Commit Graph

183 Commits (6239716e109eccc6168e23eecde51628b5697404)

Author SHA1 Message Date
Arvind Iyengar 6239716e10
Add NoExecute toleration to rke2Etcd and remove key
(cherry picked from commit a181ea3011)
2021-05-21 16:59:15 -07:00
Nick Gerace c9bf5990b0 Fix windows prefix path for logging 2021-05-19 20:17:39 -04:00
Arvind Iyengar e2c9a0746b
Fix monitoring Chart.yaml
This is required due to the change released in v0.1.0 of the charts-build-scripts to switch the package used for YAML marshalling / unmarshalling.

Note: This does not need a packageVersion bump since it has already been bumped once for this release.
(cherry picked from commit 7ec1716f66)
2021-05-17 15:39:49 -07:00
Arvind Iyengar 8845d9ae9f
Fix istio requirement.yaml
This is required due to the change released in v0.1.0 of the charts-build-scripts to switch the package used for YAML marshalling / unmarshalling.

(cherry picked from commit 5392d84cf6)
2021-05-17 15:39:40 -07:00
Arvind Iyengar ba726cdc6c
Fix alerting-drivers Chart.yaml
This is required due to the change released in v0.1.0 of the charts-build-scripts to switch the package used for YAML marshalling / unmarshalling.

Note: This does not need a packageVersion bump since it has already been bumped once for this release.
(cherry picked from commit e5415e48de)
2021-05-17 15:39:28 -07:00
Arvind Iyengar b350bb93e0
Remove rcVersions 2021-05-17 15:39:11 -07:00
Arvind Iyengar 1107be9199
Checkout current packages from dev-v2.6-source
```bash
git fetch upstream
git checkout upstream/dev-v2.6-source -- packages; git reset HEAD; git checkout -- packages/README.md
```

This overwrites the previous changes based on stuff currently in dev-v2.6-source today.
2021-05-17 15:34:49 -07:00
Arvind Iyengar 551327b14e
Checkout current packages from dev-v2.5-source
```bash
git fetch upstream
git checkout upstream/dev-v2.5-source -- packages; git reset HEAD; git checkout -- packages/README.md
```
2021-05-17 15:30:27 -07:00
Arvind Iyengar e0424d8ac0
Regenerate template based on v0.2.0 release
```bash
make template
```
2021-05-17 15:28:30 -07:00
Arvind Iyengar fd55955526
Remove packages/istio from the staging branch
This commit removes packages/istio from the staging branch.

This has been a long-standing pending maintenance task and should not have any impact on the staging branch.

Signed-off-by: Arvind Iyengar <arvind.iyengar@rancher.com>
2021-01-14 22:35:01 -08:00
actions 88defdad62 Generated changes 2020-09-28 22:35:02 +00:00
Daishan 2469c9213c Clean up folders 2020-09-22 16:26:19 -07:00
aiyengar2 f7cee8c5c7
Merge pull request #677 from aiyengar2/fix_magic_links
Fix broken magic links for Grafana and Prometheus
2020-09-22 14:56:33 -07:00
Darren Shepherd 161b04a5e6 fleet v0.3.0-beta3 2020-09-22 14:00:02 -07:00
Arvind Iyengar 92f0eca770 Add nginx proxy to Prometheus for magic links
This commit adds an nginx proxy in front of Prometheus that intercepts the requests that are sent to the Prometheus pod. This change was necessary since the Prometheus pod encounters issues with Rancher proxy URLs that are formatted like:

```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy
```

Specifically, if using the root_url option, it doubles up this URL when making requests for resources, e.g.
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/<my-path>
=>
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-prometheus:9090/proxy/<my-path>
```

However, this does not resolve the issue in https://github.com/rancher/rancher/issues/29068.
2020-09-22 11:20:57 -07:00
Arvind Iyengar d6c774aa42 Add nginx proxy to Grafana for magic links
This commit adds an nginx proxy in front of Grafana that intercepts the requests that are sent to the Grafana pod. This change was necessary since the Grafana pod encounters issues with Rancher proxy URLs that are formatted like:

