From f07c14c1444790a810276194700737da1cda12f2 Mon Sep 17 00:00:00 2001 From: Samuel Attwood Date: Wed, 20 Jul 2022 15:43:48 -0400 Subject: [PATCH 1/2] Make patch - Loft 2.2.1 --- .../generated-changes/overlay/app-readme.md | 12 ++++++++++++ .../generated-changes/patch/Chart.yaml.patch | 18 ++++++++++++++++++ .../generated-changes/patch/values.yaml.patch | 18 ++++++++++++++++++ packages/loft/package.yaml | 2 ++ 4 files changed, 50 insertions(+) create mode 100644 packages/loft/generated-changes/overlay/app-readme.md create mode 100644 packages/loft/generated-changes/patch/Chart.yaml.patch create mode 100644 packages/loft/generated-changes/patch/values.yaml.patch create mode 100644 packages/loft/package.yaml diff --git a/packages/loft/generated-changes/overlay/app-readme.md b/packages/loft/generated-changes/overlay/app-readme.md new file mode 100644 index 000000000..d566f1492 --- /dev/null +++ b/packages/loft/generated-changes/overlay/app-readme.md @@ -0,0 +1,12 @@ +# Loft Chart + +## Namespace & Virtual Cluster Manager for Kubernetes + +- Lightweight Virtual Clusters that are flexible like namespaces but much more powerful +- Sleep Mode to put idle namespaces and virtual clusters asleep and saves up to 70% cloud costs +- Accounts & Account Users to separate tenants in a shared Kubernetes cluster +- Self-Service Namespace Provisioning for account users +- Account Limits to ensure quality of service and fairness when sharing a cluster +- Namespace Templates for secure tenant isolation and self-service namespace initialization +- Multi-Cluster Tenant Management for sharing a pool of clusters +- GitOps-Ready: Custom Resource Definitions for everything loft does diff --git a/packages/loft/generated-changes/patch/Chart.yaml.patch b/packages/loft/generated-changes/patch/Chart.yaml.patch new file mode 100644 index 000000000..cb2aa8679 --- /dev/null +++ b/packages/loft/generated-changes/patch/Chart.yaml.patch @@ -0,0 +1,18 @@ +--- charts-original/Chart.yaml ++++ charts/Chart.yaml +@@ -1,3 +1,7 @@ ++annotations: ++ catalog.cattle.io/certified: partner ++ catalog.cattle.io/display-name: Loft ++ catalog.cattle.io/release-name: loft + apiVersion: v2 + description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual + Clusters +@@ -15,6 +19,7 @@ + - namespace + - vcluster + - vclusters ++kubeVersion: ">= 1.22-0" + maintainers: + - email: info@loft.sh + name: Loft Labs, Inc. diff --git a/packages/loft/generated-changes/patch/values.yaml.patch b/packages/loft/generated-changes/patch/values.yaml.patch new file mode 100644 index 000000000..389aae95b --- /dev/null +++ b/packages/loft/generated-changes/patch/values.yaml.patch @@ -0,0 +1,18 @@ +--- charts-original/values.yaml ++++ charts/values.yaml +@@ -56,7 +56,7 @@ + # Declare variables to be passed into your templates. + + # Default value is: loftsh/loft:{{ .Chart.Version }} +-# image: loftsh/loft ++image: loftsh/loft:2.2.1 + + # Additional enviroment variables in the form of + # VAR_NAME: VAR_VALUE +@@ -152,4 +152,4 @@ + # - drops all capabilities + # - runs as non-root + securityContext: +- enabled: true +\ No newline at end of file ++ enabled: true diff --git a/packages/loft/package.yaml b/packages/loft/package.yaml new file mode 100644 index 000000000..ff5442102 --- /dev/null +++ b/packages/loft/package.yaml @@ -0,0 +1,2 @@ +url: https://charts.loft.sh/charts/loft-2.2.1.tgz +packageVersion: 01 From 52af8f18fdd3d19e1a064fc5d43af614d2f98268 Mon Sep 17 00:00:00 2001 From: Samuel Attwood Date: Wed, 20 Jul 2022 15:44:47 -0400 Subject: [PATCH 2/2] Make charts - Loft 2.2.1 --- assets/loft/loft-2.2.101.tgz | Bin 0 -> 5581 bytes charts/loft/loft/2.2.101/.helmignore | 21 ++ charts/loft/loft/2.2.101/Chart.yaml | 31 +++ charts/loft/loft/2.2.101/app-readme.md | 12 ++ charts/loft/loft/2.2.101/templates/NOTES.txt | 8 + .../loft/loft/2.2.101/templates/_helpers.tpl | 74 +++++++ .../2.2.101/templates/cert-issuer/issuer.yaml | 22 +++ .../loft/2.2.101/templates/deployment.yaml | 183 ++++++++++++++++++ .../loft/loft/2.2.101/templates/ingress.yaml | 56 ++++++ charts/loft/loft/2.2.101/templates/pvc.yaml | 18 ++ .../templates/rbac/clusterrolebinding.yaml | 21 ++ .../loft/loft/2.2.101/templates/secret.yaml | 19 ++ .../loft/loft/2.2.101/templates/service.yaml | 39 ++++ .../2.2.101/templates/serviceaccount.yaml | 25 +++ .../2.2.101/templates/servicemonitor.yaml | 32 +++ charts/loft/loft/2.2.101/values.yaml | 155 +++++++++++++++ index.yaml | 36 ++++ 17 files changed, 752 insertions(+) create mode 100644 assets/loft/loft-2.2.101.tgz create mode 100644 charts/loft/loft/2.2.101/.helmignore create mode 100644 charts/loft/loft/2.2.101/Chart.yaml create mode 100644 charts/loft/loft/2.2.101/app-readme.md create mode 100644 charts/loft/loft/2.2.101/templates/NOTES.txt create mode 100644 charts/loft/loft/2.2.101/templates/_helpers.tpl create mode 100644 charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml create mode 100644 charts/loft/loft/2.2.101/templates/deployment.yaml create mode 100644 charts/loft/loft/2.2.101/templates/ingress.yaml create mode 100644 charts/loft/loft/2.2.101/templates/pvc.yaml create mode 100644 charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml create mode 100644 charts/loft/loft/2.2.101/templates/secret.yaml create mode 100644 charts/loft/loft/2.2.101/templates/service.yaml create mode 100644 charts/loft/loft/2.2.101/templates/serviceaccount.yaml create mode 100644 charts/loft/loft/2.2.101/templates/servicemonitor.yaml create mode 100644 charts/loft/loft/2.2.101/values.yaml diff --git a/assets/loft/loft-2.2.101.tgz b/assets/loft/loft-2.2.101.tgz new file mode 100644 index 0000000000000000000000000000000000000000..aae24bdb91b1b98c03e9f71ae45e4b6984e93ac4 GIT binary patch literal 5581 zcmV;;6*B4{iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PKD1avL|YaDLBI^hag0NxsbRqMM6VId!zMHmiyxt3<_nQd?Ut zaHdHjngJ#Nh7x1@Jo_nJ=02n-TalfO@WZBN8jVJy(dce8FfpI0{_%nc6|6`SfAM>i z!C){r*xNJz4+ewg|HIK}_{DH%>ZYZQ`lHiqTMi%^Dwrpo+1!7vjD$8jbV3YaX2pltpfOfa7L6BJ7t zB3zIJWlBPXOTm{^W1?&hghlY03YC%AgB*qQ7F@TyP%4$Ib3i?rt&*DWntg}WFjuvp>C;CD1wkDh68Wp!mA9Rhe2e{eWBXzKsH z;oh_Ue~PjLr!yc7NR&_pnM46{!LvAmDMBcaD2yP=v<8C+)0nS}S~K8g!7w0WP$EOE zHzW$H8VrO7kP<1imK;MbS^4>2J*YDYRP&W*~Kp8H$lw%WpJ?$b*TUBvxVq6)U|YDn9XMrkfl}rj0L3*I zjB11_E+~sMf2oD?