From f859625d86e467fd7e78d562928ba63eb7d54080 Mon Sep 17 00:00:00 2001 From: Arvind Iyengar Date: Mon, 17 May 2021 15:34:49 -0700 Subject: [PATCH] (dev-v2.6-archive) Checkout current packages from dev-v2.6-source ```bash git fetch upstream git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md ``` This overwrites the previous changes based on stuff currently in dev-v2.6-source today. (partially cherry picked from commit 1107be91997849f6fd08180a83c5e11a42fcd75e) --- .../generated-changes/patch/Chart.yaml.patch | 12 +++ .../rancher-eks-operator-crd/package.yaml | 3 + .../generated-changes/patch/Chart.yaml.patch | 15 +++ packages/rancher-eks-operator/package.yaml | 3 + .../templates/loggings/aks/logging.yaml | 49 ++++++++-- .../templates/loggings/eks/logging.yaml | 49 ++++++++-- .../templates/loggings/gke/logging.yaml | 49 ++++++++-- .../loggings/k3s/logging-k3s-openrc.yaml | 67 +++++++++---- .../loggings/k3s/logging-k3s-systemd.yaml | 67 +++++++++---- .../templates/loggings/rke/daemonset.yaml | 6 +- .../templates/loggings/rke2/daemonset.yaml | 6 +- .../rke2/logging-rke2-containers.yaml | 67 +++++++++---- .../templates/loggings/root/logging.yaml | 95 ++++++++++++++----- .../patch/templates/_helpers.tpl.patch | 23 +++-- .../generated-changes/patch/values.yaml.patch | 14 ++- packages/rancher-logging/package.yaml | 4 +- .../rancher-vsphere-csi/charts/Chart.yaml | 4 +- .../rancher-vsphere-csi/charts/app-readme.md | 2 +- .../rancher-vsphere-csi/charts/questions.yaml | 15 ++- .../vsphere-csi-controller-deployment.yaml | 51 +++++++++- .../vsphere-csi-controller-rbac.yaml | 2 +- .../charts/templates/vsphere-csi-node-ds.yaml | 17 +++- .../templates/vsphere-csi-node-rbac.yaml | 29 ++++++ .../rancher-vsphere-csi/charts/values.yaml | 23 +++-- .../generated-changes/patch/Chart.yaml.patch | 16 ++++ packages/rancher-webhook/package.yaml | 6 +- .../system-upgrade-controller/.helmignore | 23 +++++ .../charts/Chart.yaml | 14 +++ .../charts/templates/_helpers.tpl | 9 ++ .../charts/templates/clusterrolebinding.yaml | 12 +++ .../charts/templates/configmap.yaml | 15 +++ .../charts/templates/deployment.yaml | 48 ++++++++++ .../charts/templates/serviceaccount.yaml | 4 + .../charts/values.yaml | 12 +++ .../system-upgrade-controller/package.yaml | 3 + 35 files changed, 679 insertions(+), 155 deletions(-) create mode 100644 packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch create mode 100644 packages/rancher-eks-operator-crd/package.yaml create mode 100644 packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch create mode 100644 packages/rancher-eks-operator/package.yaml create mode 100644 packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-rbac.yaml create mode 100644 packages/rancher-webhook/generated-changes/patch/Chart.yaml.patch create mode 100644 packages/system-upgrade-controller/.helmignore create mode 100644 packages/system-upgrade-controller/charts/Chart.yaml create mode 100644 packages/system-upgrade-controller/charts/templates/_helpers.tpl create mode 100644 packages/system-upgrade-controller/charts/templates/clusterrolebinding.yaml create mode 100644 packages/system-upgrade-controller/charts/templates/configmap.yaml create mode 100644 packages/system-upgrade-controller/charts/templates/deployment.yaml create mode 100644 packages/system-upgrade-controller/charts/templates/serviceaccount.yaml create mode 100644 packages/system-upgrade-controller/charts/values.yaml create mode 100644 packages/system-upgrade-controller/package.yaml diff --git a/packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch b/packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 000000000..e265c3211 --- /dev/null +++ b/packages/rancher-eks-operator-crd/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,12 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -5,7 +5,7 @@ + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-eks-operator-crd + apiVersion: v2 +-appVersion: 2.0.1-rc1 ++appVersion: 2.0.1 + description: EKS Operator CustomResourceDefinitions + name: rancher-eks-operator-crd +-version: 2.0.1-rc1 ++version: 2.0.1 diff --git a/packages/rancher-eks-operator-crd/package.yaml b/packages/rancher-eks-operator-crd/package.yaml new file mode 100644 index 000000000..b1b4bcb3c --- /dev/null +++ b/packages/rancher-eks-operator-crd/package.yaml @@ -0,0 +1,3 @@ +url: https://github.com/rancher/eks-operator/releases/download/v2.0.1-rc1/rancher-eks-operator-crd-2.0.1-rc1.tgz +packageVersion: 00 +releaseCandidateVersion: 01 diff --git a/packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch b/packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 000000000..489e5c074 --- /dev/null +++ b/packages/rancher-eks-operator/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,15 