```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy
```

Specifically, if using the root_url option, it doubles up this URL when making requests for resources, e.g.
```
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path>
=>
<server-url>/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/k8s/clusters/<cluster-id>/api/v1/namespaces/cattle-monitoring-system/services/http:rancher-monitoring-grafana:80/proxy/<my-path>
```
2020-09-22 11:20:57 -07:00
rajashree 37a8648cf8 Change encryption config field name in restore crd 2020-09-22 10:26:48 -07:00
maggieliu 34fdd14bca
Merge pull request #674 from aiyengar2/fix_monitoring_chart_hardened
Support monitoring in hardened RKE clusters
2020-09-22 10:04:58 -07:00
maggieliu 6edb750ce9
Merge pull request #675 from aiyengar2/fix_pushprox_chart_hardened
Support pushprox in hardened RKE clusters
2020-09-22 10:04:44 -07:00
Prachi Damle 0f786657a2
Merge pull request #676 from prachidamle/airgap_fix
Use global registry for security-scan and sonobuoy tool images to support airgapped setups
2020-09-21 20:59:38 -07:00
Jacob Payne 91d1dedca1
allow tolerations to be passed to fluentbit containers (#673) 2020-09-21 16:47:48 -07:00
Prachi Damle 42f30bfad1 Use the system_default_registry for security-scan and sonobuoy images
Deleting tgz assets
2020-09-21 15:21:56 -07:00
Steven Crespo 32f1b41934
Merge pull request #670 from PennyScissors/update-gk-v3.1.1
Update gatekeeper to version 3.1.1
2020-09-21 15:01:46 -07:00
Steven Crespo 5757f8cc15 Update gatekeeper to v3.1.1 2020-09-21 12:26:43 -07:00
Arvind Iyengar e3d6033572 Support monitoring in hardened RKE clusters
This commit adds support for deploying rancher-monitoring into hardened clusters.

It modifies some of the default securityContexts and does some misc. fixes such as:
- Removing default AppArmor PSP annotations from Grafana (related to https://github.com/helm/charts/issues/9090)
- Modifying rkeScheduler and rkeControllerManager to use localhost to scrape components since the endpoints aren't exposed in a hardened cluster

These changes have been verified on a hardened RKE cluster.
2020-09-21 12:04:07 -07:00
Arvind Iyengar 7d1332356c Support pushprox in hardened RKE clusters
This commit adds support for deploying rancher-pushprox into hardened clusters.

It introduces securityContexts and rearranges the RBAC in order to support a PodSecurityPolicy for the PushProx clients.

These changes have been verified on a hardened RKE cluster.
2020-09-21 00:20:45 -07:00
Arvind Iyengar 4da2300a26 Move pushprox RBAC into separate file 2020-09-21 00:20:10 -07:00
Jacob Payne 60c84b3c3b
fixed eks and k3s logging in airgap (#671) 2020-09-20 15:00:04 -07:00
Arvind Iyengar b80fb3a8ff Use separate namespace only for dashboards
This commit renames `grafana-dashboards` to `cattle-dashboards` and deprecates the `grafana-datasources` namespace in favor of the normal release namespace.

Related Issue: rancher/rancher#28887
2020-09-19 19:23:35 -07:00
Arvind Iyengar 0fa3a06de0 Split RBAC for ConfigMaps and Secrets
Related Issue: https://github.com/rancher/rancher/issues/29013
2020-09-19 19:23:33 -07:00
Arvind Iyengar 2e1ed1b130 Relocate Rancher roles to overlay/ 2020-09-19 19:00:23 -07:00
Daishan 89cb2793e9 Bump fleet, rancher-operator, webhook 2020-09-18 23:01:59 -07:00
Arvind Iyengar 95cf887f5f Add annotations that were left out on rebase
Dropped on accident in rebase https://github.com/rancher/charts/pull/641/files#diff-ed5b5b87cf149adc6a6408bf81993efdR681-R682
2020-09-18 17:08:11 -07:00
Brenda Rearden 34676b359a
Merge pull request #667 from brendarearden/image-updates
Set installer repo,tag in values.yaml
2020-09-18 16:41:06 -07:00
aiyengar2 034952747f
Merge pull request #666 from aiyengar2/fix_kube_dns_namespace
Create kube-dns service monitor in kube-system
2020-09-18 16:34:48 -07:00
Brenda Rearden 9932422f51 Set installer repo,tag in values.yaml 2020-09-18 15:56:15 -07:00
Rajashree Mandaogane 820f105aa2
Merge pull request #663 from mrajashree/upd
Update resourceset to include configmaps for clusterrepos
2020-09-18 15:37:18 -07:00
Arvind Iyengar 700975ee95 Create kube-dns service monitor in kube-system
This is required since, by default, we ignoreNamespaceSelectors.
2020-09-18 15:35:21 -07:00
aiyengar2 afb3af8690
Merge pull request #662 from aiyengar2/use_new_busybox
Replace rancher/busybox w/ rancher/library-busybox
2020-09-18 15:29:56 -07:00
rajashree b3cc3a717c Update resourceset to include configmaps for clusterrepos 2020-09-18 15:26:55 -07:00
Brenda Rearden 14f0a39a4a
Merge pull request #659 from brendarearden/image-updates
Image updates for Istio 1.7.1 and Kiali 1.23.0
2020-09-18 10:57:10 -07:00
Prachi Damle 89746f9fe1
Merge pull request #664 from prachidamle/new_cis_fixes
CIS chart fixes to update image tag, fixes for hardened cluster
2020-09-18 10:47:13 -07:00
Prachi Damle 2dd35d89bb Delete tgz files from assets, parameter in the post-install hook for namespace should use the
helm templating
2020-09-18 10:36:16 -07:00
Brenda Rearden d397bb512c Update kiali to 1.23.0 2020-09-18 10:25:50 -07:00
Darren Shepherd ecd90e66af fleet-0.3.0-beta1 2020-09-18 07:33:18 -07:00
Prachi Damle af609af172 Fixes to clear error state on scan retry, fixes for CIS hardened cluster 2020-09-18 00:33:33 -07:00
Daishan Peng 4cd7a24bd8
Merge pull request #660 from StrongMonkey/add-rio-annotations
Add istio dependency to rio chart
2020-09-17 20:28:45 -07:00
Arvind Iyengar c263e58157 Replace rancher/busybox w/ rancher/library-busybox
Related Issue: https://github.com/rancher/rancher/issues/28978
2020-09-17 18:38:14 -07:00
Arvind Iyengar 178528b12c Rebase to new upstream at kube-prometheus-stack
The old upstream at https://github.com/helm/charts/tree/master/stable/prometheus-operator has been deprecated in favor of the chart at https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack.

This commit modifies the rancher-monitoring patch in order to rebase to this new upstream, so it contains a ton of different changes to the patch file.

Related Issue: rancher/rancher#28822
2020-09-17 17:10:42 -07:00
Daishan f29ed480a8 Add istio dependency to rio chart 2020-09-17 16:51:55 -07:00