catalog.cattle.io/release-name: harvester-cloud-provider
catalog.cattle.io/ui-component: harvester-cloud-provider
catalog.cattle.io/upstream-version: 0.2.6
apiVersion: v2
appVersion: v0.2.2
dependencies:
- name: kube-vip
repository: file://./charts/kube-vip
description: A Helm chart for Harvester Cloud Provider
keywords:
- infrastructure
- harvester
maintainers:
- name: harvester
name: harvester-cloud-provider
type: application
version: 103.0.3+up0.2.6

23
charts/harvester-cloud-provider/103.0.3+up0.2.6/charts/kube-vip/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/harvester-cloud-provider/103.0.3+up0.2.6/charts/kube-vip/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
appVersion: v0.4.1
description: A Helm chart for kube-vip
name: kube-vip
type: application
version: 0.4.2

74
charts/harvester-cloud-provider/103.0.3+up0.2.6/charts/kube-vip/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,74 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kube-vip.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kube-vip.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kube-vip.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "kube-vip.labels" -}}
helm.sh/chart: {{ include "kube-vip.chart" . }}
{{ include "kube-vip.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kube-vip.selectorLabels" -}}
app.kubernetes.io/name: {{ include "kube-vip.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "kube-vip.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Global system default registry
*/}}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

51
charts/harvester-cloud-provider/103.0.3+up0.2.6/charts/kube-vip/templates/daemonset.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "kube-vip.name" . }}
namespace: {{ .Release.Namespace | default "kube-system" }}
spec:
selector:
matchLabels:
{{- include "kube-vip.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "kube-vip.selectorLabels" . | nindent 8 }}
spec:
containers:
- args:
- manager
env:
{{- if eq .Values.env.cp_enable "true" }}
- name: vip_address
value: {{ required "A valid config.address required!" .Values.config.address}}
{{- end }}
{{- with .Values.env }}
{{- range $k, $v := . }}
{{- $name := $k }}
{{- $value := $v }}
- name: {{ quote $name }}
value: {{ quote $value }}
{{- end }}
{{- end }}
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: kube-vip
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
hostNetwork: true
serviceAccountName: {{ include "kube-vip.name" . }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}

36
charts/harvester-cloud-provider/103.0.3+up0.2.6/charts/kube-vip/templates/rbac.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "kube-vip.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kube-vip.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
name: {{ include "kube-vip.name" . }}
rules:
- apiGroups: [""]
resources: ["services", "services/status", "nodes"]
verbs: ["list","get","watch", "update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["list", "get", "watch", "update", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kube-vip.name" . }}
labels:
{{- include "kube-vip.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "kube-vip.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "kube-vip.name" . }}
namespace: {{ .Release.Namespace }}

79
charts/harvester-cloud-provider/103.0.3+up0.2.6/charts/kube-vip/values.yaml Normal file
View File

@ -0,0 +1,79 @@
# Default values for kube-vip.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: rancher/mirrored-kube-vip-kube-vip-iptables
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.6.0"
config:
address: ""
env:
vip_interface: ""
vip_arp: "true"
lb_enable: "true"
lb_port: "6443"
vip_cidr: "32"
cp_enable: "false"
svc_enable: "true"
vip_leaderelection: "false"
imagePullSecrets: [ ]
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: { }
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: { }
podSecurityContext: { }
# fsGroup: 2000
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
resources: { }
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
affinity: { }
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: node-role.kubernetes.io/master
# operator: Exists
# - matchExpressions:
# - key: node-role.kubernetes.io/control-plane
# operator: Exists
global:
cattle:
systemDefaultRegistry: ""

3
charts/harvester-cloud-provider/103.0.3+up0.2.6/ci/kind-values.yaml Normal file
View File

@ -0,0 +1,3 @@
replicasCount: 1
# It's an existent but invalid kubeconfig, just for helm installation testing in kind
cloudConfigPath: "/etc/kubernetes/admin.conf"

23
charts/harvester-cloud-provider/103.0.3+up0.2.6/dependency_charts/kube-vip/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/harvester-cloud-provider/103.0.3+up0.2.6/dependency_charts/kube-vip/Chart.yaml Normal file
View File

@ -0,0 +1,6 @@
apiVersion: v2
appVersion: v0.4.1
description: A Helm chart for kube-vip
name: kube-vip
type: application
version: 0.4.2