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -9,10 +9,10 @@ + catalog.cattle.io/release-name: rancher-eks-operator + catalog.cattle.io/scope: management + apiVersion: v2 +-appVersion: 2.0.1-rc1 ++appVersion: 2.0.1 + description: A Helm chart for provisioning EKS clusters + home: https://github.com/rancher/eks-operator + name: rancher-eks-operator + sources: + - https://github.com/rancher/eks-operator +-version: 2.0.1-rc1 ++version: 2.0.1 diff --git a/packages/rancher-eks-operator/package.yaml b/packages/rancher-eks-operator/package.yaml new file mode 100644 index 000000000..9eeb9c406 --- /dev/null +++ b/packages/rancher-eks-operator/package.yaml @@ -0,0 +1,3 @@ +url: https://github.com/rancher/eks-operator/releases/download/v2.0.1-rc1/rancher-eks-operator-2.0.1-rc1.tgz +packageVersion: 00 +releaseCandidateVersion: 01 diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/aks/logging.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/aks/logging.yaml index 916f93b41..346a665f7 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/aks/logging.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/aks/logging.yaml @@ -15,21 +15,43 @@ spec: inputTail: Tag: "aks" Path: "/var/log/azure/kubelet-status.log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} tolerations: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} + {{- end }} + {{- with .Values.fluentbit.resources }} resources: {{- toYaml . | nindent 6 }} - {{- end }} + {{- end }} fluentd: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} @@ -37,16 +59,25 @@ spec: configReloaderImage: repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.nodeSelector }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.resources }} diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/eks/logging.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/eks/logging.yaml index da4af2d9e..900d181e5 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/eks/logging.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/eks/logging.yaml @@ -16,21 +16,43 @@ spec: Tag: "eks" Path: "/var/log/messages" Parser: "syslog" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} tolerations: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} + {{- end }} + {{- with .Values.fluentbit.resources }} resources: {{- toYaml . | nindent 6 }} - {{- end }} + {{- end }} fluentd: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} @@ -38,16 +60,25 @@ spec: configReloaderImage: repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.nodeSelector }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.resources }} diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/gke/logging.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/gke/logging.yaml index 3823127b2..5731fb8a5 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/gke/logging.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/gke/logging.yaml @@ -15,21 +15,43 @@ spec: inputTail: Tag: "gke" Path: "/var/log/kube-proxy.log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} tolerations: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} + {{- end }} + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} + {{- end }} + {{- with .Values.fluentbit.resources }} resources: {{- toYaml . | nindent 6 }} - {{- end }} + {{- end }} fluentd: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} @@ -37,16 +59,25 @@ spec: configReloaderImage: repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- with .Values.tolerations }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} tolerations: {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.nodeSelector }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} nodeSelector: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.resources }} diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml index cf5e988f3..8e826c73b 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-openrc.yaml @@ -15,28 +15,47 @@ spec: inputTail: Tag: "k3s" Path: "/var/log/k3s.log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} extraVolumeMounts: - source: "/var/log/" destination: "/var/log" readOnly: true + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} fluentd: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} @@ -44,23 +63,29 @@ spec: configReloaderImage: repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.resources }} - resources: - {{- toYaml . | nindent 6 }} + resources: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.livenessProbe }} livenessProbe: {{- toYaml . | nindent 6 }} diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml index c4b3db0e7..6f297ce67 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/k3s/logging-k3s-systemd.yaml @@ -15,28 +15,47 @@ spec: inputTail: Tag: "k3s" Path: "/var/log/syslog" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} extraVolumeMounts: - source: "/var/log/" destination: "/var/log" readOnly: true + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} fluentd: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} @@ -44,23 +63,29 @@ spec: configReloaderImage: repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.resources }} - resources: - {{- toYaml . | nindent 6 }} + resources: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.livenessProbe }} livenessProbe: {{- toYaml . | nindent 6 }} diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke/daemonset.