andata
/
rancher-charts
mirror of https://git.rancher.io/charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

make charts

pull/1439/head
Ricardo Weir 2021-08-25 17:32:46 -07:00
parent 485e5ae165
commit f4bd50d357
17 changed files with 287 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0-beta06.tgz Normal file
View File

Binary file not shown.

15
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/Chart.yaml Normal file
View File

@ -0,0 +1,15 @@
annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-system
catalog.cattle.io/os: linux
catalog.cattle.io/release-name: rancher-webhook
apiVersion: v2
appVersion: 0.2.0-beta06
dependencies:
- condition: capi.enabled
name: capi
repository: ""
description: ValidatingAdmissionWebhook for Rancher types
name: rancher-webhook
version: 1.0.0+up0.2.0-beta06

4
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/charts/capi/Chart.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v2
appVersion: 0.0.0
name: capi
version: 0.0.0

13
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/charts/capi/templates/service.yaml Normal file
View File

@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: webhook-service
annotations:
need-a-cert.cattle.io/secret-name: rancher-webhook-tls
spec:
ports:
- name: https
port: 443
targetPort: 8777
selector:
app: rancher-webhook

11
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,11 @@
{{- define "system_default_registry" -}}
{{- if .Values.global.cattle.systemDefaultRegistry -}}
{{- printf "%s/" .Values.global.cattle.systemDefaultRegistry -}}
{{- else -}}
{{- "" -}}
{{- end -}}
{{- end -}}
{{- define "rancher-webhook.labels" -}}
app: rancher-webhook
{{- end }}

44
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/deployment.yaml Normal file
View File

@ -0,0 +1,44 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: rancher-webhook
spec:
selector:
matchLabels:
app: rancher-webhook
template:
metadata:
labels:
app: rancher-webhook
spec:
volumes:
- name: tls
secret:
secretName: rancher-webhook-tls
{{- if .Values.global.hostNetwork }}
hostNetwork: true
{{- end }}
containers:
- env:
- name: STAMP
value: "{{.Values.stamp}}"
- name: ENABLE_CAPI
value: "{{.Values.capi.enabled}}"
- name: ENABLE_MCM
value: "{{.Values.mcm.enabled}}"
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: '{{ template "system_default_registry" . }}{{ .Values.image.repository }}:{{ .Values.image.tag }}'
name: rancher-webhook
imagePullPolicy: "{{ .Values.image.imagePullPolicy }}"
ports:
- name: https
containerPort: 9443
- name: capi-https
containerPort: 8777
volumeMounts:
- name: tls
mountPath: /tmp/k8s-webhook-server/serving-certs
serviceAccountName: rancher-webhook

19
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/pre-delete-hook-cluster-role-binding.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.preDelete.enabled }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "2"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: rancher-webhook-pre-delete
subjects:
- kind: ServiceAccount
name: rancher-webhook-pre-delete
namespace: {{ .Release.Namespace }}
{{- end }}

23
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/pre-delete-hook-cluster-role.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.preDelete.enabled }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
rules:
- apiGroups: [ "admissionregistration.k8s.io" ]
resources: [ "mutatingwebhookconfigurations" ]
verbs: [ "delete" ]
resourceNames: [ "rancher.cattle.io" ]
- apiGroups: [ "" ]
resources: [ "serviceaccounts" ]
verbs: [ "get" ]
- apiGroups: [ "policy" ]
resources: [ "podsecuritypolicies" ]
verbs: [ "use" ]
resourceNames: [ "rancher-webhook-pre-delete" ]
{{- end }}

26
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/pre-delete-hook-job.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- if .Values.preDelete.enabled }}
apiVersion: batch/v1
kind: Job
metadata:
name: rancher-webhook-pre-delete
namespace: {{ .Release.Namespace }}
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "3"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
spec:
backoffLimit: 3
template:
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 8 }}
spec:
serviceAccountName: rancher-webhook-pre-delete
restartPolicy: OnFailure
containers:
- name: rancher-webhook-pre-delete
image: "{{ include "system_default_registry" . }}{{ .Values.preDelete.image.repository }}:{{ .Values.preDelete.image.tag }}"
imagePullPolicy: IfNotPresent
command: [ "kubectl", "delete", "--ignore-not-found=true", "mutatingwebhookconfigurations", "rancher.cattle.io" ]
{{- end }}

32
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/pre-delete-hook-psp.yaml Normal file
View File

@ -0,0 +1,32 @@
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
name: rancher-webhook-pre-delete
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
spec:
privileged: false
hostNetwork: false
hostIPC: false
hostPID: false
runAsUser:
rule: 'RunAsAny'
seLinux:
rule: 'RunAsAny'
supplementalGroups:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
fsGroup:
rule: 'MustRunAs'
ranges:
- min: 1
max: 65535
readOnlyRootFilesystem: false
volumes:
- 'secret'

12
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/pre-delete-hook-service-account.yaml Normal file
View File

@ -0,0 +1,12 @@
{{- if .Values.preDelete.enabled }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-webhook-pre-delete
namespace: {{ .Release.Namespace }}
labels: {{ include "rancher-webhook.labels" . | nindent 4 }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
{{- end }}

12
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/rbac.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: rancher-webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: rancher-webhook
namespace: {{.Release.Namespace}}

13
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/service.yaml Normal file
View File

@ -0,0 +1,13 @@
kind: Service
apiVersion: v1
metadata:
name: rancher-webhook
namespace: cattle-system
spec:
ports:
- port: 443
targetPort: 9443
protocol: TCP
name: https
selector:
app: rancher-webhook

4
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,4 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: rancher-webhook

19
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/templates/webhook.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: rancher.cattle.io
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
clientConfig:
service:
name: rancher-webhook
namespace: cattle-system
path: /v1/webhook/validation
port: 443
failurePolicy: Ignore
matchPolicy: Equivalent
name: rancher.cattle.io
sideEffects: None
timeoutSeconds: 10

21
charts/rancher-webhook/rancher-webhook/1.0.0+up0.2.0-beta06/values.yaml Normal file
View File

@ -0,0 +1,21 @@
image:
repository: rancher/rancher-webhook
tag: v0.2.0-beta06
imagePullPolicy: IfNotPresent
global:
cattle:
systemDefaultRegistry: ""
hostNetwork: false
capi:
enabled: false
mcm:
enabled: true
preDelete:
enabled: true
image:
repository: rancher/kubectl
tag: v1.20.2

19
index.yaml
View File

@ -3906,6 +3906,25 @@ entries:
- assets/rancher-vsphere-csi/rancher-vsphere-csi-2.1.000.tgz
version: 2.1.000
rancher-webhook:
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"
catalog.cattle.io/namespace: cattle-system
catalog.cattle.io/os: linux
catalog.cattle.io/release-name: rancher-webhook
apiVersion: v2
appVersion: 0.2.0-beta06
created: "2021-08-25T17:32:34.656092-07:00"
dependencies:
- condition: capi.enabled
name: capi
repository: ""
description: ValidatingAdmissionWebhook for Rancher types
digest: 14a898bed02e3c8fb52878c54fea9e90e12439275ffbaaffc74fc85412087096
name: rancher-webhook
urls:
- assets/rancher-webhook/rancher-webhook-1.0.0+up0.2.0-beta06.tgz
version: 1.0.0+up0.2.0-beta06
- annotations:
catalog.cattle.io/certified: rancher
catalog.cattle.io/hidden: "true"