74
charts/harvester-cloud-provider/103.0.3+up0.2.6/dependency_charts/kube-vip/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,74 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kube-vip.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kube-vip.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kube-vip.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "kube-vip.labels" -}}
helm.sh/chart: {{ include "kube-vip.chart" . }}
{{ include "kube-vip.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "kube-vip.selectorLabels" -}}
app.kubernetes.io/name: {{ include "kube-vip.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "kube-vip.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "kube-vip.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Global system default registry
*/}}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

51
charts/harvester-cloud-provider/103.0.3+up0.2.6/dependency_charts/kube-vip/templates/daemonset.yaml Normal file
View File

@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "kube-vip.name" . }}
namespace: {{ .Release.Namespace | default "kube-system" }}
spec:
selector:
matchLabels:
{{- include "kube-vip.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "kube-vip.selectorLabels" . | nindent 8 }}
spec:
containers:
- args:
- manager
env:
{{- if eq .Values.env.cp_enable "true" }}
- name: vip_address
value: {{ required "A valid config.address required!" .Values.config.address}}
{{- end }}
{{- with .Values.env }}
{{- range $k, $v := . }}
{{- $name := $k }}
{{- $value := $v }}
- name: {{ quote $name }}
value: {{ quote $value }}
{{- end }}
{{- end }}
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
name: kube-vip
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
hostNetwork: true
serviceAccountName: {{ include "kube-vip.name" . }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}

36
charts/harvester-cloud-provider/103.0.3+up0.2.6/dependency_charts/kube-vip/templates/rbac.yaml Normal file
View File

@ -0,0 +1,36 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "kube-vip.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "kube-vip.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
name: {{ include "kube-vip.name" . }}
rules:
- apiGroups: [""]
resources: ["services", "services/status", "nodes"]
verbs: ["list","get","watch", "update"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["list", "get", "watch", "update", "create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "kube-vip.name" . }}
labels:
{{- include "kube-vip.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "kube-vip.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "kube-vip.name" . }}
namespace: {{ .Release.Namespace }}

79
charts/harvester-cloud-provider/103.0.3+up0.2.6/dependency_charts/kube-vip/values.yaml Normal file
View File

@ -0,0 +1,79 @@
# Default values for kube-vip.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: rancher/mirrored-kube-vip-kube-vip-iptables
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: "v0.6.0"
config:
address: ""
env:
vip_interface: ""
vip_arp: "true"
lb_enable: "true"
lb_port: "6443"
vip_cidr: "32"
cp_enable: "false"
svc_enable: "true"
vip_leaderelection: "false"
imagePullSecrets: [ ]
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: { }
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: { }
podSecurityContext: { }
# fsGroup: 2000
securityContext:
capabilities:
add:
- NET_ADMIN
- NET_RAW
resources: { }
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
affinity: { }
# nodeAffinity:
# requiredDuringSchedulingIgnoredDuringExecution:
# nodeSelectorTerms:
# - matchExpressions:
# - key: node-role.kubernetes.io/master
# operator: Exists
# - matchExpressions:
# - key: node-role.kubernetes.io/control-plane
# operator: Exists
global:
cattle:
systemDefaultRegistry: ""

11
charts/harvester-cloud-provider/103.0.3+up0.2.6/questions.yml Normal file
View File

@ -0,0 +1,11 @@
categories:
- infrastructure
- harvester
namespace: kube-system
questions:
- variable: cloudConfigPath
label: Cloud config file path
description: "Specify the path of the cloud config."
group: "Default"
type: string
default: "/etc/kubernetes/cloud-config"

69
charts/harvester-cloud-provider/103.0.3+up0.2.6/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,69 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "harvester-cloud-provider.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "harvester-cloud-provider.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "harvester-cloud-provider.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "harvester-cloud-provider.labels" -}}
helm.sh/chart: {{ include "harvester-cloud-provider.chart" . }}
{{ include "harvester-cloud-provider.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "harvester-cloud-provider.selectorLabels" -}}
app.kubernetes.io/name: {{ include "harvester-cloud-provider.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "harvester-cloud-provider.serviceAccountName" -}}
{{- default (include "harvester-cloud-provider.fullname" .) .Values.serviceAccount.name }}
{{- end }}
{{/*
Global system default registry
*/}}
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}

57
charts/harvester-cloud-provider/103.0.3+up0.2.6/templates/deployment.yaml Normal file
View File