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke/daemonset.yaml index 840b3e722..e08ee8559 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke/daemonset.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke/daemonset.yaml @@ -51,12 +51,10 @@ spec: serviceAccountName: "{{ .Release.Name }}-rke-aggregator" {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} {{- with $total_tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} + tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} + nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} --- apiVersion: v1 diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/daemonset.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/daemonset.yaml index f45b74b76..6025e04b4 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/daemonset.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/daemonset.yaml @@ -33,12 +33,10 @@ spec: name: machine-id readOnly: true {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} + tolerations: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} + nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: "{{ .Release.Name }}-rke2-journald-aggregator" volumes: diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/logging-rke2-containers.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/logging-rke2-containers.yaml index 7be4972e7..d8c83513a 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/logging-rke2-containers.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/rke2/logging-rke2-containers.yaml @@ -13,10 +13,33 @@ spec: inputTail: Tag: "rke2" Path: "/var/log/containers/*rke*.log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} extraVolumeMounts: - source: "/var/log/containers/" destination: "/var/log/containers/" readOnly: true + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} security: {{- end }} @@ -29,19 +52,15 @@ spec: seLinuxOptions: type: rke_logreader_t {{- end }} - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} fluentd: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} @@ -49,23 +68,29 @@ spec: configReloaderImage: repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.resources }} - resources: - {{- toYaml . | nindent 6 }} + resources: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.livenessProbe }} livenessProbe: {{- toYaml . | nindent 6 }} diff --git a/packages/rancher-logging/generated-changes/overlay/templates/loggings/root/logging.yaml b/packages/rancher-logging/generated-changes/overlay/templates/loggings/root/logging.yaml index ca85a4c94..d27d05193 100644 --- a/packages/rancher-logging/generated-changes/overlay/templates/loggings/root/logging.yaml +++ b/packages/rancher-logging/generated-changes/overlay/templates/loggings/root/logging.yaml @@ -29,10 +29,25 @@ spec: filterKubernetes: Kube_Tag_Prefix: "kuberentes.C.var.lib.rancher.rke.log." inputTail: - Path: "C:\\var\\lib\\rancher\\rke\\log" + Path: "{{ template "windowsPathPrefix" . }}/var/lib/rancher/rke/log" + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} extraVolumeMounts: - - source: "/var/lib/rancher/rke/log" - destination: "/var/lib/rancher/rke/log" + - source: "c:/var/lib/rancher/rke/log" + destination: "c:/var/lib/rancher/rke/log" readOnly: true daemonSet: spec: @@ -49,6 +64,32 @@ spec: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentbit.repository }} tag: {{ .Values.images.fluentbit.tag }} + {{- if or .Values.fluentbit.inputTail.Buffer_Chunk_Size .Values.fluentbit.inputTail.Buffer_Max_Size .Values.fluentbit.inputTail.Mem_Buf_Limit .Values.fluentbit.inputTail.Multiline_Flush .Values.fluentbit.inputTail.Skip_Long_Lines }} + inputTail: + {{- if .