-2b|J$jCI->*|ce5({N)6lM%(r%6;Wv{fw4R8l|cp-{05LZKOOgRA0+CfnPAqbQ=fcO>o{BtubUp0R)Cy&HGcaR0_)2;ixA$w_h>@qScfyVR)Yn|mQ-*}e}yK> z3_mpaz-QhLygs^mb8&QjGB&?nAD#Vl;vrjhu+-vX+avUL3N7#>uC8!4HcxW3n5>Es z)x{{Se6`Ueyw)7~yWmMq%M}_c6G*}{rnFY;l5k<6jy22}hPI*;zx8zrlNUhXuNg|^ z^jd-m7ppN0M=#E)Rbgp1hW$a}0mL++O~BC)6|ml@*Wluk$62CydigPghP97>gKplEsF$_h%%J&Qt&BOa5}~3)d6ZM(JTQa zs+cZu6Q@`Bp@j*%#0GBz&X{6i=LERXz?q$Oj2q@Rr^+gp+c#>)JbWX zG}L)RnN-ah5{6d%>gLUneLSwM`fYQ{t$$ZM#&Q0KpIcTf&8{)MTA~m%!ZGxE-Ykpb z)MiMz~sCb1XLm&2pASR6)$=bIRtP`Ky$l361cWh?1MRs-{yx#Hvr?lrkLe z2E*N8sO>1N)TKfe;uz}W<`@7Z{SC)395}tQ1Fup?msDJkIYOwrVqdyPrgIlg&HC=4 zZ{fThxYX-{T3{w2kGY(4Mim!uT(!7z;dU=O?Vexw)U2n4#494^s4lrsV|Xzrt;GbD zprJHIr9!bJ@fZ#UX1GH^QoN=K@=T3k*F3D-DQ8Y`X+yx-N~ScXiW-Z@*G)|IhgUg^kg_cy)a;3Dli>Odsjhyq+R`-YiZZE49BX+mZAq;d;Qjl+^M2L_sSDw1O|O-B zWFW8X!wT#*hZu=qkZ_@$BAzK{DHzD_K#A4Z^8mht1;&YXmsBRZkd-iVRA$C>0exyl z{y|G){=ZpZte2TUrH>a1yl4LJ9`5Zn=KtRQ-r@87e~R+u*gheJ@IqzC^SmKb8tRHIHL@qXW~N|um^tm%6P9;#S*-> z!RM--3h(r?#zHvQH9u)G$!0Tp2R*+;hAc9_Epf-zz$8T*+V)++uNjHW?iG+UHDm|g zKha`0@JhF#yC7kTA<>qCCK^^NPnlx) zP2io*3Tb)OjG9ktzj%`N+q9duT(vT61gFlzy};&&`d zOkWz>$KP*1q!l^~HdrimRbJ3qd-`AkQ$d-ULGLfp|BLK3u-SGWB4q1+*MzS!s(PZh ztt~yGW@Me1SSVw!t{Ytg(p%e?Dy!?^o_8QHjY){m`~N-Yz3F|(OtOJFYf!Ht(7v=7 zNSX$vqa0A)x4zxmw?J7KXHi`j1bVU7t9c+7ebdnnP{#lR+s1FK6ypSS83Orau$(zc z(@HF?jjPyyEbX02m3Q!K##MpVNZ7V$*5P1LH;RNXGRMfDuIl~DU9L@%*VM_)=!5lv z)(mDnByq7$tJJ{)=h0ihLJfRfAIDNn1>dYg#46)fnZgCip8L_;3c=br`h&I|!w{u} z8(cYScS)7j=j^6r&6iy)G9j11R{s%KC4U&dg?ErKdUulYaG~cIpD43ime0Hw@DAjH zjP?&?mTVx-I+*1)ToK&dhO}}mu+gDv6C2n6hW!_!P%Z}3xBorDuJC>NKf}?eVgDT* z?C(F@e@{^wle~=fcSBiJZqwTMU4n{4M3FMUsa0CLk$moI zgULi>!USDF#zq#qtC^S9H7vt_-Jteu4x0+PBnp4T)x^XX%{Bv6wi(tT$%Bzaqb~es z{#eh%YJ@RxF`FEPO_v!Aa{`K3WBCAVux=e$HSECRJ6zWG=SNbepYdpj_PE=o6BrTVV!penYPnr1ZPCz1%jIZ`A=y?6y`)Fck+@gCe#C9ut5O^FDnl!9nnyh12T^4Ls16L`H4C>K1A#xSbBb_onGF(#`*v+P#@(ltt_b41rXs&J!`(zPvM7vI{+ zU;j~zL$++sjiZ<6rx$Nd&W}#dDovTZ&6>Gk<99ZoQ3(~V;kAX%v*@dU^>#0hCX;`@ zx_bHMA4ijaY|(y!u^OvfLrw=nY*69L8(e({U)tQ%@%Kd&)$GhJlHa~HRlC}A6q~%x z%6jJ7D3-C|=wY(0s@8hf+b${2$-TUK^*=wqxjvh`IX=0%?k2S=v-O--sFhaGNw@8? z(Q9mgJm<9mYm>$|llkMx&!3n|o5;S!7*#Q*`5VGB{JN&?rkO8A12ZkCYR%FCR#21cAe~2fi~HI4x*evgNMzahBesf#&#H5 z4=@)sGfhVFrCkn|MD$}m?-z$dsA%oZ>zlot@R5ktk{dU7TFM`P=Em%QtRzRRBcB zj^qVrSDdR#{_Hkp@&|Yt+t}}$jAx6bZ9<1UNeGL^@UNa+^!{D?!D24;LqF_&2R+5J za8Vb@zQq{xIehgMD7~Efe_sbuLEJs7KSJ~$%x=aboVch<2~>UBH92avKFFV(&9r4! zSrzgpUCkBHAJUZKF^XnDpz^S*!D^k&ZGP$y?njkI{NHUNJ?>H9`||&G51aYFd;152 z=lK6qlxEz)jeliPau8nz$CU*oIJ!J_u>%?WgGlHxRJUB*P&N;4Uf7(NVc(sN?KL)$ zyI>m$Hk*N`sK~Gy3bb1muDQ*-&v_SF5eEJf?NsEQ|EL{{)}})PS*$jpBS(Z#ujG^}ec1Jf4tL@uk zIlV?jF6RAPoJtYZR~BbuHVoiryseW5#zhwAmZ$H|jCaU_eo;2FP^w~@rbI1j zwyW=ALmhbZi>5RB7^?B_L;>>iL1(QxhBRa*;M$8u(~f6sYj4%YXskVO9!RN*TYqVeb3hiO~!hAIP_ z;CV_y2>j=bi#f4zoS(lPZg6Y!sJO7;kLN*sGM$r6 zf5A|hJM}E%C$*fA4cc=<^2j!RuAcO62dFjTUEXx_R7eT!c$3l}1kch9()FpQz@NG_ z^uINmAK3)F*Z$jYo&ViEe7^thNlHt@nL9Jq8Flv1#5$F4D{mc8YpKorRN#X1n=zyU zeRm&0XO?VRqgHm<>NkF^4S1}D{9IxwwLfx}y9-R9y=mcw?;T7J_K<~Jc)YFoZ@1Q; zGX6gr9Cn=lf1dwOQr1j!d%I=#JpY{|=J~D5d64Y$w-P%Qi=9W0d@>+M`=}=bx{!X( zYA|=mZF+m#77g?ZTdR_{+L5!G)}xvAo2ZJ%j7Ki++0m57cHscZo~42-9`bk$*Tx4)%9E+p>(hR?%se$G6U|5|LpCx&VLU_ z&-?#RQd-GrU6(wpcL!=giEVff>YL@z z(_ZsgR}$BKXo|$H(b{nNfB1R!ZvCIw8$6##{~sP6w)FqO!L$BI*|-`PiyXJxk)=1*n#%U(;j{UzIlZE#7c4 zwi~oiWqWn?m3vFbqLfosxw4ILH2hVqf0Xu8FN8k*{`QF)lI{`(iJ;Am-W0a zp(=h#Go7bVr=HbQ-UPh9Mh;WS7OCGCyuNA;(AF=nD_&nMhiM4WqP<()%`$x2gASFeNwMw}DDh@7w?N zcHlJ;lxGr7U!F)WNCp1|L*)fDLejTzg8%YIG!^Z+lr%NjwFw4E^!RPuoBwgpwEsr? z&-ed4O>uYS8xPp?c6KUXQ~WCbd}8ta#dCXUfw?@fydc-}d^n@?g}O!kZ?l&B%m@(( zvl#E_G)9Q&4VEjVglVQA$-;%bEIj46C}vsg`7ntQQ#j|5`J_^sDWFkYt7>jqbuH!} zMFb*EJ^fCSB}&LrUH@?K7YJjXMG$hSr00Y43?+P(|Ae2Up_zlkln8UXCNiR7C<9_Y z;uux$2QI(LxXouN%~v5@Q<-k6qyo;&2V!*F$jrB?%=N`;1$B%CP5h@r;X%)5m zz$B0gC1vB+xo>A$miB|1wnsoEx2Fd!r!@6>Go_*Ij?cTC4bO*j^ZCkLCax{2^CI2H zwo}lQavp2?iw{=%@B>w^Qt4kIiB@Acw%_N= 1.22-0' +maintainers: +- email: info@loft.sh + name: Loft Labs, Inc. + url: https://twitter.com/loft_sh +name: loft +sources: +- https://github.com/loft-sh/loft +type: application +version: 2.2.101 diff --git a/charts/loft/loft/2.2.101/app-readme.md b/charts/loft/loft/2.2.101/app-readme.md new file mode 100644 index 000000000..d566f1492 --- /dev/null +++ b/charts/loft/loft/2.2.101/app-readme.md @@ -0,0 +1,12 @@ +# Loft Chart + +## Namespace & Virtual Cluster Manager for Kubernetes + +- Lightweight Virtual Clusters that are flexible like namespaces but much more powerful +- Sleep Mode to put idle namespaces and virtual clusters asleep and saves up to 70% cloud costs +- Accounts & Account Users to separate tenants in a shared Kubernetes cluster +- Self-Service Namespace Provisioning for account users +- Account Limits to ensure quality of service and fairness when sharing a cluster +- Namespace Templates for secure tenant isolation and self-service namespace initialization +- Multi-Cluster Tenant Management for sharing a pool of clusters +- GitOps-Ready: Custom Resource Definitions for everything loft does diff --git a/charts/loft/loft/2.2.101/templates/NOTES.txt b/charts/loft/loft/2.2.101/templates/NOTES.txt new file mode 100644 index 000000000..6f54f1872 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/NOTES.txt @@ -0,0 +1,8 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} diff --git a/charts/loft/loft/2.2.101/templates/_helpers.tpl b/charts/loft/loft/2.2.101/templates/_helpers.tpl new file mode 100644 index 000000000..8501a436b --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/_helpers.tpl @@ -0,0 +1,74 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "loft.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "loft.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "loft.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "loft.labels" -}} +app.kubernetes.io/name: {{ include "loft.name" . }} +helm.sh/chart: {{ include "loft.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- else }} +app.kubernetes.io/version: {{ .Chart.Version | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "loft.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "loft.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Get access key for invite link +*/}} +{{- $}} +{{- define "loft.admin.accessKey" -}} +{{- now | unixEpoch | toString | trunc 8 | sha256sum -}} +{{- end -}} + +{{/* +Get loft admin user username +*/}} +{{- $}} +{{- define "loft.admin.name" -}} +admin +{{- end -}} diff --git a/charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml b/charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml new file mode 100644 index 000000000..349738671 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml @@ -0,0 +1,22 @@ +{{- if .Values.certIssuer.create }} +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.certIssuer.name }} +spec: + acme: + email: {{ .Values.certIssuer.email }} + server: {{ .Values.certIssuer.server }} + privateKeySecretRef: + name: {{ .Values.certIssuer.secretName }} + solvers: + {{- if .Values.certIssuer.httpResolver.enabled }} + - http01: + ingress: + class: {{ .Values.certIssuer.httpResolver.ingressClass }} + {{- end }} + {{- range .Values.certIssuer.resolvers }} + - +{{ toYaml . | indent 6 }} + {{- end }} +{{- end }} diff --git a/charts/loft/loft/2.2.101/templates/deployment.yaml b/charts/loft/loft/2.2.101/templates/deployment.yaml new file mode 100644 index 000000000..12ccda428 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/deployment.yaml @@ -0,0 +1,183 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "loft.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "loft.fullname" . }} + release: {{ .Release.Name }} + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: 1 + {{- if (eq (int .Values.replicaCount) 1) }} + maxUnavailable: 0 + {{- else }} + maxUnavailable: 1 + {{- end }} + type: RollingUpdate + template: + metadata: + labels: + app: {{ template "loft.fullname" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + terminationGracePeriodSeconds: 10 + serviceAccountName: {{ template "loft.serviceAccountName" . }} + volumes: + {{- if .Values.volumes }} +{{ toYaml .Values.volumes | indent 8 }} + {{- end }} + {{- if .Values.audit }} + {{- if .Values.audit.persistence.enabled }} + - name: audit-log + persistentVolumeClaim: + claimName: {{ template "loft.fullname" . }}-audit + {{- else if .Values.audit.enableSideCar }} + - name: audit-log + emptyDir: {} + {{- end }} + {{- end }} + containers: + - name: manager + {{- if .Values.image }} + image: "{{ .Values.image }}" + {{- else }} + image: "loftsh/loft:{{ .Chart.Version }}" + {{- end }} + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 10443 + - name: https-priv + containerPort: 443 + {{- if .Values.livenessProbe }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: 8080 + failureThreshold: 20 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- end }} + {{- end }} + {{- if .Values.readinessProbe }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8080 + failureThreshold: 20 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- end }} + {{- end }} + env: + - name: ADMIN_EMAIL + value: {{ .Values.admin.email | quote }} + {{- if .Values.admin.password }} + - name: ADMIN_PASSWORD_HASH + value: {{ .Values.admin.password | sha256sum | quote }} + {{- end }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 12 }} + {{- end }} + {{- if .Values.tls }} + {{- if .Values.tls.enabled }} + - name: PROXY_TLS_CERT + valueFrom: + secretKeyRef: + name: {{ .Values.tls.secret }} + key: {{ .Values.tls.crtKey }} + - name: PROXY_TLS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.tls.secret }} + key: {{ .Values.tls.keyKey }} + {{- end }} + {{- end }} + {{- if not .Values.apiService.enabled }} + - name: APISERVICE_DISABLED + value: "true" + {{- end }} + {{- range $key, $value := .Values.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + volumeMounts: + {{- if .Values.volumeMounts }} +{{ toYaml .Values.volumeMounts | indent 10 }} + {{- end }} + {{- if .Values.audit }} + {{- if or .Values.audit.enableSideCar .Values.audit.persistence.enabled }} + - mountPath: /var/log/loft + name: audit-log + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.securityContext }} + {{- if .Values.securityContext.enabled }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsNonRoot: true + {{- end }} + {{- end }} + {{- if .Values.audit }} + {{- if .Values.audit.enableSideCar }} + - name: audit + image: "{{ .Values.audit.image }}" + command: ["sh"] + args: ["-c", "touch /var/log/loft/audit.log && tail -F /var/log/loft/audit.log"] + volumeMounts: + - mountPath: /var/log/loft + name: audit-log + {{- end }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/ingress.yaml b/charts/loft/loft/2.2.101/templates/ingress.yaml new file mode 100644 index 000000000..ed844bda3 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/ingress.yaml @@ -0,0 +1,56 @@ +{{- if .Values.ingress.enabled }} +{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress"}} +apiVersion: networking.k8s.io/v1 +{{- else }} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ .Values.ingress.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass }} + nginx.ingress.kubernetes.io/proxy-read-timeout: "43200" + nginx.ingress.kubernetes.io/proxy-send-timeout: "43200" + nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k" + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/websocket-services: loft + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ .Values.ingress.path }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: ImplementationSpecific + backend: + service: + name: loft + port: + number: 80 + {{- else }} + backend: + serviceName: loft + servicePort: 80 + {{- end }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tls.secret }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/pvc.yaml b/charts/loft/loft/2.2.101/templates/pvc.yaml new file mode 100644 index 000000000..cbe9a0602 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{- if .Values.audit }} +{{- if .Values.audit.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "loft.fullname" . }}-audit + {{- if .Values.commonAnnotations }} + annotations: + {{- toYaml .Values.commonAnnotations | nindent 4 }} + {{- end }} +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: {{ .Values.audit.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.audit.persistence.size }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml b/charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml new file mode 100644 index 000000000..175eedbdb --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: loft-management-admin + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- if .Values.commonAnnotations }} + annotations: + {{- toYaml .Values.commonAnnotations | nindent 4 }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "loft.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.serviceAccount.clusterRole }} + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/secret.yaml b/charts/loft/loft/2.2.101/templates/secret.yaml new file mode 100644 index 000000000..76b75093d --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/secret.yaml @@ -0,0 +1,19 @@ +{{- if .Values.config }} +apiVersion: v1 +kind: Secret +metadata: + name: loft-config + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install + {{- if or .Values.commonAnnotations .Values.secretAnnotations }} + {{- with .Values.secretAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +data: + config: {{ toYaml .Values.config | b64enc }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/service.yaml b/charts/loft/loft/2.2.101/templates/service.yaml new file mode 100644 index 000000000..260d40214 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/service.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Service +metadata: + name: loft + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + loft.sh/service: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- with .Values.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + port: 80 + targetPort: 8080 + nodePort: {{ .Values.service.httpNodePort }} + protocol: TCP + - name: https + port: 443 + targetPort: 10443 + nodePort: {{ .Values.service.httpsNodePort }} + protocol: TCP + selector: + app: {{ template "loft.fullname" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/serviceaccount.yaml b/charts/loft/loft/2.2.101/templates/serviceaccount.yaml new file mode 100644 index 000000000..0ca0fb51e --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/serviceaccount.yaml @@ -0,0 +1,25 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "loft.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- with .Values.serviceAccount.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- if .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/loft/loft/2.2.101/templates/servicemonitor.yaml b/charts/loft/loft/2.2.101/templates/servicemonitor.yaml new file mode 100644 index 000000000..d85207d7a --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.serviceMonitor }} +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: loft + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: + app: {{ template "loft.fullname" . }} +{{- if .Values.serviceMonitor.labels }} +{{ toYaml .Values.serviceMonitor.labels | indent 4}} +{{- end }} +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + targetPort: {{ .Values.serviceMonitor.targetPort }} + path: {{ .Values.serviceMonitor.path }} + interval: {{ .Values.serviceMonitor.interval }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + jobLabel: {{ .Values.serviceMonitor.jobLabel }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + loft.sh/service: {{ template "loft.fullname" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/values.yaml b/charts/loft/loft/2.2.101/values.yaml new file mode 100644 index 000000000..9faac0d3b --- /dev/null +++ b/charts/loft/loft/2.2.101/values.yaml @@ -0,0 +1,155 @@ +# If an admin user should be created during deployment +admin: + create: true + username: admin + password: "my-password" + +# Loft service options +service: + type: ClusterIP + # labels: {} # {key: value} map of labels for the service + # annotations: {} # {key: value} map of annotations for the service + +# Ingress options to use loft behind an ingress +ingress: + enabled: false + name: loft-ingress + # labels: {} # {key: value} map of labels for the ingress + # annotations: {} # {key: value} map of annotations for the ingress + host: loft.mydomain.tld + ingressClass: nginx + path: / + tls: + enabled: true + secret: tls-loft + clusterIssuer: lets-encrypt-http-issuer + +# TLS configuration with a custom cert and key +# Make sure the secret exists prior to deploying loft, +# otherwise the loft pod will not be able to start +tls: + enabled: false + secret: loft-tls + crtKey: tls.crt + keyKey: tls.key + +# Additional annotations for the loft deployment +# annotations: {} + +# Additional labels for the loft deployment +# labels: {} + +# Additional annotations for the loft pod +# podAnnotations: {} + +# Additional common annotations for all resources +# commonAnnotations: {} + +# Annotations for the loft-config secret +# secretAnnotations: {} + +# Additional labels for the loft pod +# podLabels: {} + +# Default values for loft deployment. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default value is: loftsh/loft:{{ .Chart.Version }} +image: loftsh/loft:2.2.1 + +# Additional enviroment variables in the form of +# VAR_NAME: VAR_VALUE +env: {} + +# Additional environment variables in the form of +# VAR_NAME: +# secretKeyRef: +# name: mysecret +# key: username +envValueFrom: {} + +# Replica amount of the loft deployment +replicaCount: 1 + +# Resources of the loft deployment +resources: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 2Gi + cpu: "2" + +# Additional volumes that should be mounted to the loft deployment +volumes: [] + +# Additional volume mounts that should be mounted into the loft container +volumeMounts: [] + +# If the readinessProbe should be enabled +readinessProbe: + enabled: true + +# If the livenessProbe should be enabled +livenessProbe: + enabled: true + +# If an extension api service should be registered for +# the loft apis in kubernetes +apiService: + enabled: false + +# Additional loft service account options +serviceAccount: + name: loft + create: true + clusterRole: cluster-admin + annotations: {} + +nameOverride: "" +fullnameOverride: "" + +# If a cert issuer should be created for loft +certIssuer: + create: false + email: "" # This is a required field if create == true + name: lets-encrypt-http-issuer + secretName: loft-letsencrypt-credentials + server: https://acme-v02.api.letsencrypt.org/directory + httpResolver: + enabled: true + ingressClass: nginx + resolvers: [] + +# Additional options for audit logging +audit: + enableSideCar: false + image: library/alpine:3.13.1 + persistence: + enabled: false + size: 10Gi + # Optional storage class + #storageClassName: my-storage-class + +# Prometheus Service Monitor Configuration +serviceMonitor: + enabled: false + jobLabel: loft + targetPort: 80 + path: /metrics + interval: 60s + scrapeTimeout: 30s + labels: {} + +# Loft config to use initially +config: + audit: + enabled: true + +# Enables running loft agent with a security context that: +# - disables privileged escalation +# - drops all capabilities +# - runs as non-root +securityContext: + enabled: true diff --git a/index.yaml b/index.yaml index 61f36cec7..d099c6389 100755 --- a/index.yaml +++ b/index.yaml @@ -3245,6 +3245,42 @@ entries: urls: - assets/linkerd/linkerd2-2.11.0.tgz version: 2.11.0 + loft: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Loft + catalog.cattle.io/release-name: loft + apiVersion: v2 + created: "2022-07-20T15:43:52.926618-04:00" + description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual + Clusters + digest: 023d80f68967529b5c98f4b4feaa5f6f108ea8b119f12264fc8f9093985f10cf + home: https://loft.sh + icon: https://static.loft.sh/loft/logo/loft-logo.svg + keywords: + - developer + - development + - sharing + - share + - multi-tenancy + - tenancy + - cluster + - space + - namespace + - vcluster + - vclusters + kubeVersion: '>= 1.22-0' + maintainers: + - email: info@loft.sh + name: Loft Labs, Inc. + url: https://twitter.com/loft_sh + name: loft + sources: + - https://github.com/loft-sh/loft + type: application + urls: + - assets/loft/loft-2.2.101.tgz + version: 2.2.101 minio-operator: - annotations: catalog.cattle.io/certified: partner