@ -0,0 +1,57 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: {{ .Release.Namespace }}
labels:
{{- include "harvester-cloud-provider.labels" . | nindent 4 }}
name: {{ include "harvester-cloud-provider.name" . }}
spec:
replicas: {{ .Values.replicasCount}}
selector:
matchLabels:
{{- include "harvester-cloud-provider.selectorLabels" . | nindent 6 }}
strategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
{{- include "harvester-cloud-provider.selectorLabels" . | nindent 8 }}
spec:
serviceAccountName: {{ include "harvester-cloud-provider.name" . }}
hostNetwork: true
containers:
- name: {{ include "harvester-cloud-provider.name" . }}
image: {{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- --cloud-config=/etc/kubernetes/cloud-config
{{- if ne .Values.global.cattle.clusterName "" }}
- --cluster-name={{ .Values.global.cattle.clusterName }}
{{- end }}
command:
- harvester-cloud-provider
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
- mountPath: /etc/kubernetes/cloud-config
name: cloud-config
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: cloud-config
hostPath:
path: {{ required "A valid cloudConfigPath is required!" .Values.cloudConfigPath }}
type: File

37
charts/harvester-cloud-provider/103.0.3+up0.2.6/templates/rbac.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "harvester-cloud-provider.name" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "harvester-cloud-provider.labels" . | nindent 4 }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ include "harvester-cloud-provider.name" . }}
rules:
- apiGroups: [ "" ]
resources: [ "services", "nodes", "events" ]
verbs: [ "get", "watch", "list", "update", "create", "patch" ]
- apiGroups: [ "" ]
resources: [ "nodes/status", "services/status" ]
verbs: [ "update", "patch" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "update", "create" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ include "harvester-cloud-provider.name" . }}
labels:
{{- include "harvester-cloud-provider.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ include "harvester-cloud-provider.name" . }}
subjects:
- kind: ServiceAccount
name: {{ include "harvester-cloud-provider.name" . }}
namespace: {{ .Release.Namespace }}

106
charts/harvester-cloud-provider/103.0.3+up0.2.6/values.yaml Normal file
View File

@ -0,0 +1,106 @@
# Default values for harvester-cloud-provider.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicasCount: 1
image:
repository: rancher/harvester-cloud-provider
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: v0.2.2
cloudConfigPath: "/etc/kubernetes/cloud-config"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector:
kubernetes.io/os: linux
tolerations:
- effect: NoSchedule
key: node.cloudprovider.kubernetes.io/uninitialized
operator: Equal
value: "true"
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Equal
- effect: NoExecute
key: node-role.kubernetes.io/etcd
operator: Equal
- key: cattle.io/os
operator: Equal
value: "linux"
effect: NoSchedule
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- harvester-cloud-provider
topologyKey: kubernetes.io/hostname
global:
cattle:
systemDefaultRegistry: ""
clusterName: ""
kube-vip:
enabled: true
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
- effect: NoExecute
key: node-role.kubernetes.io/etcd
operator: Exists
image:
repository: rancher/mirrored-kube-vip-kube-vip-iptables
tag: v0.6.0
env:
vip_interface: ""
vip_arp: "true"
lb_enable: "true"
lb_port: "6443"
vip_cidr: "32"
cp_enable: "false"
svc_enable: "true"
vip_leaderelection: "false"
enable_service_security: "true"
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
# For RKE1
- matchExpressions:
- key: node-role.kubernetes.io/controlplane
operator: Exists
# For RKE2
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists

14
charts/rancher-webhook/103.0.10+up0.4.11/Chart.yaml Normal file
View File

@ -0,0 +1,14 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
catalog.cattle.io/namespace: cattle-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
catalog.cattle.io/release-name: rancher-webhook
apiVersion: v2
appVersion: 0.4.11
description: ValidatingAdmissionWebhook for Rancher types
name: rancher-webhook
version: 103.0.10+up0.4.11

22
charts/rancher-webhook/103.0.10+up0.4.11/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,22 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "rancher-webhook.labels" -}}
app: rancher-webhook
{{- end }}
{{- define "linux-node-tolerations" -}}
- key: "cattle.io/os"
value: "linux"
effect: "NoSchedule"
operator: "Equal"
{{- end -}}
{{- define "linux-node-selector" -}}
kubernetes.io/os: linux
{{- end -}}

82
charts/rancher-webhook/103.0.10+up0.4.11/templates/deployment.yaml Normal file
View File