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + Buffer_Chunk_Size: {{ .Values.fluentbit.inputTail.Buffer_Chunk_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Buffer_Max_Size }} + Buffer_Max_Size: {{ .Values.fluentbit.inputTail.Buffer_Max_Size }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Mem_Buf_Limit }} + Mem_Buf_Limit: {{ .Values.fluentbit.inputTail.Mem_Buf_Limit }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Multiline_Flush }} + Multiline_Flush: {{ .Values.fluentbit.inputTail.Multiline_Flush }} + {{- end }} + {{- if .Values.fluentbit.inputTail.Skip_Long_Lines }} + Skip_Long_Lines: {{ .Values.fluentbit.inputTail.Skip_Long_Lines }} + {{- end }} + {{- end }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentbit.bufferStorage }} + bufferStorage: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} {{- if or .Values.global.psp.enabled .Values.global.seLinux.enabled }} security: {{- end }} @@ -61,26 +102,22 @@ spec: seLinuxOptions: type: rke_logreader_t {{- end }} - {{- if .Values.global.dockerRootDirectory }} + {{- if .Values.global.dockerRootDirectory }} mountPath: {{ $containers }} extraVolumeMounts: - source: {{ $containers }} destination: {{ $containers }} readOnly: true - {{- end }} - {{- $total_tolerations := concat (.Values.tolerations) (.Values.fluentbit.tolerations) }} - {{- with $total_tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} - {{- end }} - {{- with .Values.fluentbit.resources }} - resources: - {{- toYaml . | nindent 6 }} - {{- end }} + {{- end }} + {{- with (concat (.Values.tolerations) (.Values.fluentbit.tolerations)) }} + tolerations: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 6 }} + {{- end }} + {{- with .Values.fluentbit.resources }} + resources: {{- toYaml . | nindent 6 }} + {{- end }} fluentd: image: repository: {{ template "system_default_registry" . }}{{ .Values.images.fluentd.repository }} @@ -88,23 +125,29 @@ spec: configReloaderImage: repository: {{ template "system_default_registry" . }}{{ .Values.images.config_reloader.repository }} tag: {{ .Values.images.config_reloader.tag }} + {{- if not .Values.disablePvc }} + {{- with .Values.fluentd.bufferStorageVolume }} + bufferStorageVolume: {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} disablePvc: {{ .Values.disablePvc }} + {{- if .Values.fluentd.replicas }} + scaling: + replicas: {{ .Values.fluentd.replicas }} + {{- end }} {{- if .Values.global.psp.enabled }} security: podSecurityPolicyCreate: true roleBasedAccessControlCreate: true {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.tolerations .Values.fluentd.tolerations) }} + tolerations: {{- toYaml . | nindent 6 }} {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 6 }} + {{- with (default .Values.nodeSelector .Values.fluentd.nodeSelector) }} + nodeSelector: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.resources }} - resources: - {{- toYaml . | nindent 6 }} + resources: {{- toYaml . | nindent 6 }} {{- end }} {{- with .Values.fluentd.livenessProbe }} livenessProbe: {{- toYaml . | nindent 6 }} diff --git a/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch b/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch index 5981ef4b7..d52302956 100644 --- a/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch +++ b/packages/rancher-logging/generated-changes/patch/templates/_helpers.tpl.patch @@ -1,6 +1,6 @@ --- charts-original/templates/_helpers.tpl +++ charts/templates/_helpers.tpl -@@ -56,3 +56,21 @@ +@@ -56,3 +56,30 @@ {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} @@ -14,11 +14,20 @@ +{{- end -}} + +{{- define "windowsEnabled" }} -+ {{- if not (kindIs "invalid" .Values.global.cattle.windows) }} -+ {{- if not (kindIs "invalid" .Values.global.cattle.windows.enabled) }} -+ {{- if .Values.global.cattle.windows.enabled }} ++{{- if not (kindIs "invalid" .Values.global.cattle.windows) }} ++{{- if not (kindIs "invalid" .Values.global.cattle.windows.enabled) }} ++{{- if .Values.global.cattle.windows.enabled }} +true -+ {{- end }} -+ {{- end }} -+ {{- end }} ++{{- end }} ++{{- end }} ++{{- end }} ++{{- end }} ++ ++{{- define "windowsPathPrefix" }} ++{{- $temp := (default "c:\\" .Values.global.cattle.rkeWindowsPathPrefix | replace "\\" "/" | replace "//" "/") }} ++{{- if (hasSuffix "/" $temp) }} ++{{- trimSuffix "/" $temp }} ++{{- else }} ++{{- $temp }} ++{{- end }} +{{- end }} diff --git a/packages/rancher-logging/generated-changes/patch/values.yaml.patch b/packages/rancher-logging/generated-changes/patch/values.yaml.patch index 8d136dc89..84597e8d8 100644 --- a/packages/rancher-logging/generated-changes/patch/values.yaml.patch +++ b/packages/rancher-logging/generated-changes/patch/values.yaml.patch @@ -36,7 +36,7 @@ rbac: enabled: true psp: -@@ -85,3 +93,84 @@ +@@ -85,3 +93,94 @@ additionalLabels: {} metricRelabelings: [] relabelings: [] @@ -87,13 +87,22 @@ + tls: + enabled: false +fluentd: -+ resources: {} ++ bufferStorageVolume: {} + livenessProbe: + tcpSocket: + port: 24240 + initialDelaySeconds: 30 + periodSeconds: 15 ++ nodeSelector: {} ++ resources: {} ++ tolerations: {} +fluentbit: ++ inputTail: ++ Buffer_Chunk_Size: "" ++ Buffer_Max_Size: "" ++ Mem_Buf_Limit: "" ++ Multiline_Flush: "" ++ Skip_Long_Lines: "" + resources: {} + tolerations: + - key: node-role.kubernetes.io/controlplane @@ -119,5 +128,6 @@ + # logging operator. + psp: + enabled: true ++ rkeWindowsPathPrefix: "c:\\" + seLinux: + enabled: false diff --git a/packages/rancher-logging/package.yaml b/packages/rancher-logging/package.yaml index 438043ade..e58b0fe06 100644 --- a/packages/rancher-logging/package.yaml +++ b/packages/rancher-logging/package.yaml @@ -1,6 +1,6 @@ url: https://kubernetes-charts.banzaicloud.com/charts/logging-operator-3.9.4.tgz -packageVersion: 00 -releaseCandidateVersion: 08 +packageVersion: 01 +releaseCandidateVersion: 00 additionalCharts: - workingDir: charts-crd crdOptions: diff --git a/packages/rancher-vsphere-csi/charts/Chart.yaml b/packages/rancher-vsphere-csi/charts/Chart.yaml index 92f0a674e..6438148fa 100644 --- a/packages/rancher-vsphere-csi/charts/Chart.yaml +++ b/packages/rancher-vsphere-csi/charts/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: rancher-vsphere-csi -version: 2.1.0 -appVersion: 2.1.0 +version: 2.2.0 +appVersion: 2.2.0 description: vSphere Cloud Storage Interface (CSI) sources: - https://github.com/kubernetes-sigs/vsphere-csi-driver diff --git a/packages/rancher-vsphere-csi/charts/app-readme.md b/packages/rancher-vsphere-csi/charts/app-readme.md index 4f1606568..bae1876f0 100644 --- a/packages/rancher-vsphere-csi/charts/app-readme.md +++ b/packages/rancher-vsphere-csi/charts/app-readme.md @@ -1,6 +1,6 @@ # vSphere Container Storage Interface (CSI) -[vSphere Container Storage Interface (CSI)](https://github.com/kubernetes-sigs/vsphere-csi-driver/tree/release-2.1/manifests/v2.1.0/vsphere-7.0u1/) is a specification designed to enable persistent storage volume management on Container Orchestrators (COs) such as Kubernetes. The specification allows storage systems to integrate with containerized workloads running on Kubernetes. Using CSI, storage providers, such as VMware, can write and deploy plugins for storage systems in Kubernetes without a need to modify any core Kubernetes code. +[vSphere Container Storage Interface (CSI)](https://github.com/kubernetes-sigs/vsphere-csi-driver) is a specification designed to enable persistent storage volume management on Container Orchestrators (COs) such as Kubernetes. The specification allows storage systems to integrate with containerized workloads running on Kubernetes. Using CSI, storage providers, such as VMware, can write and deploy plugins for storage systems in Kubernetes without a need to modify any core Kubernetes code. CSI allows volume plugins to be installed on Kubernetes clusters as extensions. Once a CSI compatible volume driver is deployed on a Kubernetes cluster, users can use the CSI to provision, attach, mount, and format the volumes exposed by the CSI driver. diff --git a/packages/rancher-vsphere-csi/charts/questions.yaml b/packages/rancher-vsphere-csi/charts/questions.yaml index 114ea419f..f24f2bdd9 100644 --- a/packages/rancher-vsphere-csi/charts/questions.yaml +++ b/packages/rancher-vsphere-csi/charts/questions.yaml @@ -44,7 +44,20 @@ questions: description: Enable migration of volumes provisioned by in-tree vSphere provider to CSI (Available for vSphere 7.0 U1+ only) type: boolean default: false - group: Migration + group: Features + + - variable: csiAuthCheck.enabled + label: Enable authorization checks on operations involving datastores + type: boolean + default: false + group: Features + + - variable: onlineVolumeExtend.enabled + label: Enable Online Volume Extend + description: Enable expansion of PVCs that are in use by a Pod or mounted in a Node (Available for vSphere 7.0 U2+ only) + type: boolean + default: false + group: Features - variable: csiController.csiResizer.enabled label: Enable CSI Volume Resizer diff --git a/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-deployment.yaml b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-deployment.yaml index 67433b09a..1e001c4b6 100644 --- a/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-deployment.yaml +++ b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-deployment.yaml @@ -25,10 +25,24 @@ spec: node-role.kubernetes.io/controlplane: "true" {{- end }} tolerations: + # Rancher specific change: These tolerations are intentionally different from upstream to avoid lessening the scope to only NoSchedule with a specific key + # - key: node-role.kubernetes.io/master + # operator: Exists + # effect: NoSchedule - operator: "Exists" effect: NoSchedule - operator: "Exists" effect: NoExecute + # uncomment below toleration if you need an aggressive pod eviction in case when + # node becomes not-ready or unreachable. Default is 300 seconds if not specified. + #- key: node.kubernetes.io/not-ready + # operator: Exists + # effect: NoExecute + # tolerationSeconds: 30 + #- key: node.kubernetes.io/unreachable + # operator: Exists + # effect: NoExecute + # tolerationSeconds: 30 dnsPolicy: "Default" containers: - name: csi-attacher @@ -50,7 +64,10 @@ spec: args: - "--v=4" - "--timeout=300s" + - "--handle-volume-inuse-error=false" - "--csi-address=$(ADDRESS)" + - "--kube-api-qps=100" + - "--kube-api-burst=100" - "--leader-election" env: - name: ADDRESS @@ -82,6 +99,8 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: X_CSI_SERIAL_VOL_ACCESS_TIMEOUT + value: 3m volumeMounts: - mountPath: /etc/cloud name: vsphere-config-volume @@ -92,6 +111,9 @@ spec: - name: healthz containerPort: 9808 protocol: TCP + - name: prometheus + containerPort: 2112 + protocol: TCP livenessProbe: httpGet: path: /healthz @@ -115,6 +137,10 @@ spec: - "--fss-name=internal-feature-states.csi.vsphere.vmware.com" - "--fss-namespace=$(CSI_NAMESPACE)" imagePullPolicy: "Always" + ports: + - containerPort: 2113 + name: prometheus + protocol: TCP env: - name: FULL_SYNC_INTERVAL_MINUTES value: "30" @@ -140,6 +166,8 @@ spec: - "--v=4" - "--timeout=300s" - "--csi-address=$(ADDRESS)" + - "--kube-api-qps=100" + - "--kube-api-burst=100" - "--leader-election" - "--default-fstype=ext4" # needed only for topology aware setup @@ -161,12 +189,14 @@ spec: apiVersion: v1 data: "csi-migration": {{ .Values.csiMigration.enabled | quote }} + "csi-auth-check": {{ .Values.csiAuthCheck.enabled | quote }} + "online-volume-extend": {{ .Values.onlineVolumeExtend.enabled | quote }} kind: ConfigMap metadata: name: internal-feature-states.csi.vsphere.vmware.com namespace: {{ .Release.Namespace }} --- -apiVersion: storage.k8s.io/v1 # For k8s 1.17 or lower use storage.k8s.io/v1beta1 +apiVersion: storage.k8s.io/v1 # For k8s 1.17 use storage.k8s.io/v1beta1 kind: CSIDriver metadata: name: csi.vsphere.vmware.com @@ -174,3 +204,22 @@ spec: attachRequired: true podInfoOnMount: false --- +apiVersion: v1 +kind: Service +metadata: + name: vsphere-csi-controller + namespace: {{ .Release.Namespace }} + labels: + app: vsphere-csi-controller +spec: + ports: + - name: ctlr + port: 2112 + targetPort: 2112 + protocol: TCP + - name: syncer + port: 2113 + targetPort: 2113 + protocol: TCP + selector: + app: vsphere-csi-controller diff --git a/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-rbac.yaml b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-rbac.yaml index 819415e35..07f7aaf3a 100644 --- a/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-rbac.yaml +++ b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-controller-rbac.yaml @@ -36,7 +36,7 @@ rules: verbs: ["create", "get", "list", "watch", "update", "delete"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] - verbs: ["get", "create"] + verbs: ["get", "create", "update"] - apiGroups: ["storage.k8s.io"] resources: ["volumeattachments/status"] verbs: ["patch"] diff --git a/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-ds.yaml b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-ds.yaml index 127d41ecb..d4c6e1cdd 100644 --- a/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-ds.yaml +++ b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-ds.yaml @@ -18,6 +18,7 @@ spec: app: vsphere-csi-node role: vsphere-csi spec: + serviceAccountName: vsphere-csi-node dnsPolicy: "Default" containers: - name: node-driver-registrar @@ -32,8 +33,6 @@ spec: value: /csi/csi.sock - name: DRIVER_REG_SOCK_PATH value: {{ .Values.csiNode.prefixPath }}/var/lib/kubelet/plugins/csi.vsphere.vmware.com/csi.sock - securityContext: - privileged: true volumeMounts: - name: plugin-dir mountPath: /csi @@ -95,6 +94,10 @@ spec: mountPropagation: "Bidirectional" - name: device-dir mountPath: /dev + - name: blocks-dir + mountPath: /sys/block + - name: sys-devices-dir + mountPath: /sys/devices ports: - containerPort: 9808 name: healthz @@ -104,6 +107,8 @@ spec: port: healthz initialDelaySeconds: 10 timeoutSeconds: 5 + periodSeconds: 5 + failureThreshold: 3 - name: liveness-probe image: "{{ template "system_default_registry" . }}{{ .Values.csiNode.image.livenessProbe.repository }}:{{ .Values.csiNode.image.livenessProbe.tag }}" args: @@ -132,6 +137,14 @@ spec: - name: device-dir hostPath: path: /dev + - name: blocks-dir + hostPath: + path: /sys/block + type: Directory + - name: sys-devices-dir + hostPath: + path: /sys/devices + type: Directory tolerations: - effect: NoExecute operator: Exists diff --git a/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-rbac.yaml b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-rbac.yaml new file mode 100644 index 000000000..877a09456 --- /dev/null +++ b/packages/rancher-vsphere-csi/charts/templates/vsphere-csi-node-rbac.yaml @@ -0,0 +1,29 @@ +kind: ServiceAccount +apiVersion: v1 +metadata: + name: vsphere-csi-node + namespace: {{ .Release.Namespace }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-node-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + verbs: ["get", "list", "watch"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: vsphere-csi-node-binding + namespace: {{ .Release.Namespace }} +subjects: + - kind: ServiceAccount + name: vsphere-csi-node + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: vsphere-csi-node-role + apiGroup: rbac.authorization.k8s.io diff --git a/packages/rancher-vsphere-csi/charts/values.yaml b/packages/rancher-vsphere-csi/charts/values.yaml index 3e2b3a0c3..8cdd1f4d1 100644 --- a/packages/rancher-vsphere-csi/charts/values.yaml +++ b/packages/rancher-vsphere-csi/charts/values.yaml @@ -25,38 +25,43 @@ csiController: enabled: false image: repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver - tag: v2.1.0 + tag: v2.2.0 csiAttacher: repository: rancher/mirrored-k8scsi-csi-attacher - tag: v3.0.0 + tag: v3.1.0 csiResizer: repository: rancher/mirrored-k8scsi-csi-resizer - tag: v1.0.0 + tag: v1.1.0 livenessProbe: repository: rancher/mirrored-k8scsi-livenessprobe - tag: v2.1.0 + tag: v2.2.0 vsphereSyncer: repository: rancher/mirrored-cloud-provider-vsphere-csi-release-syncer - tag: v2.1.0 + tag: v2.2.0 csiProvisioner: repository: rancher/mirrored-k8scsi-csi-provisioner - tag: v2.0.0 + tag: v2.1.0 nodeSelector: {} +# Internal features csiMigration: enabled: false +csiAuthCheck: + enabled: false +onlineVolumeExtend: + enabled: false csiNode: prefixPath: "" image: repository: rancher/mirrored-cloud-provider-vsphere-csi-release-driver - tag: v2.1.0 + tag: v2.2.0 nodeDriverRegistrar: repository: rancher/mirrored-k8scsi-csi-node-driver-registrar - tag: v2.0.1 + tag: v2.1.0 livenessProbe: repository: rancher/mirrored-k8scsi-livenessprobe - tag: v2.1.0 + tag: v2.2.0 storageClass: enabled: true diff --git a/packages/rancher-webhook/generated-changes/patch/Chart.yaml.patch b/packages/rancher-webhook/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 000000000..dae486eec --- /dev/null +++ b/packages/rancher-webhook/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,16 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -5,11 +5,11 @@ + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: rancher-webhook + apiVersion: v2 +-appVersion: 0.2.0-alpha01 ++appVersion: 0.2.0-alpha + dependencies: + - condition: capi.enabled + name: capi + repository: "" + description: ValidatingAdmissionWebhook for Rancher types + name: rancher-webhook +-version: 0.2.0-alpha01 ++version: 0.2.0-alpha diff --git a/packages/rancher-webhook/package.yaml b/packages/rancher-webhook/package.yaml index 255ab1f2d..720542276 100644 --- a/packages/rancher-webhook/package.yaml +++ b/packages/rancher-webhook/package.yaml @@ -1,3 +1,3 @@ -url: https://github.com/rancher/webhook/releases/download/v0.1.0/rancher-webhook-0.1.0.tgz -packageVersion: 00 -releaseCandidateVersion: 03 +url: https://github.com/rancher/webhook/releases/download/v0.2.0-alpha01/rancher-webhook-0.2.0-alpha01.tgz +packageVersion: 01 +releaseCandidateVersion: 01 diff --git a/packages/system-upgrade-controller/.helmignore b/packages/system-upgrade-controller/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/packages/system-upgrade-controller/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/packages/system-upgrade-controller/charts/Chart.yaml b/packages/system-upgrade-controller/charts/Chart.yaml new file mode 100644 index 000000000..d676f0f7f --- /dev/null +++ b/packages/system-upgrade-controller/charts/Chart.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +name: system-upgrade-controller +description: General purpose controller to make system level updates to nodes +home: https://github.com/rancher/system-charts/charts/system-upgrade-controller +sources: + - "https://github.com/rancher/system-charts/charts/system-upgrade-controller" +version: 0.7.0 +appVersion: v0.7.0 +annotations: + catalog.cattle.io/certified: rancher + catalog.cattle.io/hidden: "true" + catalog.cattle.io/namespace: cattle-system + catalog.cattle.io/os: linux + catalog.cattle.io/release-name: system-upgrade-controller diff --git a/packages/system-upgrade-controller/charts/templates/_helpers.tpl b/packages/system-upgrade-controller/charts/templates/_helpers.tpl new file mode 100644 index 000000000..be11b4a66 --- /dev/null +++ b/packages/system-upgrade-controller/charts/templates/_helpers.tpl @@ -0,0 +1,9 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "system_default_registry" -}} +{{- if .Values.global.systemDefaultRegistry -}} +{{- printf "%s/" .Values.global.systemDefaultRegistry -}} +{{- else -}} +{{- "" -}} +{{- end -}} +{{- end -}} diff --git a/packages/system-upgrade-controller/charts/templates/clusterrolebinding.yaml b/packages/system-upgrade-controller/charts/templates/clusterrolebinding.yaml new file mode 100644 index 000000000..f485d8ba3 --- /dev/null +++ b/packages/system-upgrade-controller/charts/templates/clusterrolebinding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: system-upgrade-controller +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: system-upgrade-controller + namespace: cattle-system diff --git a/packages/system-upgrade-controller/charts/templates/configmap.yaml b/packages/system-upgrade-controller/charts/templates/configmap.yaml new file mode 100644 index 000000000..0807142aa --- /dev/null +++ b/packages/system-upgrade-controller/charts/templates/configmap.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: system-upgrade-controller-config +data: + SYSTEM_UPGRADE_CONTROLLER_DEBUG: {{ .Values.systemUpgradeControllerDebug | default "false" | quote }} + SYSTEM_UPGRADE_CONTROLLER_THREADS: {{ .Values.systemUpgradeControllerThreads | default "2" | quote }} + SYSTEM_UPGRADE_JOB_ACTIVE_DEADLINE_SECONDS: {{ .Values.systemUpgradeJobActiveDeadlineSeconds | default "900" | quote }} + SYSTEM_UPGRADE_JOB_BACKOFF_LIMIT: {{ .Values.systemUpgradeJobBackoffLimit | default "99" | quote }} + SYSTEM_UPGRADE_JOB_IMAGE_PULL_POLICY: {{ .Values.systemUpgradeJobImagePullPolicy | default "Always" | quote }} + SYSTEM_UPGRADE_JOB_KUBECTL_IMAGE: {{ template "system_default_registry" . }}{{ .Values.kubectl.image.repository }}:{{ .Values.kubectl.image.tag }} + SYSTEM_UPGRADE_JOB_PRIVILEGED: {{ .Values.systemUpgradeJobPrivileged | default "true" | quote }} + SYSTEM_UPGRADE_JOB_TTL_SECONDS_AFTER_FINISH: {{ .Values.systemUpgradeJobTTLSecondsAfterFinish | default "900" | quote }} + SYSTEM_UPGRADE_PLAN_POLLING_INTERVAL: {{ .Values.systemUpgradePlanRollingInterval | default "15m" | quote }} + diff --git a/packages/system-upgrade-controller/charts/templates/deployment.yaml b/packages/system-upgrade-controller/charts/templates/deployment.yaml new file mode 100644 index 000000000..088c8d13b --- /dev/null +++ b/packages/system-upgrade-controller/charts/templates/deployment.yaml @@ -0,0 +1,48 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: system-upgrade-controller +spec: + selector: + matchLabels: + upgrade.cattle.io/controller: system-upgrade-controller + template: + metadata: + labels: + upgrade.cattle.io/controller: system-upgrade-controller # necessary to avoid drain + spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - {key: "node-role.kubernetes.io/master", operator: In, values: ["true"]} + serviceAccountName: system-upgrade-controller + containers: + - name: system-upgrade-controller + image: {{ template "system_default_registry" . }}{{ .Values.systemUpgradeController.image.repository }}:{{ .Values.systemUpgradeController.image.tag }} + imagePullPolicy: IfNotPresent + envFrom: + - configMapRef: + name: system-upgrade-controller-config + env: + - name: SYSTEM_UPGRADE_CONTROLLER_NAME + valueFrom: + fieldRef: + fieldPath: metadata.labels['upgrade.cattle.io/controller'] + - name: SYSTEM_UPGRADE_CONTROLLER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - name: etc-ssl + mountPath: /etc/ssl + - name: tmp + mountPath: /tmp + volumes: + - name: etc-ssl + hostPath: + path: /etc/ssl + type: Directory + - name: tmp + emptyDir: {} diff --git a/packages/system-upgrade-controller/charts/templates/serviceaccount.yaml b/packages/system-upgrade-controller/charts/templates/serviceaccount.yaml new file mode 100644 index 000000000..30bc7af3b --- /dev/null +++ b/packages/system-upgrade-controller/charts/templates/serviceaccount.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: system-upgrade-controller diff --git a/packages/system-upgrade-controller/charts/values.yaml b/packages/system-upgrade-controller/charts/values.yaml new file mode 100644 index 000000000..ab93ba0f4 --- /dev/null +++ b/packages/system-upgrade-controller/charts/values.yaml @@ -0,0 +1,12 @@ +global: + systemDefaultRegistry: "" + +systemUpgradeController: + image: + repository: rancher/system-upgrade-controller + tag: v0.6.2 + +kubectl: + image: + repository: rancher/kubectl + tag: v1.18.0 diff --git a/packages/system-upgrade-controller/package.yaml b/packages/system-upgrade-controller/package.yaml new file mode 100644 index 000000000..62bd075a7 --- /dev/null +++ b/packages/system-upgrade-controller/package.yaml @@ -0,0 +1,3 @@ +url: local +packageVersion: 01 +releaseCandidateVersion: 01