@ -0,0 +1,82 @@
{{- $auth := .Values.auth | default dict }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: rancher-webhook
spec:
selector:
matchLabels:
app: rancher-webhook
template:
metadata:
labels:
app: rancher-webhook
spec:
{{- if $auth.clientCA }}
volumes:
- name: client-ca
secret:
secretName: client-ca
{{- end }}
{{- if .Values.global.hostNetwork }}
hostNetwork: true
{{- end }}
nodeSelector: {{ include "linux-node-selector" . | nindent 8 }}
{{- if .Values.nodeSelector }}
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
tolerations: {{ include "linux-node-tolerations" . | nindent 6 }}
{{- if .Values.tolerations }}
{{ toYaml .Values.tolerations | indent 6 }}
{{- end }}
containers:
- env:
- name: STAMP
value: "{{.Values.stamp}}"
- name: ENABLE_MCM
value: "{{.Values.mcm.enabled}}"
- name: CATTLE_PORT
value: {{.Values.port | default 9443 | quote}}
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if $auth.allowedCNs }}
- name: ALLOWED_CNS
value: '{{ join "," $auth.allowedCNs }}'
{{- end }}
image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
name: rancher-webhook
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
ports:
- name: https
containerPort: {{ .Values.port | default 9443 }}
startupProbe:
httpGet:
path: "/healthz"
port: "https"
scheme: "HTTPS"
failureThreshold: 60
periodSeconds: 5
livenessProbe:
httpGet:
path: "/healthz"
port: "https"
scheme: "HTTPS"
periodSeconds: 5
{{- if $auth.clientCA }}
volumeMounts:
- name: client-ca
mountPath: /tmp/k8s-webhook-server/client-ca
readOnly: true
{{- end }}
{{- if .Values.capNetBindService }}
securityContext:
capabilities:
add:
- NET_BIND_SERVICE
{{- end }}
serviceAccountName: rancher-webhook
{{- if .Values.priorityClassName }}
priorityClassName: "{{.Values.priorityClassName}}"
{{- end }}

12
charts/rancher-webhook/103.0.10+up0.4.11/templates/rbac.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rancher-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: rancher-webhook
namespace: {{.Release.Namespace}}

11
charts/rancher-webhook/103.0.10+up0.4.11/templates/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $auth := .Values.auth | default dict }}
{{- if $auth.clientCA }}
apiVersion: v1
data:
ca.crt: {{ $auth.clientCA }}
kind: Secret
metadata:
name: client-ca
namespace: cattle-system
type: Opaque
{{- end }}

13
charts/rancher-webhook/103.0.10+up0.4.11/templates/service.yaml Normal file
View File

@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: rancher-webhook
namespace: cattle-system
spec:
ports:
- port: 443
targetPort: {{ .Values.port | default 9443 }}
protocol: TCP
name: https
selector:
app: rancher-webhook

11
charts/rancher-webhook/103.0.10+up0.4.11/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-webhook
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-webhook-sudo
annotations:
cattle.io/description: "SA which can be impersonated to bypass rancher-webhook validation"

9
charts/rancher-webhook/103.0.10+up0.4.11/templates/webhook.yaml Normal file
View File

@ -0,0 +1,9 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: rancher.cattle.io
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: rancher.cattle.io

16
charts/rancher-webhook/103.0.10+up0.4.11/tests/README.md Normal file
View File

@ -0,0 +1,16 @@
## local dev testing instructions
Option 1: Full chart CI run with a live cluster
```bash
./scripts/charts/ci
```
Option 2: Test runs against the chart only
```bash
# install the helm plugin first - helm plugin install https://github.com/helm-unittest/helm-unittest.git
bash dev-scripts/helm-unittest.sh
```

73
charts/rancher-webhook/103.0.10+up0.4.11/tests/deployment_test.yaml Normal file
View File

@ -0,0 +1,73 @@
suite: Test Deployment
templates:
- deployment.yaml
tests:
- it: should set webhook default port values
asserts:
- equal:
path: spec.template.spec.containers[0].ports[0].containerPort
value: 9443
- contains:
path: spec.template.spec.containers[0].env
content:
name: CATTLE_PORT
value: "9443"
- it: should set updated webhook port
set:
port: 2319
asserts:
- equal:
path: spec.template.spec.containers[0].ports[0].containerPort
value: 2319
- contains:
path: spec.template.spec.containers[0].env
content:
name: CATTLE_PORT
value: "2319"
- it: should not set capabilities by default.
asserts:
- isNull:
path: spec.template.spec.containers[0].securityContext
- it: should set net capabilities when capNetBindService is true.
set:
capNetBindService: true
asserts:
- contains:
path: spec.template.spec.containers[0].securityContext.capabilities.add
content: NET_BIND_SERVICE
- it: should not set volumes or volumeMounts by default
asserts:
- isNull:
path: spec.template.spec.volumes
- isNull:
path: spec.template.spec.volumeMounts
- it: should set CA fields when CA options are set
set:
auth.clientCA: base64-encoded-cert
auth.allowedCNs:
- kube-apiserver
- joe
asserts:
- contains:
path: spec.template.spec.volumes
content:
name: client-ca
secret:
secretName: client-ca
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
name: client-ca
mountPath: /tmp/k8s-webhook-server/client-ca
readOnly: true
- contains:
path: spec.template.spec.containers[0].env
content:
name: ALLOWED_CNS
value: kube-apiserver,joe

18
charts/rancher-webhook/103.0.10+up0.4.11/tests/service_test.yaml Normal file
View File

@ -0,0 +1,18 @@
suite: Test Service
templates:
- service.yaml
tests:
- it: should set webhook default port values
asserts:
- equal:
path: spec.ports[0].targetPort
value: 9443
- it: should set updated target port
set:
port: 2319
asserts:
- equal:
path: spec.ports[0].targetPort
value: 2319

30
charts/rancher-webhook/103.0.10+up0.4.11/values.yaml Normal file
View File

@ -0,0 +1,30 @@
image:
repository: rancher/rancher-webhook
tag: v0.4.11
imagePullPolicy: IfNotPresent
global:
cattle:
systemDefaultRegistry: ""
hostNetwork: false
mcm:
enabled: true
# tolerations for the webhook deployment. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ for more info
tolerations: []
nodeSelector: {}
## PriorityClassName assigned to deployment.
priorityClassName: ""
# port assigns which port to use when running rancher-webhook
port: 9443
# Parameters for authenticating the kube-apiserver.
auth:
# CA for authenticating kube-apiserver client certs. If empty, client connections will not be authenticated.
# Must be base64-encoded.
clientCA: ""
# Allowlist of CNs for kube-apiserver client certs. If empty, any cert signed by the CA provided in clientCA will be accepted.
allowedCNs: []

47
index.yaml
View File

@ -3218,6 +3218,35 @@ entries:
urls:
- assets/harvester-cloud-provider/harvester-cloud-provider-104.0.0+up0.2.3.tgz
version: 104.0.0+up0.2.3
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Harvester Cloud Provider
catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
catalog.cattle.io/namespace: kube-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux
catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
catalog.cattle.io/release-name: harvester-cloud-provider
catalog.cattle.io/ui-component: harvester-cloud-provider
catalog.cattle.io/upstream-version: 0.2.6
apiVersion: v2
appVersion: v0.2.2
created: "2024-09-18T11:08:01.621001244-03:00"
dependencies:
- name: kube-vip
repository: file://./charts/kube-vip
description: A Helm chart for Harvester Cloud Provider
digest: addb6f9451f63542a07e6a552cefe028515d111ddc1bbcc3645b520bfab98e78
keywords:
- infrastructure
- harvester
maintainers:
- name: harvester
name: harvester-cloud-provider
type: application
urls:
- assets/harvester-cloud-provider/harvester-cloud-provider-103.0.3+up0.2.6.tgz
version: 103.0.3+up0.2.6
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/display-name: Harvester Cloud Provider
@ -24841,6 +24870,24 @@ entries:
urls:
- assets/rancher-webhook/rancher-webhook-104.0.0+up0.5.0.tgz
version: 104.0.0+up0.5.0
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/kube-version: '>= 1.23.0-0 < 1.29.0-0'
catalog.cattle.io/namespace: cattle-system
catalog.cattle.io/os: linux
catalog.cattle.io/permits-os: linux,windows
catalog.cattle.io/rancher-version: '>= 2.8.0-0 < 2.9.0-0'
catalog.cattle.io/release-name: rancher-webhook
apiVersion: v2
appVersion: 0.4.11
created: "2024-09-18T11:06:26.687554816-03:00"
description: ValidatingAdmissionWebhook for Rancher types
digest: e3b7646a441ff6e45b604f8d33feb0e0b61b7f0425e44103a0a10321fd10d236
name: rancher-webhook
urls:
- assets/rancher-webhook/rancher-webhook-103.0.10+up0.4.11.tgz
version: 103.0.10+up0.4.11
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"

2
release.yaml
View File

@ -1,8 +1,10 @@
harvester-cloud-provider:
- 104.0.2+up0.2.6
- 103.0.3+up0.2.6
rancher-webhook:
- 104.0.2+up0.5.2
- 104.0.2+up0.5.2-rc.3
- 103.0.10+up0.4.11
sriov:
- 104.3.0+up1.3.0
sriov-crd: