andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #918 from nflondo/remove-deprecated-issue-915 

Removing apps listed in issue 915
pull/920/head
alex-isv 2023-10-23 15:57:44 -06:00 committed by GitHub
parent 83d785a3f1 2a27146235
commit 09d9ff9fc1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
120 changed files with 2 additions and 9002 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/aws-event-sources/aws-event-sources-0.1.901.tgz
View File

Binary file not shown.

BIN
assets/dynatrace/dynatrace-oneagent-operator-0.10.201.tgz
View File

Binary file not shown.

BIN
assets/dynatrace/dynatrace-oneagent-operator-0.8.000.tgz
View File

Binary file not shown.

BIN
assets/dynatrace/dynatrace-oneagent-operator-0.8.1.tgz
View File

Binary file not shown.

BIN
assets/hpe/hpe-flexvolume-driver-3.1.000.tgz
View File

Binary file not shown.

BIN
assets/hpe/hpe-flexvolume-driver-3.1.1.tgz
View File

Binary file not shown.

BIN
assets/softiron/ceph-csi-rbd-1.3.1.tgz
View File

Binary file not shown.

27
charts/aws-event-sources/aws-event-sources/Chart.yaml
View File

@ -1,27 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Sources for Amazon Web Services
catalog.cattle.io/hidden: "true"
catalog.cattle.io/release-name: aws-event-sources
apiVersion: v2
appVersion: 1.7.0
description: AWS Event Sources controller for Kubernetes
home: https://github.com/triggermesh/aws-event-sources
icon: https://global-uploads.webflow.com/5f683649f57c927210b6707e/5f683649f57c9261bab67097_logo.svg
keywords:
- knative-eventing
- sources
- aws
- triggermesh
- serverless
kubeVersion: '>=1.18.0'
maintainers:
- email: sameer@triggermesh.com
name: sameersbn
- email: antoine@triggermesh.com
name: antoineco
name: aws-event-sources
sources:
- https://github.com/triggermesh/aws-event-sources
type: application
version: 0.1.901

113
charts/aws-event-sources/aws-event-sources/README.md
View File

@ -1,113 +0,0 @@
# aws-event-sources
Installs TriggerMesh AWS event sources controller. The following event sources are currently supported by the controller
- Amazon CodeCommit (`kind: AWSCodeCommitSource`)
- Amazon Cognito Identity (`kind: AWSCognitoIdentitySource`)
- Amazon Cognito UserPool (`kind: AWSCognitoUserPoolSource`)
- Amazon DynamoDB (`kind: AWSDynamoDBSource`)
- Amazon Kinesis (`kind: AWSKinesisSource`)
- Amazon Simple Notification Service (`kind: AWSSNSSource`)
- Amazon Simple Queue Service (`kind: AWSSQSSource`)
Refer to [aws-event-sources/config/samples](https://github.com/triggermesh/aws-event-sources/tree/master/config/samples) for examples that make use of the controller.
## TL;DR;
```console
$ helm repo add triggermesh https://storage.googleapis.com/triggermesh-charts
$ helm install triggermesh/aws-event-sources
```
To report bugs and for feedback and support please [create a new issue](https://github.com/triggermesh/aws-event-sources/issues/new).
## Introduction
This chart installs the [aws-event-sources](https://github.com/triggermesh/aws-event-sources) controller on a Kubernetes cluster.
## Prerequisites
- Kubernetes 1.16+ with Beta APIs
- Helm 3.0+
- Knative v0.14+
## Installing the Chart
Add the TriggerMesh chart repository to Helm:
```console
$ helm repo add triggermesh https://storage.googleapis.com/triggermesh-charts
```
To install the chart with the release name `my-release`:
```console
$ helm install --name my-release triggermesh/aws-event-sources
```
The command deploys the aws-event-sources controller in the default configuration. Refer to the [configuration](#configuration) section for the complete list of parameters that can be specified to customize the deployment of the controller.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The Kubernetes resources associated with chart will be removed and the Helm release will be deleted.
However note that the `CustomResourceDefinition` resources created by the chart will not be removed by the delete command and therefore need to be removed manually.
```console
$ kubectl delete crd awscodecommitsources.sources.triggermesh.io
$ kubectl delete crd awscognitoidentitysources.sources.triggermesh.io
$ kubectl delete crd awscognitouserpoolsources.sources.triggermesh.io
$ kubectl delete crd awsdynamodbsources.sources.triggermesh.io
$ kubectl delete crd awsiotsources.sources.triggermesh.io
$ kubectl delete crd awskinesissources.sources.triggermesh.io
$ kubectl delete crd awssnssources.sources.triggermesh.io
$ kubectl delete crd awssqssources.sources.triggermesh.io
```
## Configuration
| Parameter | Description | Default |
|---------------------------------------------|-----------------------------------------------------|--------------------------------------------|
| `nameOverride` | Override the name for controller resources | `""` |
| `fullnameOverride` | Override the fullname for controller resources | `""` |
| `rbac.create` | Create RBAC resources | `true` |
| `serviceAccount.create` | Create service account for the controller | `true` |
| `serviceAccount.annotations` | Annotations to add to controller service account | `{}` |
| `serviceAccount.name` | Override the name for the service account | `nil` |
| `imagePullSecrets` | Specify image pull secrets | `[]` |
| `image.registry` | Image registry name | `gcr.io` |
| `image.repository` | Image repository name | `triggermesh/aws-event-sources-controller` |
| `image.tag` | Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `adapter.awscloudwatch.repository` | AWS adapter Cloudwatch image name | `triggermesh/awscloudwatchsource` |
| `adapter.awscloudwatch.tag` | AWS adapter Cloudwatch image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscloudwatchlogs.repository` | AWS adapter Cloudwatch Logs image name | `triggermesh/awscloudwatchlogssource` |
| `adapter.awscloudwatchlogs.tag` | AWS adapter Cloudwatch Logs image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscodecommit.repository` | AWS adapter CodeCommit image name | `triggermesh/awscodecommitsource` |
| `adapter.awscodecommit.tag` | AWS adapter CodeCommit image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscognitoidentity.repository` | AWS adapter Cognito Identity image name | `triggermesh/awscognitoidentitysource` |
| `adapter.awscognitoidentity.tag` | AWS adapter Cognito Identity image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscognitouserpool.repository` | AWS adapter Cognito Userpool image name | `triggermesh/awscognitouserpoolsource` |
| `adapter.awscognitouserpool.tag` | AWS adapter Cognito Userpool image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awsdynamodb.repository` | AWS adapter DynamoDB image name | `triggermesh/awsdynamodbsource` |
| `adapter.awsdynamodb.tag` | AWS adapter DynamoDB image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awskinesis.repository` | AWS adapter Kinesis image name | `triggermesh/awskinesissource` |
| `adapter.awskinesis.tag` | AWS adapter Kinesis image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awsperformanceinsights.repository` | AWS adapter Performance Insights image name | `triggermesh/awsperformanceinsightssource` |
| `adapter.awsperformanceinsights.tag` | AWS adapter Performance Insights image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awssns.repository` | AWS adapter SNS image name | `triggermesh/awssnssource` |
| `adapter.awssns.tag` | AWS adapter SNS image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awssqs.repository` | AWS adapter SQS image name | `triggermesh/awssqssource` |
| `adapter.awssqs.tag` | AWS adapter SQS image tag | `_defaults to value of `.image.tag`_` |
| `podAnnotations` | Annotations to add to the controller pod | `{}`` |
| `podSecurityContext` | Security context for controller pods | `{}` |
| `securityContext` | Security context for controller containers | `{}` |
| `resources` | Resource requests/limits for the controller | `{requests: {cpu: 20m, memory: 20Mi}}` |
| `nodeSelector` | Controller node selector | `{}` |
| `tolerations` | Tolerations for use with node taints | `[]` |
| `affinity` | Assign custom affinity rules to the controller pods | `{}` |

5
charts/aws-event-sources/aws-event-sources/app-readme.md
View File

@ -1,5 +0,0 @@
# TriggerMesh AWS Event Sources
[aws-event-sources](https://github.com/triggermesh/aws-event-sources) is a Kubernetes controller that implements Knative event sources for AWS services.
You may be using some Cloud services on AWS but still interested to run workloads within Kubernetes. To trigger those workloads when events happen in your AWS service you need to have an event source that can consume AWS events and send them to your workload.

219
charts/aws-event-sources/aws-event-sources/crds/crd-awscloudwatch.yaml
View File

@ -1,219 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscloudwatchsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.cloudwatch.metrics.message" },
{ "type": "com.amazon.cloudwatch.metrics.metric" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCloudWatchSource
plural: awscloudwatchsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
region:
type: string
pollingInterval:
type: string
metricQueries:
type: array
items:
type: object
properties:
name:
type: string
pattern: ^[a-z]\w{0,254}$
expression:
type: string
metric:
type: object
properties:
period:
type: integer
stat:
type: string
unit:
type: string
metric:
type: object
properties:
metricName:
type: string
namespace:
type: string
dimensions:
type: array
items:
type: object
properties:
name:
type: string
value:
type: string
oneOf:
- required: ['expression']
- required: ['metric']
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- region
- metricQueries
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

180
charts/aws-event-sources/aws-event-sources/crds/crd-awscloudwatchlogs.yaml
View File

@ -1,180 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscloudwatchlogssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.logs.log" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCloudWatchLogsSource
plural: awscloudwatchlogssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:logs:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
pollingInterval:
type: string
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

188
charts/aws-event-sources/aws-event-sources/crds/crd-awscodecommit.yaml
View File

@ -1,188 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscodecommitsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.codecommit.push" },
{ "type": "com.amazon.codecommit.pull_request" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCodeCommitSource
plural: awscodecommitsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:codecommit:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
branch:
type: string
eventTypes:
type: array
items:
type: string
enum: [push, pull_request]
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- branch
- eventTypes
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/crds/crd-awscognitoidentity.yaml
View File

@ -1,178 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscognitoidentitysources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.cognito-identity.sync_trigger" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCognitoIdentitySource
plural: awscognitoidentitysources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:cognito-identity:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:identitypool\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/crds/crd-awscognitouserpool.yaml
View File

@ -1,178 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscognitouserpoolsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.cognitouserpool.sync_trigger" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCognitoUserPoolSource
plural: awscognitouserpoolsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:cognito-idp:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:userpool\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

180
charts/aws-event-sources/aws-event-sources/crds/crd-awsdynamodb.yaml
View File

@ -1,180 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awsdynamodbsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.dynamodb.insert" },
{ "type": "com.amazon.dynamodb.modify" },
{ "type": "com.amazon.dynamodb.remove" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSDynamoDBSource
plural: awsdynamodbsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:dynamodb:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:table\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

157
charts/aws-event-sources/aws-event-sources/crds/crd-awsiot.yaml
View File

@ -1,157 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awsiotsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.iot.greetings" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSIoTSource
plural: awsiotsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
endpoint:
type: string
format: hostname
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:iot:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:topic\/.+$'
rootCA:
type: string
rootCAPath:
type: string
certificate:
type: string
certificatePath:
type: string
privateKey:
type: string
privateKeyPath:
type: string
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- endpoint
- arn
- rootCA
- certificate
- privateKey
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/crds/crd-awskinesis.yaml
View File

@ -1,178 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awskinesissources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.kinesis.stream_record" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSKinesisSource
plural: awskinesissources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:kinesis:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:stream\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

187
charts/aws-event-sources/aws-event-sources/crds/crd-awsperformanceinsights.yaml
View File

@ -1,187 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awsperformanceinsightssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.rds.pi.metric" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSPerformanceInsightsSource
plural: awsperformanceinsightssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: ^arn:aws(-cn|-us-gov)?:rds:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$
pollingInterval:
type: string
metricQueries:
type: array
items:
type: string
minLength: 1
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
- pollingInterval
- metricQueries
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

219
charts/aws-event-sources/aws-event-sources/crds/crd-awss3.yaml
View File

@ -1,219 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awss3sources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.s3.objectcreated" },
{ "type": "com.amazon.s3.objectremoved" },
{ "type": "com.amazon.s3.objectrestore" },
{ "type": "com.amazon.s3.reducedredundancylostobject" },
{ "type": "com.amazon.s3.replication" },
{ "type": "com.amazon.s3.testevent" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSS3Source
plural: awss3sources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
# Bucket naming rules
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
pattern: ^arn:aws(-cn|-us-gov)?:s3:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:[0-9a-z][0-9a-z.-]{2,62}$
eventTypes:
type: array
items:
type: string
# Accepted values
# https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html
enum:
- s3:ObjectCreated:*
- s3:ObjectCreated:Put
- s3:ObjectCreated:Post
- s3:ObjectCreated:Copy
- s3:ObjectCreated:CompleteMultipartUpload
- s3:ObjectRemoved:*
- s3:ObjectRemoved:Delete
- s3:ObjectRemoved:DeleteMarkerCreated
- s3:ObjectRestore:*
- s3:ObjectRestore:Post
- s3:ObjectRestore:Completed
- s3:ReducedRedundancyLostObject
- s3:Replication:*
- s3:Replication:OperationFailedReplication
- s3:Replication:OperationNotTracked
- s3:Replication:OperationMissedThreshold
- s3:Replication:OperationReplicatedAfterThreshold
queueARN:
type: string
pattern: ^arn:aws(-cn|-us-gov)?:sqs:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: [value]
- required: [valueFromSecret]
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: [value]
- required: [valueFromSecret]
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: [ref]
- required: [uri]
required:
- arn
- eventTypes
- sink
status:
type: object
properties:
queueARN:
type: string
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Queue
type: string
jsonPath: .status.queueARN
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

207
charts/aws-event-sources/aws-event-sources/crds/crd-awssns.yaml
View File

@ -1,207 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awssnssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.sns.notification" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSSNSSource
plural: awssnssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:sns:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
subscriptionAttributes:
type: object
properties:
DeliveryPolicy:
type: string
format: json
nullable: true
FilterPolicy:
type: string
format: json
nullable: true
RawMessageDelivery:
type: string
format: json
nullable: true
RedrivePolicy:
type: string
format: json
nullable: true
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
subscriptionARN:
type: string
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
address:
type: object
properties:
url:
type: string
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: URL
type: string
jsonPath: .status.address.url
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/crds/crd-awssqs.yaml
View File

@ -1,178 +0,0 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awssqssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.sqs.message" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSSQSSource
plural: awssqssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:sqs:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

24
charts/aws-event-sources/aws-event-sources/questions.yml
View File

@ -1,24 +0,0 @@
questions:
- variable: defaultImage
default: true
description: "Use default Docker images"
label: Use Default Images
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: image.registry
default: "gcr.io"
description: "Docker image registry"
type: string
label: Image Registry
- variable: image.repository
default: "triggermesh/aws-event-sources-controller"
description: "Docker image repository"
type: string
label: Image Repository
- variable: image.tag
default: "v1.7.0"
description: "Docker image tag"
type: string
label: Image Tag

9
charts/aws-event-sources/aws-event-sources/templates/NOTES.txt
View File

@ -1,9 +0,0 @@
TriggerMesh AWS event sources controller for Knative has been installed.
To view the controller logs:
kubectl logs -f deploy/{{ include "aws-event-sources.fullname" . }}-controller --namespace {{ .Release.Namespace }}
Refer to https://github.com/triggermesh/aws-event-sources/tree/master/config/samples for examples that make use of the controller.
For support and feedback contact us as https://github.com/triggermesh/aws-event-sources/issues/new.

63
charts/aws-event-sources/aws-event-sources/templates/_helpers.tpl
View File

@ -1,63 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "aws-event-sources.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "aws-event-sources.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "aws-event-sources.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "aws-event-sources.labels" -}}
helm.sh/chart: {{ include "aws-event-sources.chart" . }}
{{ include "aws-event-sources.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "aws-event-sources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "aws-event-sources.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "aws-event-sources.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "aws-event-sources.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

213
charts/aws-event-sources/aws-event-sources/templates/clusterrolebinding.yaml
View File

@ -1,213 +0,0 @@
# Copyright (c) 2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app {{ template "aws-event-sources.fullname" . }}-controller
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
# Permissions not required by controllers directly, but granted to
# receive-adapters via RoleBindings.
#
# Without them, the following error is thrown:
# "attempting to grant RBAC permissions not currently held"
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscloudwatchlogssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscloudwatchsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscodecommitsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscognitoidentitysource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscognitouserpoolsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awsdynamodbsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awsiotsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awskinesissource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awsperformanceinsightssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awss3source-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awssnssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awssqssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
# Resolve sink URIs
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "aws-event-sources.fullname" . }}-controller-addressable-resolver
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: addressable-resolver
{{- end }}

378
charts/aws-event-sources/aws-event-sources/templates/clusterroles.yaml
View File

@ -1,378 +0,0 @@
# Copyright (c) 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "aws-event-sources.fullname" . }}-controller
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
rules:
# Record Kubernetes events
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- update
# Manage receive-adapters
- apiGroups:
- apps
resources:
- deployments
verbs: &all
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- serving.knative.dev
resources:
- services
verbs: *all
# Read Source resources and update their statuses
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources
- awscloudwatchsources
- awscodecommitsources
- awscognitoidentitysources
- awscognitouserpoolsources
- awsdynamodbsources
- awsiotsources
- awskinesissources
- awsperformanceinsightssources
- awss3sources
- awssnssources
- awssqssources
verbs:
- list
- watch
- get
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources/status
- awscloudwatchsources/status
- awscodecommitsources/status
- awscognitoidentitysources/status
- awscognitouserpoolsources/status
- awsdynamodbsources/status
- awsiotsources/status
- awskinesissources/status
- awsperformanceinsightssources/status
- awss3sources/status
- awssnssources/status
- awssqssources/status
verbs:
- update
# Ensure compatibility with the OwnerReferencesPermissionEnforcement Admission Controller
# https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources/finalizers
- awscloudwatchsources/finalizers
- awscodecommitsources/finalizers
- awscognitoidentitysources/finalizers
- awscognitouserpoolsources/finalizers
- awsdynamodbsources/finalizers
- awsiotsources/finalizers
- awskinesissources/finalizers
- awsperformanceinsightssources/finalizers
- awss3sources/finalizers
- awssnssources/finalizers
- awssqssources/finalizers
verbs:
- update
# Set finalizers
- apiGroups:
- sources.triggermesh.io
resources:
- awss3sources
- awssnssources
verbs:
- patch
# Manage resource-specific ServiceAccounts and RoleBindings
- apiGroups:
- ''
resources:
- serviceaccounts
verbs:
- list
- watch
- create
- apiGroups:
- ''
resources:
- serviceaccounts
resourceNames: &rbac-objects
- awscloudwatchlogssource-adapter
- awscloudwatchsource-adapter
- awscodecommitsource-adapter
- awscognitoidentitysource-adapter
- awscognitouserpoolsource-adapter
- awsdynamodbsource-adapter
- awsiotsource-adapter
- awskinesissource-adapter
- awsperformanceinsightssource-adapter
- awss3source-adapter
- awssnssource-adapter
- awssqssource-adapter
verbs:
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- list
- watch
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
resourceNames: *rbac-objects
verbs:
- update
# Read credentials
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
# Read controller configurations
- apiGroups:
- ''
resources:
- configmaps
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- config-logging
- config-observability
- config-leader-election
verbs:
- get
# Acquire leases for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
# Determine the exact reason why Deployments fail
- apiGroups:
- ''
resources:
- pods
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscloudwatchlogssource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscloudwatchsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscodecommitsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscognitoidentitysource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscognitouserpoolsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awsdynamodbsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awsiotsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awskinesissource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awsperformanceinsightssource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awss3source-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awssnssource-adapter
rules:
# Record Kubernetes events
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- update
# Read Source resources and update their statuses
- apiGroups:
- sources.triggermesh.io
resources:
- awssnssources
verbs:
- list
- watch
- apiGroups:
- sources.triggermesh.io
resources:
- awssnssources/status
verbs:
- patch
# Read credentials
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
# Acquire leases for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awssqssource-adapter
rules: []
---
# The role is needed for the aggregated role source-observer in knative-eventing to provide readonly access to "Sources".
# see https://github.com/knative/eventing/blob/release-0.14/docs/spec/sources.md#source-rbac
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "aws-event-sources.fullname" . }}-observer
labels:
duck.knative.dev/source: 'true'
{{- include "aws-event-sources.labels" . | nindent 4 }}
rules:
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources
- awscloudwatchsources
- awscodecommitsources
- awscognitoidentitysources
- awscognitouserpoolsources
- awsdynamodbsources
- awsiotsources
- awskinesissources
- awsperformanceinsightssources
- awssnssources
- awssqssources
verbs:
- get
- list
- watch
{{- end }}

109
charts/aws-event-sources/aws-event-sources/templates/deployment.yaml
View File

@ -1,109 +0,0 @@
# Copyright (c) 2020 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "aws-event-sources.fullname" . }}-controller
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "aws-event-sources.selectorLabels" . | nindent 6}}
template:
metadata:
labels:
{{- include "aws-event-sources.labels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "aws-event-sources.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: controller
terminationMessagePolicy: FallbackToLogsOnError
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy}}
resources:
{{- toYaml .Values.resources | nindent 12 }}
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Logging/observability configuration
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
- name: METRICS_DOMAIN
value: triggermesh.io/sources
# Source adapters
- name: AWSCLOUDWATCHSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscloudwatch.repository }}:{{ default .Values.image.tag .Values.adapters.awscloudwatch.tag }}"
- name: AWSCLOUDWATCHLOGSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscloudwatchlogs.repository }}:{{ default .Values.image.tag .Values.adapters.awscloudwatchlogs.tag }}"
- name: AWSCODECOMMITSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscodecommit.repository }}:{{ default .Values.image.tag .Values.adapters.awscodecommit.tag }}"
- name: AWSCOGNITOIDENTITYSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscognitoidentity.repository }}:{{ default .Values.image.tag .Values.adapters.awscognitoidentity.tag }}"
- name: AWSCOGNITOUSERPOOLSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscognitouserpool.repository }}:{{ default .Values.image.tag .Values.adapters.awscognitouserpool.tag }}"
- name: AWSDYNAMODBSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awsdynamodb.repository }}:{{ default .Values.image.tag .Values.adapters.awsdynamodb.tag }}"
- name: AWSKINESISSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awskinesis.repository }}:{{ default .Values.image.tag .Values.adapters.awskinesis.tag }}"
- name: AWSPERFORMANCEINSIGHTSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awsperformanceinsights.repository }}:{{ default .Values.image.tag .Values.adapters.awsperformanceinsights.tag }}"
- name: AWSSNSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awssns.repository }}:{{ default .Values.image.tag .Values.adapters.awssns.tag }}"
- name: AWSSQSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awssqs.repository }}:{{ default .Values.image.tag .Values.adapters.awssqs.tag }}"
securityContext:
allowPrivilegeEscalation: false
{{- with .Values.securityContext }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

26
charts/aws-event-sources/aws-event-sources/templates/serviceaccount.yaml
View File

@ -1,26 +0,0 @@
# Copyright (c) 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "aws-event-sources.serviceAccountName" . }}
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

68
charts/aws-event-sources/aws-event-sources/values.yaml
View File

@ -1,68 +0,0 @@
nameOverride: ""
fullnameOverride: ""
rbac:
create: true
serviceAccount:
create: true
annotations: {}
name: ""
imagePullSecrets: []
image:
registry: gcr.io
repository: triggermesh/aws-event-sources-controller
tag: v1.7.0
pullPolicy: IfNotPresent
adapters:
awscloudwatch:
repository: triggermesh/awscloudwatchsource
tag: ""
awscloudwatchlogs:
repository: triggermesh/awscloudwatchlogssource
tag: ""
awscodecommit:
repository: triggermesh/awscodecommitsource
tag: ""
awscognitoidentity:
repository: triggermesh/awscognitoidentitysource
tag: ""
awscognitouserpool:
repository: triggermesh/awscognitouserpoolsource
tag: ""
awsdynamodb:
repository: triggermesh/awsdynamodbsource
tag: ""
awskinesis:
repository: triggermesh/awskinesissource
tag: ""
awsperformanceinsights:
repository: triggermesh/awsperformanceinsightssource
tag: ""
awssns:
repository: triggermesh/awssnssource
tag: ""
awssqs:
repository: triggermesh/awssqssource
tag: ""
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
resources:
requests:
cpu: 20m
memory: 20Mi
nodeSelector: {}
tolerations: []
affinity: {}

21
charts/dynatrace/dynatrace-oneagent-operator/Chart.yaml
View File

@ -1,21 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dynatrace Oneagent Operator
catalog.cattle.io/hidden: "true"
catalog.cattle.io/release-name: dynatrace-oneagent-operator
apiVersion: v2
appVersion: 0.10.2
description: The Dynatrace OneAgent Operator Helm chart for Kubernetes and Openshift
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
kubeVersion: '>= 1.19'
maintainers:
- email: marco.mader@dynatrace.com
name: DTMad
- email: michael.mayr@dynatrace.com
name: mmayr-at
name: dynatrace-oneagent-operator
sources:
- https://github.com/Dynatrace/helm-charts
type: application
version: 0.10.201

121
charts/dynatrace/dynatrace-oneagent-operator/README.md
View File

@ -1,121 +0,0 @@
# Welcome
Dynatrace automatically discovers, baselines, and intelligently monitors Kubernetes clusters and workloads. Learn more about Dynatrace at [our website](https://www.dynatrace.com/platform/).
# Dynatrace OneAgent Operator Helm Chart
The Dynatrace OneAgent Operator Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters.
This Helm Chart requires Helm 3.
### Platforms
Depending on the version of the Dynatrace OneAgent Operator, it supports the following platforms:
| Dynatrace OneAgent Operator Helm Chart version | Kubernetes | OpenShift Container Platform |
| ---------------------------------------------- | ---------- | ---------------------------- |
| v0.10.2 | 1.18+ | 3.11.188+, 4.5+ |
| v0.9.5 | 1.15+ | 3.11.188+, 4.3+ |
| v0.8.2 | 1.14+ | 3.11.188+, 4.1+ |
| v0.7.1 | 1.14+ | 3.11.188+, 4.1+ |
| v0.6.0 | 1.11+ | 3.11+ |
| v0.5.4 | 1.11+ | 3.11+ |
## Quick Start
The Dynatrace OneAgent Operator acts on its separate namespace `dynatrace`.
It holds the operator deployment and all dependent objects like permissions, custom resources and
corresponding DaemonSets.
To install the Dynatrace OneAgent Operator via Helm run the following command:
### Adding Dynatrace OneAgent Helm repository
```
$ helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/helm-charts/master/repos/stable
```
### Prepare tokens
Generate an API and a PaaS token in your Dynatrace environment.
https://www.dynatrace.com/support/help/reference/dynatrace-concepts/why-do-i-need-an-environment-id/#create-user-generated-access-tokens
### Chart installation
To install the Dynatrace OneAgent Operator first create the dynatrace namespace, apply the latest CRD from [the latest release](https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest) and replace the APIUrl, the API token and the PaaS token in command and execute it
#### Kubernetes
```
$ kubectl create namespace dynatrace
$ kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents.yaml
$ kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms.yaml
$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="kubernetes",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN"
```
#### OpenShift
```
$ oc adm new-project --node-selector="" dynatrace
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents.yaml
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms.yaml
$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="openshift",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN"
```
##### OpenShift 3.11
```
$ oc adm new-project --node-selector="" dynatrace
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents-v1beta1.yaml
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms-v1beta1.yaml
$ helm install dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --set platform="openshift-3-11",oneagent.apiUrl="https://ENVIRONMENTID.live.dynatrace.com/api",secret.apiToken="DYNATRACE_API_TOKEN",secret.paasToken="PLATFORM_AS_A_SERVICE_TOKEN"
```
This will automatically install the Dynatrace OneAgent Operator and create OneAgents for every of your nodes.
## Update procedure
To update simply update your helm repositories and check the latest version
```
$ helm repo update
```
You can then check for the latest version by searching your Helm repositories for the Dynatrace OneAgent Operator
```
$ helm search repo dynatrace-oneagent-operator
```
To update to the latest version apply the latest version of the CRD attached to [the latest release](https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest) and run this command.
Do not forget to add the `reuse-values` flag to keep your configuration
##### Kubernetes
```
$ kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents.yaml
$ kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms.yaml
$ helm upgrade dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --reuse-values
```
##### OpenShift
```
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents.yaml
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms.yaml
$ helm upgrade dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --reuse-values
```
##### OpenShift 3.11
```
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents-v1beta1.yaml
$ oc apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms-v1beta1.yaml
$ helm upgrade dynatrace-oneagent-operator dynatrace/dynatrace-oneagent-operator -n dynatrace --reuse-values
```
## Uninstall dynatrace-oneagent-operator
Remove OneAgent custom resources and clean-up all remaining OneAgent Operator specific objects:
```sh
$ helm uninstall dynatrace-oneagent-operator -n dynatrace
```
## License
Dynatrace OneAgent Operator Helm Chart is under Apache 2.0 license. See [LICENSE](../LICENSE) for details.

19
charts/dynatrace/dynatrace-oneagent-operator/app-readme.md
View File

@ -1,19 +0,0 @@
# Dynatrace OneAgent Operator
This is the home of the Dynatrace OneAgent Operator's Helm Chart which supports the rollout and lifecycle of [Dynatrace OneAgent](https://www.dynatrace.com/support/help/get-started/introduction/what-is-oneagent/) in Kubernetes and OpenShift clusters.
Rolling out Dynatrace OneAgent via DaemonSet on a cluster is straightforward.
Maintaining its lifecycle places a burden on the operational team.
Dynatrace OneAgent Operator closes this gap by automating the repetitive steps involved in keeping Dynatrace OneAgent at its latest desired version.
## Additional Instructions
Please make sure the CRD is applied before using this chart!
```
kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagents.yaml
kubectl apply -f https://github.com/Dynatrace/dynatrace-oneagent-operator/releases/latest/download/dynatrace.com_oneagentapms.yaml
```
To apply the CRD for Openshift or Openshift 3.11 follow the instructions in the [Github Repository](https://github.com/Dynatrace/helm-charts/tree/master/dynatrace-oneagent-operator/chart/default#chart-installation).

BIN
charts/dynatrace/dynatrace-oneagent-operator/logo.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 9.7 KiB

2
charts/dynatrace/dynatrace-oneagent-operator/overview.svg
View File

File diff suppressed because one or more lines are too long
Side by Side

Before

Width:  |  Height:  |  Size: 20 KiB

267
charts/dynatrace/dynatrace-oneagent-operator/questions.yml
View File

@ -1,267 +0,0 @@
categories:
- APM
- Monitoring
questions:
- variable: crdApplied
label: "CRD manually applied"
description: "Please make sure you have applied the latest CRD by following the instructions in the description above."
default: ""
required: true
type: enum
options:
- "yes"
group: "Prerequisites"
#################### Agent Configuration (REQUIRED) ####################
- variable: mode
label: "Monitoring mode"
description: "Either fullstack for full monitoring or apm for application only monitoring"
default: "fullstack"
type: enum
group: "Agent Configuration (REQUIRED)"
show_if: "crdApplied=yes"
options:
- "fullstack"
- "apm"
- variable: oneagent.apiUrl
label: "Dynatrace API URL"
description: "Dynatrace API URL including `/api` path at the end"
default: "https://ENVIRONMENTID.live.dynatrace.com/api"
type: string
required: true
group: "Agent Configuration (REQUIRED)"
show_if: "crdApplied=yes"
- variable: secret.apiToken
label: "Dynatrace API token"
description: "Your Dynatrace API token - You can generate this token in your Dynatrace environment"
default: ""
type: string
required: false
group: "Agent Configuration (REQUIRED)"
show_if: "crdApplied=yes"
- variable: secret.paasToken
label: "Dynatrace PaaS token"
description: "Your Dynatrace Platform as a Service token - You can generate this token in your Dynatrace environment"
default: ""
type: string
required: true
group: "Agent Configuration (REQUIRED)"
show_if: "crdApplied=yes"
#################### Use custom limits settings ###################
- variable: use_custom_limits_settings
label: "Use custom limits settings"
description: "Use custom resource limits for the Dynatrace OneAgent"
default: false
type: boolean
group: "Use custom limits settings"
show_if: "crdApplied=yes"
show_subquestion_if: true
subquestions:
- variable: oneagent.resources.requests.cpu
label: "CPU resource request"
description: "Defines the minimum requested CPU by the OneAgent"
type: string
show_if: "crdApplied=yes"
group: "Use custom limits settings"
- variable: oneagent.resources.requests.memory
label: "Memory resource request"
description: "Defines the minimum requested memory by the OneAgent"
type: string
show_if: "crdApplied=yes"
group: "Use custom limits settings"
- variable: oneagent.resources.limits.cpu
label: "CPU resource limits"
description: "Defines the maximum provided CPU for the OneAgent"
type: string
show_if: "crdApplied=yes"
group: "Use custom limits settings"
- variable: oneagent.resources.limits.memory
label: "Memory resource limits"
description: "Defines the maximum provided memory for the OneAgent"
type: string
show_if: "crdApplied=yes"
group: "Use custom limits settings"
#################### Advanced Agent Configuration (OPTIONAL) ####################
- variable: show_advanced_config
label: "Show advanced configuration"
description: "Show advanced configuration options for the Dynatrace OneAgent Operator"
default: false
type: boolean
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes"
show_subquestion_if: true
subquestions:
- variable: operator.image
label: "Custom Operator image location"
description: "The location from where to grab the Dynatrace OneAgent operator image - default is quay.io/dynatrace/dynatrace-oneagent-operator"
default: ""
type: string
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.name
label: "OneAgent CustomResource name"
default: "oneagent"
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.disableAgentUpdate
label: "Disable automatic OneAgent updates"
description: "Disables automatic restarts of oneagent pods in case a new version is available"
default: false
type: boolean
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.dnsPolicy
label: "Set custom DNS Policy"
description: "DNS Policy for OneAgent pods. Empty for default (ClusterFirst), more at https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy"
default: ""
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.enableIstio
label: "Enable istio"
description: "When enabled, and if Istio is installed on the Kubernetes environment, then the Operator will create the corresponding VirtualService and ServiceEntries objects to allow access to the Dynatrace cluster from the agent."
default: false
type: boolean
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.image
label: "Custom OneAgent image location"
description: "The location from where to grab the Dynatrace OneAgent image - default for Kubernetes is docker.io/dynatrace/oneagent"
default: ""
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.skipCertCheck
label: "Skip certificate check"
description: "Disable certificate validation checks for installer download and API communication"
default: false
type: boolean
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.priorityClassName
label: "Assign priority class to OneAgent pods"
description: "Priority class to assign to OneAgent pods, more at https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/"
default: ""
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.proxy
label: "Define a proxy"
description: "Configures a proxy for the Agent, AgentDownload and the Operator. Provide the proxy here"
default: ""
type: string
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.trustedCAs
label: "Add custom CA certificates"
description: "Adds the provided CA certificates to the Operator and the OneAgent. Provide your custom certificates here. If this is not set the default embedded certificates on the images will be used"
default: ""
type: multiline
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.waitReadySeconds
label: "Wait seconds until ready"
description: "Define the time to wait until OneAgent pod is ready after update - defaults to 300s"
default: ""
type: int
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.args
label: "Arguments to OneAgent installer"
description: "Defines additional arguments which get passed to the OneAgent installer - Please edit as Yaml for the best experience. The expected format is YAML and not a string"
default: ""
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.env
label: "Environment variables for OneAgent"
description: "Defines additional environment variables which get passed to the OneAgent - Please edit as Yaml for the best experience"
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.nodeSelector
label: "Node selector to control the selection of nodes"
description: "Defines a NodeSelector to customize to which nodes the OneAgent will be rolled out - Please edit as Yaml for the best experience"
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.labels
label: "Custom labels for the OneAgent pods"
description: "Defines labels for OneAgent pods to structure workloads as desired - Please edit as Yaml for the best experience"
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.tolerations
label: "Custom tolerations for the OneAgent"
description: "Defines custom tolerations to the OneAgent - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/"
default: ""
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.networkZone
label: "Network zone"
description: "Configures a network zone for your OneAgents"
default: ""
type: string
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.useUnprivilegedMode
label: "Early Adopter: run unprivileged"
description: "Early Adopter: support full-stack OneAgent running on unprivileged mode"
default: true
type: boolean
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"
- variable: oneagent.useImmutableImage
label: "Use immutable OneAgent image"
description: "If set the immutable OneAgent image will be used"
default: false
type: boolean
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.agentVersion
label: "Agent version for immutable image"
description: "Defines the agent version used when immutable image is used - defaults to latest"
default: ""
type: string
show_if: "crdApplied=yes"
group: "Advanced Agent Configuration (OPTIONAL)"
- variable: oneagent.customPullSecret
label: "Custom PullSecret for the immutable image"
description: "Defines a custom pull secret for the immutable image in case you have your own registry"
default: ""
type: string
group: "Advanced Agent Configuration (OPTIONAL)"
show_if: "crdApplied=yes && mode=fullstack"

47
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/clusterrole-operator.yaml
View File

@ -1,47 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-oneagent-operator
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
rules:
- apiGroups:
- "" # "" indicates the core API group
resources:
- nodes
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- dynatrace-oneagent-config
- dynatrace-oneagent-pull-secret
verbs:
- get
- update
- delete

46
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/clusterrole-webhook.yaml
View File

@ -1,46 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-oneagent-webhook
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
verbs:
- list
- create
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
resourceNames:
- dynatrace-oneagent-webhook
verbs:
- get
- update

28
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/clusterrolebinding-operator.yaml
View File

@ -1,28 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-oneagent-operator
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-operator
apiGroup: rbac.authorization.k8s.io

28
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/clusterrolebinding-webhook.yaml
View File

@ -1,28 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-oneagent-webhook
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-webhook
apiGroup: rbac.authorization.k8s.io

26
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/configmap.yaml
View File

@ -1,26 +0,0 @@
# Copyright 2020 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if .Values.oneagent.trustedCAs }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.oneagent.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
data:
certs: |
{{ .Values.oneagent.trustedCAs | indent 4 }}
{{- end }}

136
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/customresource-oneagent.yaml
View File

@ -1,136 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if and (eq .Values.mode "fullstack") (ne .Values.oneagent.apiUrl "") }}
apiVersion: dynatrace.com/v1alpha1
kind: OneAgent
metadata:
name: {{ .Values.oneagent.name }}
namespace: {{ .Release.Namespace }}
annotations:
{{- if ne .Values.platform "google"}}
"helm.sh/hook": post-install
{{ end }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
spec:
apiUrl: {{ .Values.oneagent.apiUrl }}
tokens: {{ .Values.oneagent.name }}
image: {{ include "dynatrace-oneagent.image" . | quote }}
{{- if ne (printf "%T" .Values.oneagent.args) "string" }}
args: {{- toYaml .Values.oneagent.args | nindent 4 }}
{{- end }}
{{- if .Values.oneagent.env }}
env: {{- toYaml .Values.oneagent.env | nindent 4 }}
{{- end }}
{{- if .Values.oneagent.labels }}
labels: {{- toYaml .Values.oneagent.labels | nindent 4 }}
{{- end }}
{{- if .Values.oneagent.nodeSelector }}
nodeSelector: {{- toYaml .Values.oneagent.nodeSelector | nindent 4 }}
{{- end }}
{{- if .Values.oneagent.proxy }}
proxy:
valueFrom: {{ .Values.oneagent.name }}
{{- end }}
{{- if ne (printf "%T" .Values.oneagent.tolerations) "string" }}
tolerations: {{- toYaml .Values.oneagent.tolerations | nindent 4 }}
{{- else }}
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
{{- end }}
{{- if .Values.oneagent.resources }}
resources:
{{- if or (.Values.oneagent.resources.requests.cpu) (.Values.oneagent.resources.requests.memory) }}
requests:
{{- if .Values.oneagent.resources.requests.cpu }}
cpu: {{ .Values.oneagent.resources.requests.cpu }}
{{- end }}
{{ if .Values.oneagent.resources.requests.memory }}
memory: {{ .Values.oneagent.resources.requests.memory }}
{{- end }}
{{- end }}
{{- if or (.Values.oneagent.resources.limits.cpu) (.Values.oneagent.resources.limits.memory) }}
limits:
{{- if .Values.oneagent.resources.limits.cpu }}
cpu: {{ .Values.oneagent.resources.limits.cpu }}
{{- end }}
{{- if .Values.oneagent.resources.limits.memory }}
memory: {{ .Values.oneagent.resources.limits.memory }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.oneagent.dnsPolicy }}
dnsPolicy: {{ .Values.oneagent.dnsPolicy }}
{{- end }}
{{- if .Values.oneagent.enableIstio }}
enableIstio: {{ .Values.oneagent.enableIstio }}
{{- end }}
{{- if .Values.oneagent.disableAgentUpdate }}
disableAgentUpdate: {{ .Values.oneagent.disableAgentUpdate }}
{{- end }}
{{- if .Values.oneagent.skipCertCheck }}
skipCertCheck: {{ .Values.oneagent.skipCertCheck }}
{{- end }}
{{- if .Values.oneagent.waitReadySeconds }}
waitReadySeconds: {{ .Values.oneagent.waitReadySeconds }}
{{- end }}
{{- if .Values.oneagent.priorityClassName }}
priorityClassName: {{ .Values.oneagent.priorityClassName }}
{{- end }}
{{- if .Values.oneagent.serviceAccountName }}
serviceAccountName: {{ .Values.oneagent.serviceAccountName }}
{{- end }}
{{- if .Values.oneagent.trustedCAs }}
trustedCAs: {{ .Values.oneagent.name }}
{{- end }}
{{- if .Values.oneagent.networkZone }}
networkZone: {{ .Values.oneagent.networkZone }}
{{- end }}
{{- if .Values.oneagent.useUnprivilegedMode }}
useUnprivilegedMode: {{ .Values.oneagent.useUnprivilegedMode }}
{{- end }}
{{- if .Values.oneagent.useImmutableImage }}
useImmutableImage: {{ .Values.oneagent.useImmutableImage }}
{{- end }}
{{- if .Values.oneagent.agentVersion }}
agentVersion: {{ .Values.oneagent.agentVersion }}
{{- end }}
{{- if .Values.oneagent.customPullSecret }}
customPullSecret: {{ .Values.oneagent.customPullSecret }}
{{- end }}
{{ end }}

88
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/customresource-oneagentapm.yaml
View File

@ -1,88 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if and (eq .Values.mode "apm") (ne .Values.oneagent.apiUrl "") }}
apiVersion: dynatrace.com/v1alpha1
kind: OneAgentAPM
metadata:
name: {{ include "oneagentapm.name" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- if ne .Values.platform "google"}}
"helm.sh/hook": post-install
{{ end }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
spec:
apiUrl: {{ .Values.oneagent.apiUrl }}
tokens: {{ .Values.oneagent.name }}
{{- if .Values.oneagent.skipCertCheck }}
skipCertCheck: {{ .Values.oneagent.skipCertCheck }}
{{- end }}
{{- if .Values.oneagent.enableIstio }}
enableIstio: {{ .Values.oneagent.enableIstio }}
{{- end }}
{{- if .Values.oneagent.proxy }}
proxy:
valueFrom: {{ .Values.oneagent.name }}
{{- end }}
{{- if .Values.oneagent.trustedCAs }}
trustedCAs: {{ .Values.oneagent.name }}
{{- end }}
{{- if .Values.oneagent.networkZone }}
networkZone: {{ .Values.oneagent.networkZone }}
{{- end }}
{{- if .Values.oneagent.useImmutableImage }}
useImmutableImage: {{ .Values.oneagent.useImmutableImage }}
{{- end }}
{{- if .Values.oneagent.agentVersion }}
agentVersion: {{ .Values.oneagent.agentVersion }}
{{- end }}
{{- if .Values.oneagent.resources }}
resources:
{{- if or (.Values.oneagent.resources.requests.cpu) (.Values.oneagent.resources.requests.memory) }}
requests:
{{- if .Values.oneagent.resources.requests.cpu }}
cpu: {{ .Values.oneagent.resources.requests.cpu }}
{{- end }}
{{- if .Values.oneagent.resources.requests.memory }}
memory: {{ .Values.oneagent.resources.requests.memory }}
{{- end }}
{{- end }}
{{- if or (.Values.oneagent.resources.limits.cpu) (.Values.oneagent.resources.limits.memory) }}
limits:
{{- if .Values.oneagent.resources.limits.cpu }}
cpu: {{ .Values.oneagent.resources.limits.cpu }}
{{- end }}
{{- if .Values.oneagent.resources.limits.memory }}
memory: {{ .Values.oneagent.resources.limits.memory }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.oneagent.flavor }}
flavor: {{ .Values.oneagent.flavor }}
{{- end }}
{{end}}

112
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/deployment-operator.yaml
View File

@ -1,112 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
name: {{ .Release.Name }}
strategy:
type: Recreate
template:
metadata:
labels:
name: {{ .Release.Name }}
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 8 }}
spec:
containers:
- name: dynatrace-oneagent-operator
args:
- operator
image: {{ include "dynatrace-oneagent-operator.image" . }}
imagePullPolicy: Always
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 8080
name: metrics
- containerPort: 10080
name: server-port
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 100m
memory: 256Mi
readinessProbe:
httpGet:
path: /healthz
port: server-port
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
livenessProbe:
httpGet:
path: /healthz
port: server-port
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: kubernetes.io/os
operator: In
values:
- linux
serviceAccountName: dynatrace-oneagent-operator
{{- if .Values.operator.customPullSecret }}
imagePullSecrets:
- name: {{ .Values.operator.customPullSecret }}
{{- end }}
{{- if .Values.operator.nodeSelector }}
nodeSelector: {{- toYaml .Values.operator.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.operator.tolerations }}
tolerations: {{- toYaml .Values.operator.tolerations | nindent 8 }}
{{- end -}}

164
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/deployment-webhook.yaml
View File

@ -1,164 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
dynatrace.com/operator: oneagent
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
internal.oneagent.dynatrace.com/component: webhook
internal.oneagent.dynatrace.com/app: webhook
strategy:
type: Recreate
template:
metadata:
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 8 }}
dynatrace.com/operator: oneagent
internal.oneagent.dynatrace.com/component: webhook
internal.oneagent.dynatrace.com/app: webhook
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: beta.kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: beta.kubernetes.io/os
operator: In
values:
- linux
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: webhook
args:
- webhook-server
image: {{ include "dynatrace-oneagent-operator.image" . }}
imagePullPolicy: Always
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
readinessProbe:
httpGet:
path: /healthz
port: server-port
scheme: HTTPS
initialDelaySeconds: 60
periodSeconds: 10
livenessProbe:
httpGet:
path: /healthz
port: server-port
scheme: HTTPS
initialDelaySeconds: 60
periodSeconds: 10
ports:
- name: metrics
containerPort: 8383
- name: server-port
containerPort: 8443
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: certs-volume
mountPath: /mnt/webhook-certs
- name: bootstrapper
args:
- webhook-bootstrapper
image: {{ include "dynatrace-oneagent-operator.image" . }}
imagePullPolicy: Always
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- name: metrics
containerPort: 8484
- name: server-port
containerPort: 9080
readinessProbe:
httpGet:
path: /healthz
port: server-port
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
livenessProbe:
httpGet:
path: /healthz
port: server-port
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
resources:
requests:
cpu: 10m
memory: 64Mi
limits:
cpu: 100m
memory: 256Mi
volumeMounts:
- name: certs-volume
mountPath: /mnt/webhook-certs
serviceAccountName: dynatrace-oneagent-webhook
{{- if .Values.operator.customPullSecret }}
imagePullSecrets:
- name: {{ .Values.operator.customPullSecret }}
{{- end }}
{{- if .Values.operator.nodeSelector }}
nodeSelector: {{- toYaml .Values.operator.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.operator.tolerations }}
tolerations: {{- toYaml .Values.operator.tolerations | nindent 8 }}
{{- end }}
volumes:
- name: certs-volume
emptyDir: {}

42
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/mutatingwebhookconfiguration.yaml
View File

@ -1,42 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if ne .Values.platform "openshift-3-11"}}
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: dynatrace-oneagent-webhook
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
webhooks:
- name: webhook.oneagent.dynatrace.com
rules:
- apiGroups: [""]
apiVersions: ["v1"]
operations: ["CREATE"]
resources: ["pods"]
scope: Namespaced
namespaceSelector:
matchExpressions:
- key: oneagent.dynatrace.com/instance
operator: Exists
clientConfig:
service:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
path: /inject
admissionReviewVersions: ["v1beta1", "v1"]
sideEffects: None
{{ end }}

29
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/rolebinding-operator.yaml
View File

@ -1,29 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-oneagent-operator
apiGroup: rbac.authorization.k8s.io

29
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/rolebinding-webhook.yaml
View File

@ -1,29 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-oneagent-webhook
apiGroup: rbac.authorization.k8s.io

32
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/secret.yaml
View File

@ -1,32 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if and (.Values.secret.autoCreate) (ne .Values.oneagent.apiUrl "")}}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Values.oneagent.name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
data:
{{- if or (eq .Values.mode "fullstack") (eq .Values.oneagent.useImmutableImage true) }}
apiToken: {{ .Values.secret.apiToken | b64enc }}
{{- end }}
paasToken: {{ .Values.secret.paasToken | b64enc }}
{{- if .Values.oneagent.proxy }}
proxy: {{ .Values.oneagent.proxy | b64enc }}
{{- end }}
type: Opaque
{{- end }}

30
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/service.yaml
View File

@ -1,30 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: v1
kind: Service
metadata:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
spec:
selector:
internal.oneagent.dynatrace.com/app: webhook
internal.oneagent.dynatrace.com/component: webhook
ports:
- port: 443
protocol: TCP
targetPort: server-port

21
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/serviceaccount-oneagent-unprivileged.yaml
View File

@ -1,21 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent-unprivileged
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}

21
charts/dynatrace/dynatrace-oneagent-operator/templates/Common/serviceaccount-webhook.yaml
View File

@ -1,21 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}

134
charts/dynatrace/dynatrace-oneagent-operator/templates/Kubernetes/role-operator.yaml
View File

@ -1,134 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "google")}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
rules:
- apiGroups:
- dynatrace.com
resources:
- oneagents
- oneagentapms
verbs:
- get
- list
- watch
- update
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- "" # "" indicates the core API group
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- pods
verbs:
- get
- list
- watch
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- secrets
verbs:
- create
- update
- delete
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- dynatrace.com
resources:
- oneagents/finalizers
- oneagents/status
- oneagentapms/finalizers
- oneagentapms/status
verbs:
- update
- apiGroups:
- networking.istio.io
resources:
- serviceentries
- virtualservices
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
{{ end }}

68
charts/dynatrace/dynatrace-oneagent-operator/templates/Kubernetes/role-webhook.yaml
View File

@ -1,68 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "google")}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- services
- configmaps
- secrets
verbs:
- get
- list
- watch
- create
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- dynatrace.com
resources:
- oneagentapms
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
{{ end }}

24
charts/dynatrace/dynatrace-oneagent-operator/templates/Kubernetes/serviceaccount-oneagent.yaml
View File

@ -1,24 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift or google" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "google")}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
{{ end }}

24
charts/dynatrace/dynatrace-oneagent-operator/templates/Kubernetes/serviceaccount-operator.yaml
View File

@ -1,24 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "google")}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
{{ end }}

58
charts/dynatrace/dynatrace-oneagent-operator/templates/NOTES.txt
View File

@ -1,58 +0,0 @@
Thank you for installing {{ .Chart.Name }}.
Your release is named {{ .Release.Name }}.
To find more information about the Dynatrace OneAgent Operator, try:
https://github.com/Dynatrace/dynatrace-oneagent-operator
To verify the current state of the OneAgent deployment, try:
$ kubectl get pods -n {{ .Release.Namespace }}
$ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }}
$ kubectl get oneagent {{ .Values.oneagent.name }} -n {{ .Release.Namespace }}
{{- if eq .Values.mode "apm" -}}
{{- if .Values.oneagent.image -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.image
{{- end -}}
{{- if .Values.oneagent.args -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.args
{{- end -}}
{{- if .Values.oneagent.env -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.env
{{- end -}}
{{- if .Values.oneagent.nodeSelector -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.nodeSelector
{{- end -}}
{{- if .Values.oneagent.labels -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.labels
{{- end -}}
{{- if .Values.oneagent.disableAgentUpdate -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.disableAgentUpdate
{{- end -}}
{{- if .Values.oneagent.dnsPolicy -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.dnsPolicy
{{- end -}}
{{- if .Values.oneagent.resources -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.resources
{{- end -}}
{{- if .Values.oneagent.tolerations -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.tolerations
{{- end -}}
{{- if .Values.oneagent.waitReadySeconds -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.waitReadySeconds
{{- end -}}
{{- if .Values.oneagent.priorityClassName -}}
WARNING:
The following argument did not get applied since it can only be used with fullstack: oneagent.priorityClassName
{{- end -}}
{{- end -}}

45
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift-3.11/mutatingwebhookconfiguration.yaml
View File

@ -1,45 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift-3-11"}}
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: dynatrace-oneagent-webhook
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
dynatrace.com/operator: oneagent
internal.oneagent.dynatrace.com/component: webhook
webhooks:
- name: webhook.oneagent.dynatrace.com
rules:
- apiGroups: [""]
apiVersions: ["v1"]
operations: ["CREATE"]
resources: ["pods"]
scope: Namespaced
namespaceSelector:
matchExpressions:
- key: oneagent.dynatrace.com/instance
operator: Exists
clientConfig:
service:
name: dynatrace-oneagent-webhook
namespace: dynatrace
path: /inject
admissionReviewVersions: ["v1beta1"]
{{ end }}

134
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift-3.11/role-operator.yaml
View File

@ -1,134 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift-3-11" }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
rules:
- apiGroups:
- dynatrace.com
resources:
- oneagents
- oneagentapms
verbs:
- get
- list
- watch
- update
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- "" # "" indicates the core API group
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- pods
verbs:
- get
- list
- watch
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- secrets
verbs:
- create
- update
- delete
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- dynatrace.com
resources:
- oneagents/finalizers
- oneagents/status
- oneagentapms/finalizers
- oneagentapms/status
verbs:
- update
- apiGroups:
- networking.istio.io
resources:
- serviceentries
- virtualservices
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
{{ end }}

68
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift-3.11/role-webhook.yaml
View File

@ -1,68 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift-3-11" }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- services
- configmaps
- secrets
verbs:
- get
- list
- watch
- create
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- dynatrace.com
resources:
- oneagentapms
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
{{ end }}

65
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift-3.11/securitycontextconstraints-unprivileged.yaml
View File

@ -1,65 +0,0 @@
# Copyright 2020 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if and (eq .Values.platform "openshift-3-11") (.Values.createSecurityContextConstraints) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
name: dynatrace-oneagent-unprivileged
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: false
allowedCapabilities:
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- KILL
- NET_ADMIN
- NET_RAW
- SETFCAP
- SETGID
- SETUID
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
- SYS_RESOURCE
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:dynatrace:dynatrace-oneagent-unprivileged
volumes:
- "*"
{{ end }}

50
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift-3.11/securitycontextconstraints.yaml
View File

@ -1,50 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if and (eq .Values.platform "openshift-3-11") (.Values.createSecurityContextConstraints) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
name: dynatrace-oneagent-privileged
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- "*"
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities: []
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:dynatrace:dynatrace-oneagent
volumes:
- "*"
{{ end }}

25
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift-3.11/serviceaccount-oneagent.yaml
View File

@ -1,25 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift-3-11" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent
namespace: {{ .Release.Namespace }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{ end }}

25
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift-3.11/serviceaccount-operator.yaml
View File

@ -1,25 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift-3-11" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{ end }}

134
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift/role-operator.yaml
View File

@ -1,134 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift" }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
rules:
- apiGroups:
- dynatrace.com
resources:
- oneagents
- oneagentapms
verbs:
- get
- list
- watch
- update
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- "" # "" indicates the core API group
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- pods
verbs:
- get
- list
- watch
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- secrets
verbs:
- create
- update
- delete
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- dynatrace.com
resources:
- oneagents/finalizers
- oneagents/status
- oneagentapms/finalizers
- oneagentapms/status
verbs:
- update
- apiGroups:
- networking.istio.io
resources:
- serviceentries
- virtualservices
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
{{ end }}

68
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift/role-webhook.yaml
View File

@ -1,68 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift" }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-oneagent-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabelswebhook" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- services
- configmaps
- secrets
verbs:
- get
- list
- watch
- create
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- dynatrace.com
resources:
- oneagentapms
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
{{ end }}

65
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift/securitycontextconstraints-unprivileged.yaml
View File

@ -1,65 +0,0 @@
# Copyright 2020 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if and (eq .Values.platform "openshift") (.Values.createSecurityContextConstraints) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
name: dynatrace-oneagent-unprivileged
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: false
allowedCapabilities:
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- KILL
- NET_ADMIN
- NET_RAW
- SETFCAP
- SETGID
- SETUID
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
- SYS_RESOURCE
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:dynatrace:dynatrace-oneagent-unprivileged
volumes:
- "*"
{{ end }}

50
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift/securitycontextconstraints.yaml
View File

@ -1,50 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if and (eq .Values.platform "openshift") (.Values.createSecurityContextConstraints) }}
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
name: dynatrace-oneagent-privileged
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- "*"
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities: []
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:dynatrace:dynatrace-oneagent
volumes:
- "*"
{{ end }}

25
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift/serviceaccount-oneagent.yaml
View File

@ -1,25 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent
namespace: {{ .Release.Namespace }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{ end }}

25
charts/dynatrace/dynatrace-oneagent-operator/templates/Openshift/serviceaccount-operator.yaml
View File

@ -1,25 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes or openshift" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "openshift" }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent-operator
namespace: {{ .Release.Namespace }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{ end }}

132
charts/dynatrace/dynatrace-oneagent-operator/templates/_helpers.tpl
View File

@ -1,132 +0,0 @@
// Copyright 2019 Dynatrace LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "dynatrace-oneagent-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dynatrace-oneagent-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dynatrace-oneagent-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Selector labels
*/}}
{{- define "dynatrace-operator.selectorLabels" -}}
app.kubernetes.io/name: {{ .Release.Name }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dynatrace-oneagent-operator.commonlabels" -}}
{{ include "dynatrace-operator.selectorLabels" . }}
dynatrace: operator
operator: oneagent
{{- end -}}
{{/*
Common labels webhook
*/}}
{{- define "dynatrace-oneagent-operator.commonlabelswebhook" -}}
{{ include "dynatrace-operator.selectorLabels" . }}
dynatrace.com/operator: oneagent
internal.oneagent.dynatrace.com/component: webhook
{{- end -}}
{{/*
Check if platform is set
*/}}
{{- define "dynatrace-oneagent-operator.platformSet" -}}
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") (eq .Values.platform "google") -}}
{{ default "set" }}
{{- end -}}
{{- if (eq .Values.platform "openshift-3-11") -}}
{{ default "set" }}
{{- end -}}
{{- end -}}
{{/*
Check if default oneagent image is used
*/}}
{{- define "dynatrace-oneagent.image" -}}
{{- if .Values.oneagent.image -}}
{{- printf "%s" .Values.oneagent.image -}}
{{- else -}}
{{- if eq .Values.oneagent.useImmutableImage false -}}
{{- if eq .Values.platform "kubernetes" -}}
{{- printf "docker.io/dynatrace/oneagent" }}
{{- end -}}
{{- if eq .Values.platform "openshift" -}}
{{- printf "registry.connect.redhat.com/dynatrace/oneagent" }}
{{- end -}}
{{- else -}}
{{- printf "" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Check if default operator image is used
*/}}
{{- define "dynatrace-oneagent-operator.image" -}}
{{- if .Values.operator.image -}}
{{- printf "%s" .Values.operator.image -}}
{{- else -}}
{{- if eq .Values.platform "google" -}}
{{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-oneagent-operator" "{{ .Chart.AppVersion }}" }}
{{- else -}}
{{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-oneagent-operator" .Chart.AppVersion }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Check for correct oneagentapm name
*/}}
{{- define "oneagentapm.name" -}}
{{- if eq .Values.mode "apm" }}
{{- if eq .Values.oneagent.name "oneagent" -}}
{{- printf "oneagentapm" -}}
{{- else -}}
{{- printf "%s" .Values.oneagent.name -}}
{{- end -}}
{{- end -}}
{{- end -}}

89
charts/dynatrace/dynatrace-oneagent-operator/templates/application.yaml
View File

@ -1,89 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift or openshift-3-11" (include "dynatrace-oneagent-operator.platformSet" .))}}
{{- if eq .Values.platform "google"}}
---
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-oneagent-operator.commonlabels" . | nindent 4 }}
annotations:
kubernetes-engine.cloud.google.com/icon: data:image/png;base64,{{ .Files.Get "logo.png" | b64enc }}
marketplace.cloud.google.com/deploy-info: '{"partner_id": "dynatrace-marketplace-prod", "product_id": "dynatrace-oneagent-operator", "partner_name": "Dynatrace LLC"}'
spec:
descriptor:
type: "Dynatrace OneAgent Operator"
version: "0.10.0"
maintainers:
- name: Dynatrace LLC
url: https://www.dynatrace.com/
keywords:
- "dynatrace"
- "operator"
- "oneagent"
- "k8s"
- "monitoring"
- "apm"
description: |
The Dynatrace OneAgent Operator allows users to easily deploy full-stack monitoring for [Kubernetes clusters](https://www.dynatrace.com/technologies/kubernetes-monitoring/). The Dynatrace OneAgent automatically monitors workloads in containers down to the code and request level.
For deployment instructions please consult the [Operator Deploy Guide](https://www.dynatrace.com/support/help/shortlink/kubernetes-deploy).
links:
- description: Dynatrace Website
url: https://www.dynatrace.com/
- description: Operator Deploy Guide
url: https://www.dynatrace.com/support/help/shortlink/kubernetes-deploy
- description: Kubernetes Monitoring Info
url: https://www.dynatrace.com/technologies/kubernetes-monitoring
selector:
matchLabels:
app.kubernetes.io/name: "{{ .Release.Name }}"
componentKinds:
- group: dynatrace.com/v1alpha1
kind: OneAgent
- group: dynatrace.com/v1alpha1
kind: OneAgentAPM
- group: apps/v1
kind: DaemonSet
- group: v1
kind: Pod
- group: v1
kind: ConfigMap
- group: apps/v1
kind: Deployment
- group: v1
kind: Secret
- group: batch/v1
kind: Job
- group: v1
kind: Service
- group: v1
kind: ServiceAccount
- group: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
- group: rbac.authorization.k8s.io/v1
kind: ClusterRole
- group: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
- group: rbac.authorization.k8s.io/v1
kind: Role
- group: rbac.authorization.k8s.io/v1
kind: RoleBinding
{{end}}

70
charts/dynatrace/dynatrace-oneagent-operator/values.yaml
View File

@ -1,70 +0,0 @@
# Copyright 2019 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# may be set to "kubernetes", "openshift", "openshift-3-11", "google"
platform: "kubernetes"
mode: "fullstack"
# Only applicable for Openshift
createSecurityContextConstraints: true
operator:
image: ""
customPullSecret: ""
# The expected format is YAML and not a string
nodeSelector: ""
# The expected format is YAML and not a string
tolerations: ""
oneagent:
name: "oneagent"
apiUrl: ""
image: ""
# The expected format is YAML and not a string
args: ""
# The expected format is YAML and not a string
env: ""
# The expected format is YAML and not a string
nodeSelector: ""
# The expected format is YAML and not a string
labels: ""
skipCertCheck: false
disableAgentUpdate: false
enableIstio: false
dnsPolicy: ""
# resources:
# requests:
# cpu: 100m
# memory: 512Mi
# limits:
# cpu: 300m
# memory: 1.5Gi
# The expected format is YAML and not a string
tolerations: ""
waitReadySeconds: null
priorityClassName: ""
serviceAccountName: ""
proxy: ""
trustedCAs: ""
networkZone: ""
useUnprivilegedMode: true
useImmutableImage: false
agentVersion: ""
customPullSecret: ""
flavor: ""
secret:
autoCreate: true
apiToken: ""
paasToken: ""

24
charts/hpe/hpe-flexvolume-driver/Chart.yaml
View File

@ -1,24 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/hidden: "true"
catalog.cattle.io/release-name: hpe-flexvolume-driver
apiVersion: v1
appVersion: "3.1"
description: A Helm chart for installing the HPE Volume Driver for Kubernetes FlexVolume
plugin
home: https://hpe.com/storage/containers
icon: https://raw.githubusercontent.com/hpe-storage/co-deployments/master/docs/assets/hpedev.png
keywords:
- HPE
- Storage
- StorageClass
- CentOS
- Ubuntu
- CloudVolumes
maintainers:
- email: hpe-containers-dev@hpe.com
name: shivamerla
name: hpe-flexvolume-driver
sources:
- https://github.com/hpe-storage/flexvolume-driver
version: 3.1.1

173
charts/hpe/hpe-flexvolume-driver/README.md
View File

@ -1,173 +0,0 @@
# HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart
The [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner).
## Prerequisites
- Upstream Kubernetes version 1.11 or later
- Other Kubernetes distributions supported
- Rancher 2.x
- OpenShift 3.10, 3.11 (4.x will not be supported, see [CSI Driver Helm chart](https://github.com/hpe-storage/co-deployments/tree/master/helm/charts/hpe-csi-driver))
- More distributions will be listed as tests are ongoing
- Recent Ubuntu, CentOS or RHEL compute nodes connected to their respective official package repositories
Depending on which `pluginType` is being used, other prerequisites and requirements may apply.
### HPE Nimble Storage (nimble)
- NimbleOS 5.0.8 or later
- NimbleOS 5.1.3 or later
### HPE Cloud Volumes
- Amazon EKS 1.12.x/1.13.x
- Microsoft AKS 1.12.x/1.13.x
- US Regions Only
## Configuration & Installation
The following table lists the configurable parameters of the FlexVolume driver chart and their default values.
| Parameter | Description | Default |
|---------------------------|----------------------------------------------------------------------------------------------------|------------ |
| backend | HPE storage platform API endpoint. | 192.168.1.1 |
| pluginType | Backend plugin type to use. Currently `nimble` and `cv` are supported. | nimble |
| username | Username for the backend. Access key for HPE Cloud Volumes. | admin |
| password | Password for the backend. Access secret for HPE Cloud Volumes. | admin |
| protocol | Data plane protocol (`fc`, `iscsi`). | iscsi |
| fsType | Type of file to format volumes with (ext4, ext3, xfs, btrfs). | xfs |
| logLevel | Log level. Can be one of `info`, `debug`, `trace`, `warn` and `error` | info |
| mountConflictDelay | Wait this long (in seconds) before forcefully taking over a volume from an isolated or crashed node. | 120 |
| flavor | Kubernetes distribution specific tweaks. Supported flavors include `k8s`, `ocp`, `eks`, `aks` and `rke`. | k8s |
| podsMountDir | This is the directory where the kubelet bind mounts the volume for pods. May differ between Kubernetes distributions. | /var/lib/kubelet/pods |
| storageClass.name | The name to assign the created StorageClass. | hpe-standard |
| storageClass.create | Enables creation of StorageClass to consume this hpe-flexvolume-driver instance. | true |
| storageClass.defaultClass | Whether to set the created StorageClass as the clusters default StorageClass. | false |
| nimble.config | HPE Nimble Storage volume config parameters. | - |
| cv.config | HPE Cloud Volumes volume config parameters. | - |
It's recommended to create a `values.yaml` file and edit it to fit the environment the chart is being deployed to.
Example `values.yaml` using a Nimble backend:
```
---
backend: 192.168.1.1
username: admin
password: admin
pluginType: nimble
fsType: xfs
storageClass:
defaultClass: true
```
This will connect the driver to a Nimble based backend with management IP address of `192.168.1.1` and format new volumes with a XFS filesystem.
The `nimble.config` or `cv.config` stanza will be hosted in a `ConfigMap` and can be used to tweak default parmaters and also override `StorageClass` parameters. More information on these stanzas can be found in the [ADVANCED.md](https://github.com/hpe-storage/flexvolume-driver/blob/master/ADVANCED.md) documentation.
Example `nimble.config` stanza:
```
nimble:
config:
limitIOPS: "-1"
limitMBPS: "-1"
perfPolicy: DockerDefault
```
Example `cv.config` stanza:
```
cv:
config:
snapPrefix: BaseFor
automatedConnection: true
existingCloudSubnet: 10.1.0.0/24
region: us-east-1
privateCloud: vpc-data
cloudComputeProvider: "Amazon AWS"
perfPolicy: Other
volumeType: PF
encryption: true
protectionTemplate: twicedaily:4
destroyOnRm: true
limitIOPS: "1000"
initiators:
- '"eth0"'
privateCloudResourceGroup: ""
```
**Note:** Storage class parameters will override the settings in `defaults` and `global` section.
### Platform notes
Certain distributions demand certain tweaks to the variables for the driver and dynamic provisioner to operate correctly. See each platform for details.
#### Upstream Kubernetes
This is the default operating mode, no tweaks are needed.
#### Red Hat OpenShift and OKD
Applicable to Red Hat OpenShift 3.10 and 3.11. 4.x is not supported<sup>*</sup>.
| Key | Value | Description |
|------------|---------------------------|------------------------------------------------------------------------------------|
| podsMountDir | /var/lib/origin/openshift.local.volumes | This is the directory where the kubelet bind mounts the volume for pods. |
<sup>*</sup> = If experimentation is desirable with OpenShift 4.x, set `flexVolumeExec` default path for ocp to `/etc/kubernetes/kubelet-plugins/volume/exec`. The driver will only work on RHEL 7.x nodes.
#### Rancher
Applicable to installing the Helm Chart via the Rancher catalog system.
| Key | Value | Description |
|------------|---------------------------|------------------------------------------------------------------------------------|
| flavor | rke | Required and prepopulated by default. |
| podsMountDir | /var/lib/kubelet/volumeplugins | This is the directory where the kubelet bind mounts the volume for pods. Required and prepopulated by default.|
## Installing the Chart
To install the chart with the name `hpe-flexvolume`:
```
helm repo add hpe-storage https://hpe-storage.github.io/co-deployments/
helm install hpe-storage/hpe-flexvolume-driver --namespace kube-system --name hpe-flexvolume -f values.yaml
```
**Note:** Omitting the `--name` flag will generate a human readable name.
## Check status of the Chart
To check status of the `hpe-flexvolume` deployment:
```
helm status hpe-flexvolume
```
## Uninstalling the Chart
To uninstall/delete the `hpe-flexvolume` deployment:
```
helm delete hpe-flexvolume --purge
```
## Alternative install method
In some cases it's more practical provide the local configuration via the `helm` command directly. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example:
```
helm install --name hpe-flexvolume hpe/hpe-flexvolume-driver \
--set backend=X.X.X.X --set username=admin --set password=xxxxxxxxx \
--set protocol=iscsi --set fsType=xfs
```
## Using the HPE Volume Driver for Kubernetes FlexVolume Plugin
To enable dynamic provisioning of `PersistentVolume` through the use of `PersistentVolumeClaim` API objects, a `StorageClass` needs to be declared on the cluster. Please see the [HPE Volume Driver for Kubernetes FlexVolume Plugin](https://github.com/hpe-storage/flexvolume-driver) repository for the official documentation for this Helm chart. Also, it's helpful to be familar with [persistent storage concepts](https://kubernetes.io/docs/concepts/storage/volumes/) in Kubernetes prior to deploying stateful workloads.
## Support
The HPE Volume Driver for Kubernetes FlexVolume Plugin Helm chart is supported by the respective platform team. Currently supported platforms:
- HPE Nimble Storage
- HPE Cloud Volumes
Please file issues through the regular support channels for the particular platform. Feature requests or general questions to developers may be filed through the [GitHub issue tracker](https://github.com/hpe-storage/co-deployments) for this project.
You may also join our Slack community to chat with HPE folks close to this project for inquiries not requring our immediate response. We hang out in `#NimbleStorage` and `#Kubernetes` at [slack.hpedev.io](https://slack.hpedev.io/).
## Contributing
We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [CONTRIBUTING.md](https://github.com/hpe-storage/co-deployments/blob/master/CONTRIBUTING.md)
## License
This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/hpe-storage/co-deployments/blob/master/LICENSE) for details.

3
charts/hpe/hpe-flexvolume-driver/app-readme.md
View File

@ -1,3 +0,0 @@
# HPE Volume Driver for Kubernetes FlexVolume Plugin
The [HPE Volume Driver for Kubernetes FlexVolume plugin](https://github.com/hpe-storage/flexvolume-driver) leverages HPE storage platforms to provide scalable and persistent storage for stateful applications. This chart also deploys the [HPE Dynamic Provisioner for Kubernetes](https://github.com/hpe-storage/k8s-dynamic-provisioner).

172
charts/hpe/hpe-flexvolume-driver/questions.yml
View File

@ -1,172 +0,0 @@
questions:
- variable: flavor
label: "Kubernetes flavor"
type: enum
default: "rke"
required: true
options:
- "rke"
- "eks"
- "ocp"
- "aks"
- "gke"
- "gkeop"
- "k8s"
description: "Tweak Helm chart behavior."
group: "Rancher specific settings"
- variable: pluginType
label: "HPE platform"
type: enum
options:
- "nimble"
- "cv"
- "simplivity"
default: "nimble"
description: "HPE platform type for the deployment."
group: "HPE backend settings"
- variable: backend
label: "IP address"
type: string
required: true
description: "Please specify HPE backend IP address."
group: "HPE backend settings"
- variable: username
label: "Username"
type: string
required: true
description: "Specify username with backend storage admin permissions."
group: "HPE backend settings"
- variable: password
label: "Password"
type: password
required: true
description: "Specify password for the backend user."
group: "HPE backend settings"
- variable: fsType
label: "Filesystem"
default: "xfs"
type: enum
options:
- "xfs"
- "ext4"
- "ext3"
- "btrfs"
description: "Select the filesystem for Persistent Volumes, defaults to xfs."
group: "HPE StorageClass and volume settings"
- variable: protocol
label: "HPE storage protocol"
type: enum
default: "iscsi"
options:
- "iscsi"
- "fc"
description: "Specify storage protocol for HPE backend connectivity."
group: "HPE StorageClass and volume settings"
- variable: storageClass.create
label: "Create a StorageClass"
type: boolean
default: true
required: true
description: "If specified as 'true', a StorageClass named 'hpe-standard' will be created with the HPE Volume Driver for Kubernetes FlexVolume Plugin as provisioner."
group: "HPE StorageClass and volume settings"
- variable: storageClass.defaultClass
label: "Mark StorageClass 'hpe-standard' as 'default'."
type: boolean
default: false
description: "If specified as 'true', the 'hpe-standard' StorageClass will be annotated as 'default'. This option is ignored if 'Create a StorageClass' is set to 'false'."
group: "HPE StorageClass and volume settings"
- variable: cv.config.existingCloudSubnet
show_if: "pluginType=cv"
label: "Cloud subnet"
type: string
default: ""
required: true
description: "Cloud subnet of the cluster for connection provisioning"
group: "Cloud instance settings"
- variable: cv.config.privateCloud
show_if: "pluginType=cv"
label: "Virtual private cloud"
type: string
required: true
description: "Virtual private cloud of the cluster"
group: "Cloud instance settings"
- variable: cv.config.region
show_if: "pluginType=cv"
label: "Public cloud region"
type: string
required: true
description: "Public cloud provider region in which cluster resides"
group: "Cloud instance settings"
- variable: cv.config.cloudComputeProvider
show_if: "pluginType=cv"
label: "Public cloud provider"
type: enum
default: "Amazon AWS"
options:
- "Amazon AWS"
- "Microsoft Azure"
description: "Public cloud provider name"
group: "Cloud instance settings"
- variable: cv.config.privateCloudResourceGroup
show_if: "cv.config.cloudComputeProvider=Microsoft Azure"
label: "Azure Resource Group"
type: string
required: true
description: "Azure resource group for the cluster"
group: "Cloud instance settings"
- variable: cv.config.volumeType
show_if: "pluginType=cv"
label: "Volume type"
type: enum
default: "PF"
options:
- "PF"
- "GPF"
description: "HPE Cloud Volume type"
group: "HPE Cloud Volumes settings"
- variable: cv.config.encryption
show_if: "pluginType=cv"
label: "Volume Encryption"
type: boolean
default: true
required: true
description: "Encryption for HPE Cloud Volume"
group: "HPE Cloud Volumes settings"
- variable: cv.config.protectionTemplate
show_if: "pluginType=cv"
label: "Protection template"
type: enum
default: "twicedaily:4"
options:
- "daily:3"
- "daily:7"
- "daily:14"
- "hourly:6"
- "hourly:12"
- "hourly:24"
- "twicedaily:4"
- "twicedaily:8"
- "twicedaily:14"
- "weekly:2"
- "weekly:4"
- "weekly:8"
- "monthly:3"
- "monthly:6"
- "monthly:12"
- "none"
description: "Protection Template"
group: "HPE Cloud Volumes settings"
- variable: cv.config.perfPolicy
show_if: "pluginType=cv"
label: "Performance policy"
type: enum
default: "Other"
options:
- "Other"
- "Exchange"
- "Oracle"
- "SharePoint"
- "SQL"
- "Windows File Server"
description: "Performance policy"
group: "HPE Cloud Volumes settings"

0
charts/hpe/hpe-flexvolume-driver/templates/NOTES.txt
View File

32
charts/hpe/hpe-flexvolume-driver/templates/_helpers.tpl
View File

@ -1,32 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "hpe-flexvolume-driver.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "hpe-flexvolume-driver.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "hpe-flexvolume-driver.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

58
charts/hpe/hpe-flexvolume-driver/templates/hpe-config.yaml
View File

@ -1,58 +0,0 @@
---
kind: ConfigMap
apiVersion: v1
metadata:
name: hpe-config
namespace: {{ .Release.Namespace }}
data:
volume-driver.json: |-
{{- if eq .Values.pluginType "nimble"}}
{
"global": {},
"defaults": {
"limitIOPS": {{ .Values.nimble.config.limitIOPS | quote }},
"limitMBPS": {{ .Values.nimble.config.limitMBPS | quote }},
"perfPolicy": {{ .Values.nimble.config.perfPolicy | quote }}
},
"overrides": {}
}
{{- else if eq .Values.pluginType "cv"}}
{
"global": {
"snapPrefix": {{ .Values.cv.config.snapPrefix | quote }},
"automatedConnection": {{ .Values.cv.config.automatedConnection }},
"initiators": [{{- join "," .Values.cv.config.initiators }}],
"automatedConnection": {{ .Values.cv.config.automatedConnection }},
"existingCloudSubnet": {{ .Values.cv.config.existingCloudSubnet | quote }},
"region": {{ .Values.cv.config.region | quote }},
"privateCloud": {{ .Values.cv.config.privateCloud | quote }},
{{- if and .Values.cv.config.privateCloudResourceGroup (ne .Values.cv.config.privateCloudResourceGroup "") }}
"privateCloudResourceGroup": {{ .Values.cv.config.privateCloudResourceGroup | quote }},
{{- end }}
"cloudComputeProvider": {{ .Values.cv.config.cloudComputeProvider | quote }}
},
"defaults": {
"perfPolicy": {{ .Values.cv.config.perfPolicy | quote }},
"limitIOPS": {{ .Values.cv.config.limitIOPS | quote }},
"volumeType": {{ .Values.cv.config.volumeType | quote }},
"encryption": {{ .Values.cv.config.encryption }},
"protectionTemplate": {{ .Values.cv.config.protectionTemplate | quote }},
"destroyOnRm": {{ .Values.cv.config.destroyOnRm }}
},
"overrides": {}
}
{{- else }}
{
"global": {},
"defaults": {},
"overrides": {}
}
{{- end }}
{{- if eq .Values.flavor "rke"}}
{{ .Values.pluginType }}.json: |-
{
"dockerVolumePluginSocketPath": "/host/etc/hpe-storage/{{ .Values.pluginType }}.sock"
}
{{- end }}

40
charts/hpe/hpe-flexvolume-driver/templates/hpe-doryd-rbac.yaml
View File

@ -1,40 +0,0 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hpe-dynamic-provisioner-role
namespace: {{ .Release.Namespace }}
rules:
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: hpe-dynamic-provisioner-binding
subjects:
- kind: ServiceAccount
name: hpe-flexvolume-sa
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: hpe-dynamic-provisioner-role
apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: hpe-flexvolume-sa
namespace: {{ .Release.Namespace }}

67
charts/hpe/hpe-flexvolume-driver/templates/hpe-doryd.yaml
View File

@ -1,67 +0,0 @@
#### HPE Dynamic Provisioner ###
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: hpe-dynamic-provisioner
namespace: {{ .Release.Namespace }}
labels:
app: hpe-dynamic-provisioner
spec:
selector:
matchLabels:
daemon: hpe-dynamic-provisioner-daemon
strategy:
type: RollingUpdate
template:
metadata:
labels:
daemon: hpe-dynamic-provisioner-daemon
name: hpe-dynamic-provisioner
spec:
restartPolicy: Always
serviceAccountName: hpe-flexvolume-sa
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
containers:
-
image: {{ .Values.dynamicProvisionerImage}}: {{- .Values.dynamicProvisionerTag}}
imagePullPolicy: Always
name: hpe-dynamic-provisioner
env:
- name: LOG_LEVEL
value: {{ .Values.logLevel }}
volumeMounts:
- name: k8s
mountPath: /etc/kubernetes
- name: flexvolumedriver
mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
- name: varlog
mountPath: /var/log
{{- if eq .Values.flavor "rke"}}
- name: hpeconfig
mountPath: /host/etc/hpe-storage
{{- else }}
- name: hpeconfig
mountPath: /etc/hpe-storage
{{- end }}
securityContext:
privileged: true
volumes:
- name: k8s
hostPath:
path: /etc/kubernetes
- name: flexvolumedriver
hostPath:
{{- $flavor := .Values.flavor -}}
{{- range .Values.flexVolumeExec }}
{{- if eq .name $flavor }}
path: {{ .value }}
{{- end }}
{{- end }}
- name: hpeconfig
hostPath:
path: /etc/hpe-storage
- name: varlog
hostPath:
path: /var/log

216
charts/hpe/hpe-flexvolume-driver/templates/hpe-flexvolume-plugin.yaml
View File

@ -1,216 +0,0 @@
#### Flexvolume Driver ###
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: hpe-flexvolume-driver
namespace: {{ .Release.Namespace }}
labels:
k8s-app: hpe-flexvolume-driver
spec:
selector:
matchLabels:
name: hpe-flexvolume-driver
template:
metadata:
labels:
name: hpe-flexvolume-driver
spec:
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
serviceAccountName: hpe-flexvolume-sa
containers:
- name: flexvolume
image: {{ .Values.flexVolumeDriverImage}}: {{- .Values.flexVolumeDriverTag}}
imagePullPolicy: "Always"
lifecycle:
preStop:
# create empty file to let plugin signal handler to perform cleanup of config/cert/dory files
exec:
command: [ "/bin/sh", "-c", "touch /etc/hpe-storage/remove" ]
{{- if eq .Values.flavor "rke"}}
postStart:
exec:
command: [ "/bin/bash", "-c",
"while [[ ! -d /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }} ]] || [[ ! -f /etc/hpe-storage/{{ .Values.pluginType }}.json ]]; do sleep 1; done; cp -a /etc/hpe-storage/{{ .Values.pluginType }}.json /var/lib/kubelet/volumeplugins/hpe.com~{{ .Values.pluginType }}/{{ .Values.pluginType }}.json" ]
{{- end }}
env:
- name: LOG_LEVEL
value: {{ .Values.logLevel }}
- name: FLAVOR
value: {{ .Values.flavor }}
- name: PROVIDER_IP
valueFrom:
secretKeyRef:
name: hpe-secret
key: backend
- name: PROVIDER_USERNAME
valueFrom:
secretKeyRef:
name: hpe-secret
key: username
- name: PROVIDER_PASSWORD
valueFrom:
secretKeyRef:
name: hpe-secret
key: password
- name: PROTOCOL
valueFrom:
secretKeyRef:
name: hpe-secret
key: protocol
{{- if eq .Values.pluginType "cv"}}
- name: PROVIDER_PORT
valueFrom:
secretKeyRef:
name: hpe-secret
key: servicePort
- name: PROVIDER_SERVICE
valueFrom:
secretKeyRef:
name: hpe-secret
key: serviceName
{{- end }}
- name: SCOPE
value: global
- name: PLUGIN_TYPE
value: {{ .Values.pluginType }}
volumeMounts:
- name: pluginmountdir
mountPath: /var/lib/kubelet
mountPropagation: Bidirectional
- name: bindmountdir
mountPath: {{ .Values.podsMountDir }}
mountPropagation: Bidirectional
- name: legacymounts
mountPath: /opt/nimble
mountPropagation: Bidirectional
- name: dev
mountPath: /dev
- name: libmodules
mountPath: /lib/modules
- name: var-log
mountPath: /var/log
- name: var-lib-iscsi
mountPath: /var/lib/iscsi
- name: exec
mountPath: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
- name: runlock
mountPath: /run/lock
- name: etc-iscsi
mountPath: /etc/iscsi
- name: etc-multipath
mountPath: /etc/multipath
{{- if ne .Values.flavor "rke"}}
- name: etc-multipath-conf
mountPath: /etc/multipath.conf
{{- end }}
- name: etc-redhat-release
mountPath: /etc/redhat-release
- name: etc-os-release
mountPath: /etc/os-release
- name: etc-hpe-storage-dir
mountPath: /etc/hpe-storage
{{- if eq .Values.flavor "rke"}}
- name: etc-hpe-storage-dir
mountPath: /host/etc/hpe-storage
{{- end }}
- name: sys
mountPath: /sys
- name: iscsiadm
mountPath: /sbin/iscsiadm
- name: config-file
mountPath: /etc/hpe-storage/volume-driver.json
subPath: volume-driver.json
{{- if eq .Values.flavor "rke"}}
- name: config-file
mountPath: /etc/hpe-storage/{{ .Values.pluginType }}.json
subPath: {{ .Values.pluginType }}.json
{{- end }}
- name: runsystemd
mountPath: /run/systemd
- name: libsystemd
mountPath: /lib/systemd/system
- name: usrlocal
mountPath: /usr_local
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
volumes:
- name: pluginmountdir
hostPath:
path: /var/lib/kubelet
- name: bindmountdir
hostPath:
path: {{ .Values.podsMountDir }}
# required to handle legacy mounts from NLT based plugin. Remove this for CoreOS
- name: legacymounts
hostPath:
path: /opt/nimble/
- name: dev
hostPath:
path: /dev
- name: libmodules
hostPath:
path: /lib/modules
- name: var-log
hostPath:
path: /var/log
- name: var-lib-iscsi
hostPath:
path: /var/lib/iscsi/
- name: exec
hostPath:
{{- $flavor := .Values.flavor -}}
{{- range .Values.flexVolumeExec }}
{{- if eq .name $flavor }}
path: {{ .value }}
{{- end }}
{{- end }}
- name: runlock
hostPath:
path: /run/lock
- name: etc-iscsi
hostPath:
path: /etc/iscsi/
- name: etc-multipath
hostPath:
path: /etc/multipath/
{{- if ne .Values.flavor "rke"}}
- name: etc-multipath-conf
hostPath:
path: /etc/multipath.conf
type: FileOrCreate
{{- end }}
- name: etc-redhat-release
hostPath:
path: /etc/redhat-release
type: FileOrCreate
- name: etc-os-release
hostPath:
path: /etc/os-release
type: FileOrCreate
- name: etc-hpe-storage-dir
hostPath:
path: /etc/hpe-storage/
- name: sys
hostPath:
path: /sys
- name: iscsiadm
hostPath:
path: /sbin/iscsiadm
type: FileOrCreate
- name: config-file
configMap:
name: hpe-config
- name: runsystemd
hostPath:
path: /run/systemd
- name: libsystemd
hostPath:
path: /lib/systemd/system
- name: usrlocal
hostPath:
path: /usr

18
charts/hpe/hpe-flexvolume-driver/templates/hpe-secret.yaml
View File

@ -1,18 +0,0 @@
---
apiVersion: v1
kind: Secret
metadata:
name: hpe-secret
namespace: {{ .Release.Namespace }}
stringData:
username: {{ .Values.username }}
password: {{ .Values.password }}
{{- if eq .Values.pluginType "cv"}}
backend: {{ .Values.backend }}
servicePort: {{ .Values.servicePort | quote }}
serviceName: {{ .Values.serviceName }}
protocol: "iscsi"
{{- else }}
backend: {{ .Values.backend }}
protocol: {{ .Values.protocol }}
{{- end }}

66
charts/hpe/hpe-flexvolume-driver/templates/hpecv-cp.yaml
View File

@ -1,66 +0,0 @@
{{- if eq .Values.pluginType "cv"}}
# Configuration to deploy the HPE Nimble Storage Container Provider service
#
# example usage: kubectl create -f <this_file>
---
#######################################
############ CP Service ############
#######################################
kind: Service
apiVersion: v1
metadata:
name: {{ .Values.serviceName }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ .Values.serviceName }}
spec:
ports:
- port: {{ .Values.servicePort }}
protocol: TCP
selector:
app: cv-cp
---
##########################################
############ CP Deployment ############
##########################################
kind: Deployment
apiVersion: apps/v1
metadata:
name: cv-cp
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: cv-cp
replicas: 1
template:
metadata:
labels:
app: cv-cp
spec:
serviceAccountName: hpe-flexvolume-sa
containers:
- name: cv-cp
image: {{ .Values.containerProviderImage}}: {{- .Values.containerProviderTag}}
imagePullPolicy: Always
env:
- name: CLOUDVOLUMES_PORTAL_SERVER
value: {{ .Values.backend }}
- name: CLOUDVOLUMES_PORT
value: {{ .Values.servicePort | quote }}
- name: LOG_LEVEL
value: {{ .Values.logLevel }}
ports:
- containerPort: {{ .Values.servicePort }}
volumeMounts:
- name: log-dir
mountPath: /var/log
volumes:
- name: log-dir
hostPath:
path: /var/log
{{- end }}

28
charts/hpe/hpe-flexvolume-driver/templates/post-install.yaml
View File

@ -1,28 +0,0 @@
apiVersion: batch/v1
kind: Job
metadata:
name: "{{.Release.Name}}"
labels:
app.kubernetes.io/managed-by: {{.Release.Service | quote}}
app.kubernetes.io/instance: {{.Release.Name | quote}}
app.kubernetes.io/version: {{.Chart.AppVersion | quote}}
helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
annotations:
"helm.sh/hook": post-install
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
name: "{{.Release.Name}}"
labels:
app.kubernetes.io/managed-by: {{.Release.Service | quote }}
app.kubernetes.io/instance: {{.Release.Name | quote }}
helm.sh/chart: "{{.Chart.Name}}-{{.Chart.Version}}"
spec:
restartPolicy: Never
containers:
- name: post-install-job
image: "alpine:3.3"
command: ["/bin/sleep","{{default "10" .Values.serviceWaitTime}}"]

16
charts/hpe/hpe-flexvolume-driver/templates/sc.yaml
View File

@ -1,16 +0,0 @@
{{ if .Values.storageClass.create -}}
---
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: {{ .Values.storageClass.name }}
labels:
plugin: {{ .Release.Name }}
{{- if .Values.storageClass.defaultClass }}
annotations:
storageclass.kubernetes.io/is-default-class: "true"
{{- end }}
provisioner: hpe.com/{{ .Values.pluginType }}
parameters:
description: {{ .Values.volumeDescription }}
{{- end }}

97
charts/hpe/hpe-flexvolume-driver/values.yaml
View File

@ -1,97 +0,0 @@
# Default values for hpe-flexvolume-driver
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
#doryd image
dynamicProvisionerTag: v3.1.0
dynamicProvisionerImage: store/hpestorage/k8s-dynamic-provisioner
#flexvolume plugin image
flexVolumeDriverTag: v3.1.0
flexVolumeDriverImage: store/hpestorage/flexvolume-driver
#container-provider image
containerProviderTag: v3.1.0
containerProviderImage: store/hpestorage/cv-cp
#parameters
backend: 192.168.1.1
username: admin
password: admin
protocol: iscsi
servicePort: "8080"
serviceName: cv-cp-svc
#storage class parameters
fsType: xfs
volumeDescription: "Volume created by HPE Volume Driver for Kubernetes FlexVolume Plugin"
#service parameters
# wait seconds for doryd/flexvolume node plugins to start
serviceWaitTime: "10"
#flavor
flavor: k8s
#platform for which plugin is being deployed.i.e nimble or cv
pluginType: nimble
#bindMountPath where kubelet bindmounts volume to pod namespace
podsMountDir: /var/lib/kubelet/pods
#volumePluginDir volume plugin directory where kubelet watches for flexvolume plugin
flexVolumeExec:
- name: eks
value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
- name: k8s
value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
- name: ocp
value: /etc/kubernetes/kubelet-plugins/volume/exec
- name: gkeop
value: /usr/libexec/kubernetes/kubelet-plugins/volume/exec
- name: gke
value: /home/kubernetes/flexvolume
- name: aks
value: /etc/kubernetes/volumeplugins
- name: rke
value: /var/lib/kubelet/volumeplugins
#log level for flexvolume driver and dynamic provisioner
logLevel: info
## For creating the StorageClass automatically:
storageClass:
create: true
## Set StorageClass as the default StorageClass
## Ignored if storageClass.create is false
defaultClass: false
## Set a StorageClass name
## Ignored if storageClass.create is false
name: hpe-standard
nimble:
config:
limitIOPS: "-1"
limitMBPS: "-1"
perfPolicy: DockerDefault
cv:
config:
snapPrefix: BaseFor
automatedConnection: true
existingCloudSubnet: 10.1.0.0/24
region: us-east-1
privateCloud: vpc-data
cloudComputeProvider: "Amazon AWS"
perfPolicy: Other
volumeType: PF
encryption: true
protectionTemplate: twicedaily:4
destroyOnRm: true
limitIOPS: "1000"
# In case of multiple initiators, add one per line and escape double quotes as below
initiators:
- '"eth0"'
privateCloudResourceGroup: ""

20
charts/softiron/ceph-csi-rbd/Chart.yaml
View File

@ -1,20 +0,0 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: SoftIron Ceph RBD
catalog.cattle.io/release-name: ceph-csi-rbd
apiVersion: v1
appVersion: canary
description: CSI RBD Driver for SoftIron HyperDrive
home: https://github.com/softiron/ceph-csi
icon: https://cdn.softiron.com/helm/assets/icon.png
keywords:
- ceph
- rbd
- ceph-csi
- softiron
- hyperdrive
kubeVersion: 1.18 - 1.22
name: ceph-csi-rbd
sources:
- https://github.com/softiron/ceph-csi/tree/rancher-softiron/charts/ceph-csi-rbd
version: 1.3.1

186
charts/softiron/ceph-csi-rbd/README.md
View File

@ -1,186 +0,0 @@
# ceph-csi-rbd
The ceph-csi-rbd chart adds rbd volume support to your cluster.
## Install from release repo
Add chart repository to install helm charts from it
```console
helm repo add ceph-csi https://ceph.github.io/csi-charts
```
## Install from local Chart
we need to enter into the directory where all charts are present
```console
cd charts
```
**Note:** charts directory is present in root of the ceph-csi project
### Install chart
To install the Chart into your Kubernetes cluster
- For helm 2.x
```bash
helm install --namespace "ceph-csi-rbd" --name "ceph-csi-rbd" ceph-csi/ceph-csi-rbd
```
- For helm 3.x
Create the namespace where Helm should install the components with
```bash
kubectl create namespace "ceph-csi-rbd"
```
Run the installation
```bash
helm install --namespace "ceph-csi-rbd" "ceph-csi-rbd" ceph-csi/ceph-csi-rbd
```
After installation succeeds, you can get a status of Chart
```bash
helm status "ceph-csi-rbd"
```
### Delete Chart
If you want to delete your Chart, use this command
- For helm 2.x
```bash
helm delete --purge "ceph-csi-rbd"
```
- For helm 3.x
```bash
helm uninstall "ceph-csi-rbd" --namespace "ceph-csi-rbd"
```
If you want to delete the namespace, use this command
```bash
kubectl delete namespace ceph-csi-rbd
```
### Configuration
The following table lists the configurable parameters of the ceph-csi-cephfs
charts and their default values.
| Parameter | Description | Default |
| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------- |
| `rbac.create` | Specifies whether RBAC resources should be created | `true` |
| `serviceAccounts.nodeplugin.create` | Specifies whether a nodeplugin ServiceAccount should be created | `true` |
| `serviceAccounts.nodeplugin.name` | The name of the nodeplugin ServiceAccount to use. If not set and create is true, a name is generated using the fullname | "" |
| `serviceAccounts.provisioner.create` | Specifies whether a provisioner ServiceAccount should be created | `true` |
| `serviceAccounts.provisioner.name` | The name of the provisioner ServiceAccount to use. If not set and create is true, a name is generated using the fullname | "" |
| `csiConfig` | Configuration for the CSI to connect to the cluster | [] |
| `csiMapping` | Configuration details of clusterID,PoolID,FscID mapping | [] |
| `encryptionKMSConfig` | Configuration for the encryption KMS | `{}` |
| `logLevel` | Set logging level for csi containers. Supported values from 0 to 5. 0 for general useful logs, 5 for trace level verbosity. | `5` |
| `nodeplugin.name` | Specifies the nodeplugins name | `nodeplugin` |
| `nodeplugin.updateStrategy` | Specifies the update Strategy. If you are using ceph-fuse client set this value to OnDelete | `RollingUpdate` |
| `nodeplugin.priorityClassName` | Set user created priorityclassName for csi plugin pods. default is system-node-critical which is highest priority | `system-node-critical` |
| `nodeplugin.profiling.enabled` | Specifies whether profiling should be enabled | `false` |
| `nodeplugin.registrar.image.repository` | Node Registrar image repository URL | `k8s.gcr.io/sig-storage/csi-node-driver-registrar` |
| `nodeplugin.registrar.image.tag` | Image tag | `v2.2.0` |
| `nodeplugin.registrar.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `nodeplugin.plugin.image.repository` | Nodeplugin image repository URL | `quay.io/cephcsi/cephcsi` |
| `nodeplugin.plugin.image.tag` | Image tag | `canary` |
| `nodeplugin.plugin.image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `nodeplugin.nodeSelector` | Kubernetes `nodeSelector` to add to the Daemonset | `{}` |
| `nodeplugin.tolerations` | List of Kubernetes `tolerations` to add to the Daemonset | `{}` |
| `nodeplugin.podSecurityPolicy.enabled` | If true, create & use [Pod Security Policy resources](https://kubernetes.io/docs/concepts/policy/pod-security-policy/). | `false` |
| `provisioner.name` | Specifies the name of provisioner | `provisioner` |
| `provisioner.replicaCount` | Specifies the replicaCount | `3` |
| `provisioner.defaultFSType` | Specifies the default Fstype | `ext4` |
| `provisioner.deployController` | It enables or disables the deployment of controller which generates the OMAP data if it is not present | `true` |
| `provisioner.hardMaxCloneDepth` | Hard limit for maximum number of nested volume clones that are taken before a flatten occurs | `8` |
| `provisioner.softMaxCloneDepth` | Soft limit for maximum number of nested volume clones that are taken before a flatten occurs | `4` |
| `provisioner.maxSnapshotsOnImage` | Maximum number of snapshots allowed on rbd image without flattening | `450` |
| `provisioner.minSnapshotsOnImage` | Minimum number of snapshots allowed on rbd image to trigger flattening | `250` |
| `provisioner.skipForceFlatten` | Skip image flattening if kernel support mapping of rbd images which has the deep-flatten feature | `false` |
| `provisioner.timeout` | GRPC timeout for waiting for creation or deletion of a volume | `60s` |
| `provisioner.priorityClassName` | Set user created priorityclassName for csi provisioner pods. Default is `system-cluster-critical` which is less priority than `system-node-critical` | `system-cluster-critical` |
| `provisioner.profiling.enabled` | Specifies whether profiling should be enabled | `false` |
| `provisioner.provisioner.image.repository` | Specifies the csi-provisioner image repository URL | `k8s.gcr.io/sig-storage/csi-provisioner` |
| `provisioner.provisioner.image.tag` | Specifies image tag | `v2.2.2` |
| `provisioner.provisioner.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
| `provisioner.attacher.image.repository` | Specifies the csi-attacher image repository URL | `k8s.gcr.io/sig-storage/csi-attacher` |
| `provisioner.attacher.image.tag` | Specifies image tag | `v3.2.1` |
| `provisioner.attacher.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
| `provisioner.attacher.name` | Specifies the name of csi-attacher sidecar | `attacher` |
| `provisioner.attacher.enabled` | Specifies whether attacher sidecar is enabled | `true` |
| `provisioner.resizer.image.repository` | Specifies the csi-resizer image repository URL | `k8s.gcr.io/sig-storage/csi-resizer` |
| `provisioner.resizer.image.tag` | Specifies image tag | `v1.2.0` |
| `provisioner.resizer.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
| `provisioner.resizer.name` | Specifies the name of csi-resizer sidecar | `resizer` |
| `provisioner.resizer.enabled` | Specifies whether resizer sidecar is enabled | `true` |
| `provisioner.snapshotter.image.repository` | Specifies the csi-snapshotter image repository URL | `k8s.gcr.io/sig-storage/csi-snapshotter` |
| `provisioner.snapshotter.image.tag` | Specifies image tag | `v4.1.1` |
| `provisioner.snapshotter.image.pullPolicy` | Specifies pull policy | `IfNotPresent` |
| `provisioner.nodeSelector` | Specifies the node selector for provisioner deployment | `{}` |
| `provisioner.tolerations` | Specifies the tolerations for provisioner deployment | `{}` |
| `provisioner.affinity` | Specifies the affinity for provisioner deployment | `{}` |
| `provisioner.podSecurityPolicy.enabled` | Specifies whether podSecurityPolicy is enabled | `false` |
| `topology.enabled` | Specifies whether topology based provisioning support should be exposed by CSI | `false` |
| `topology.domainLabels` | DomainLabels define which node labels to use as domains for CSI nodeplugins to advertise their domains | `{}` |
| `provisionerSocketFile` | The filename of the provisioner socket | `csi-provisioner.sock` |
| `pluginSocketFile` | The filename of the plugin socket | `csi.sock` |
| `kubeletDir` | kubelet working directory | `/var/lib/kubelet` |
| `cephLogDirHostPath` | Host path location for ceph client processes logging, ex: rbd-nbd | `/var/log/ceph` |
| `driverName` | Name of the csi-driver | `rbd.csi.ceph.com` |
| `configMapName` | Name of the configmap which contains cluster configuration | `ceph-csi-config` |
| `externallyManagedConfigmap` | Specifies the use of an externally provided configmap | `false` |
| `kmsConfigMapName` | Name of the configmap used for encryption kms configuration | `ceph-csi-encryption-kms-config` |
| `storageClass.create` | Specifies whether the StorageClass should be created | `false` |
| `storageClass.name` | Specifies the rbd StorageClass name | `csi-rbd-sc` |
| `storageClass.clusterID` | String representing a Ceph cluster to provision storage from | `<cluster-ID>` |
| `storageClass.dataPool` | Specifies the erasure coded pool | `""` |
| `storageClass.pool` | Ceph pool into which the RBD image shall be created | `replicapool` |
| `storageClass.thickProvision` | Specifies whether thick provision should be enabled | `false` |
| `storageclass.imageFeatures` | Specifies RBD image features | `layering` |
| `storageClass.mounter` | Specifies RBD mounter | `""` |
| `storageClass.cephLogDir` | ceph client log location, it is the target bindmount path used inside container | `"/var/log/ceph"` |
| `storageClass.cephLogStrategy` | ceph client log strategy, available options `remove` or `compress` or `preserve` | `"remove"` |
| `storageClass.volumeNamePrefix` | Prefix to use for naming RBD images | `""` |
| `storageClass.encrypted` | Specifies whether volume should be encrypted. Set it to true if you want to enable encryption | `""` |
| `storageClass.encryptionKMSID` | Specifies the encryption kms id | `""` |
| `storageClass.topologyConstrainedPools` | Add topology constrained pools configuration, if topology based pools are setup, and topology constrained provisioning is required | `[]` |
| `storageClass.mapOptions` | Specifies comma-separated list of map options | `""` |
| `storageClass.unmapOtpions` | Specifies comma-separated list of unmap options | `""` |
| `storageClass.provisionerSecret` | The secrets have to contain user and/or Ceph admin credentials. | `csi-rbd-secret` |
| `storageClass.provisionerSecretNamespace` | Specifies the provisioner secret namespace | `""` |
| `storageClass.controllerExpandSecret` | Specifies the controller expand secret name | `csi-rbd-secret` |
| `storageClass.controllerExpandSecretNamespace` | Specifies the controller expand secret namespace | `""` |
| `storageClass.nodeStageSecret` | Specifies the node stage secret name | `csi-rbd-secret` |
| `storageClass.nodeStageSecretNamespace` | Specifies the node stage secret namespace | `""` |
| `storageClass.fstype` | Specify the filesystem type of the volume | `ext4` |
| `storageClass.reclaimPolicy` | Specifies the reclaim policy of the StorageClass | `Delete` |
| `storageClass.allowVolumeExpansion` | Specifies whether volume expansion should be allowed | `true` |
| `storageClass.mountOptions` | Specifies the mount options for storageClass | `[]` |
| `secret.create` | Specifies whether the secret should be created | `false` |
| `secret.name` | Specifies the rbd secret name | `csi-rbd-secret` |
| `secret.userID` | Specifies the user ID of the rbd secret | `<plaintext ID>` |
| `secret.userKey` | Specifies the key that corresponds to the userID | `<Ceph auth key corresponding to ID above>` |
| `secret.encryptionPassphrase` | Specifies the encryption passphrase of the secret | `test_passphrase` |
### Command Line
You can pass the settings with helm command line parameters.
Specify each parameter using the --set key=value argument to helm install.
For Example:
```bash
helm install --set configMapName=ceph-csi-config --set provisioner.podSecurityPolicy.enabled=true
```

5
charts/softiron/ceph-csi-rbd/app-readme.md
View File

@ -1,5 +0,0 @@
# SoftIron Ceph CSI RBD Driver
This Chart is the RBD Plugin for Kubernetes, based off the ceph-csi-rbd project, for integrating SoftIron HyperDrive RBD with Kubernetes clusters.
Variable names can be found in the main README.

2
charts/softiron/ceph-csi-rbd/templates/NOTES.txt
View File

@ -1,2 +0,0 @@
Examples on how to configure a storage class and start using the driver are here:
https://github.com/ceph/ceph-csi/tree/devel/examples/rbd

90
charts/softiron/ceph-csi-rbd/templates/_helpers.tpl
View File

@ -1,90 +0,0 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "ceph-csi-rbd.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ceph-csi-rbd.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ceph-csi-rbd.nodeplugin.fullname" -}}
{{- if .Values.nodeplugin.fullnameOverride -}}
{{- .Values.nodeplugin.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.nodeplugin.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "ceph-csi-rbd.provisioner.fullname" -}}
{{- if .Values.provisioner.fullnameOverride -}}
{{- .Values.provisioner.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- printf "%s-%s" .Release.Name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s-%s" .Release.Name $name .Values.provisioner.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "ceph-csi-rbd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "ceph-csi-rbd.serviceAccountName.nodeplugin" -}}
{{- if .Values.serviceAccounts.nodeplugin.create -}}
{{ default (include "ceph-csi-rbd.nodeplugin.fullname" .) .Values.serviceAccounts.nodeplugin.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.nodeplugin.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "ceph-csi-rbd.serviceAccountName.provisioner" -}}
{{- if .Values.serviceAccounts.provisioner.create -}}
{{ default (include "ceph-csi-rbd.provisioner.fullname" .) .Values.serviceAccounts.provisioner.name }}
{{- else -}}
{{ default "default" .Values.serviceAccounts.provisioner.name }}
{{- end -}}
{{- end -}}

15
charts/softiron/ceph-csi-rbd/templates/ceph-conf.yaml
View File

@ -1,15 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: ceph-config
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "ceph-csi-rbd.name" . }}
chart: {{ include "ceph-csi-rbd.chart" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
ceph.conf: |
{{ tpl .Values.cephconf . | indent 4 }}
keyring: ""

11
charts/softiron/ceph-csi-rbd/templates/csidriver-crd.yaml
View File

@ -1,11 +0,0 @@
{{ if semverCompare ">=1.18.0-beta.1" .Capabilities.KubeVersion.Version }}
apiVersion: storage.k8s.io/v1
{{ else }}
apiVersion: storage.k8s.io/v1beta1
{{ end }}
kind: CSIDriver
metadata:
name: {{ .Values.driverName }}
spec:
attachRequired: true
podInfoOnMount: false

18
charts/softiron/ceph-csi-rbd/templates/csiplugin-configmap.yaml
View File

@ -1,18 +0,0 @@
{{- if not .Values.externallyManagedConfigmap }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.configMapName | quote }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "ceph-csi-rbd.name" . }}
chart: {{ include "ceph-csi-rbd.chart" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
config.json: |-
{{ toJson .Values.csiConfig | indent 4 -}}
cluster-mapping.json: |-
{{ toJson .Values.csiMapping | indent 4 -}}
{{- end }}

14
charts/softiron/ceph-csi-rbd/templates/encryptionkms-configmap.yaml
View File

@ -1,14 +0,0 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Values.kmsConfigMapName | quote }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "ceph-csi-rbd.name" . }}
chart: {{ include "ceph-csi-rbd.chart" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
config.json: |-
{{ toJson .Values.encryptionKMSConfig | indent 4 -}}

34
charts/softiron/ceph-csi-rbd/templates/nodeplugin-clusterrole.yaml
View File

@ -1,34 +0,0 @@
{{- if .Values.rbac.create -}}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
labels:
app: {{ include "ceph-csi-rbd.name" . }}
chart: {{ include "ceph-csi-rbd.chart" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
rules:
{{- if .Values.topology.enabled }}
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
{{- end }}
# allow to read Vault Token and connection options from the Tenants namespace
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["get"]
- apiGroups: [""]
resources: ["serviceaccounts"]
verbs: ["get"]
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["list", "get"]
{{- end -}}

22
charts/softiron/ceph-csi-rbd/templates/nodeplugin-clusterrolebinding.yaml
View File

@ -1,22 +0,0 @@
{{- if .Values.rbac.create -}}
{{- if .Values.topology.enabled }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
labels:
app: {{ include "ceph-csi-rbd.name" . }}
chart: {{ include "ceph-csi-rbd.chart" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
subjects:
- kind: ServiceAccount
name: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

224
charts/softiron/ceph-csi-rbd/templates/nodeplugin-daemonset.yaml
View File

@ -1,224 +0,0 @@
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ include "ceph-csi-rbd.nodeplugin.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ include "ceph-csi-rbd.name" . }}
chart: {{ include "ceph-csi-rbd.chart" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
selector:
matchLabels:
app: {{ include "ceph-csi-rbd.name" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
updateStrategy:
type: {{ .Values.nodeplugin.updateStrategy }}
template:
metadata:
labels:
app: {{ include "ceph-csi-rbd.name" . }}
chart: {{ include "ceph-csi-rbd.chart" . }}
component: {{ .Values.nodeplugin.name }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
serviceAccountName: {{ include "ceph-csi-rbd.serviceAccountName.nodeplugin" . }}
hostNetwork: true
hostPID: true
{{- if .Values.nodeplugin.priorityClassName }}
priorityClassName: {{ .Values.nodeplugin.priorityClassName }}
{{- end }}
# to use e.g. Rook orchestrated cluster, and mons' FQDN is
# resolved through k8s service, set dns policy to cluster first
dnsPolicy: ClusterFirstWithHostNet
containers:
- name: driver-registrar
# This is necessary only for systems with SELinux, where
# non-privileged sidecar containers cannot access unix domain socket
# created by privileged CSI driver container.
securityContext:
privileged: true
image: "{{ .Values.nodeplugin.registrar.image.repository }}:{{ .Values.nodeplugin.registrar.image.tag }}"
imagePullPolicy: {{ .Values.nodeplugin.registrar.image.pullPolicy }}
args:
- "--v={{ .Values.logLevel }}"
- "--csi-address=/csi/{{ .Values.pluginSocketFile }}"
- "--kubelet-registration-path={{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}/{{ .Values.pluginSocketFile }}"
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: socket-dir
mountPath: /csi
- name: registration-dir
mountPath: /registration
resources:
{{ toYaml .Values.nodeplugin.registrar.resources | indent 12 }}
- name: csi-rbdplugin
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
args:
- "--nodeid=$(NODE_ID)"
- "--pluginpath={{ .Values.kubeletDir }}/plugins"
- "--stagingpath={{ .Values.kubeletDir }}/plugins/kubernetes.io/csi/pv/"
- "--type=rbd"
- "--nodeserver=true"
- "--pidlimit=-1"
- "--endpoint=$(CSI_ENDPOINT)"
- "--v={{ .Values.logLevel }}"
- "--drivername=$(DRIVER_NAME)"
{{- if .Values.topology.enabled }}
- "--domainlabels={{ .Values.topology.domainLabels | join "," }}"
{{- end }}
{{- if .Values.nodeplugin.profiling.enabled }}
- "--enableprofiling={{ .Values.nodeplugin.profiling.enabled }}"
{{- end }}
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: DRIVER_NAME
value: {{ .Values.driverName }}
- name: NODE_ID
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: CSI_ENDPOINT
value: "unix:///csi/{{ .Values.pluginSocketFile }}"
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
volumeMounts:
- name: socket-dir
mountPath: /csi
- mountPath: /dev
name: host-dev
- mountPath: /run/mount
name: host-mount
- mountPath: /sys
name: host-sys
- mountPath: /etc/selinux
name: etc-selinux
readOnly: true
- mountPath: /lib/modules
name: lib-modules
readOnly: true
- name: ceph-csi-config
mountPath: /etc/ceph-csi-config/
- name: ceph-config
mountPath: /etc/ceph/
- name: ceph-csi-encryption-kms-config
mountPath: /etc/ceph-csi-encryption-kms-config/
- name: plugin-dir
mountPath: {{ .Values.kubeletDir }}/plugins
mountPropagation: "Bidirectional"
- name: mountpoint-dir
mountPath: {{ .Values.kubeletDir }}/pods
mountPropagation: "Bidirectional"
- name: keys-tmp-dir
mountPath: /tmp/csi/keys
- name: ceph-logdir
mountPath: /var/log/ceph
resources:
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
{{- if .Values.nodeplugin.httpMetrics.enabled }}
- name: liveness-prometheus
securityContext:
privileged: true
image: "{{ .Values.nodeplugin.plugin.image.repository }}:{{ .Values.nodeplugin.plugin.image.tag }}"
imagePullPolicy: {{ .Values.nodeplugin.plugin.image.pullPolicy }}
args:
- "--type=liveness"
- "--endpoint=$(CSI_ENDPOINT)"
- "--metricsport={{ .Values.nodeplugin.httpMetrics.containerPort }}"
- "--metricspath=/metrics"
- "--polltime=60s"
- "--timeout=3s"
env:
- name: CSI_ENDPOINT
value: "unix:///csi/{{ .Values.pluginSocketFile }}"
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
volumeMounts:
- name: socket-dir
mountPath: /csi
resources:
{{ toYaml .Values.nodeplugin.plugin.resources | indent 12 }}
{{- end }}
volumes:
- name: socket-dir
hostPath:
path: "{{ .Values.kubeletDir }}/plugins/{{ .Values.driverName }}"
type: DirectoryOrCreate
- name: registration-dir
hostPath:
path: {{ .Values.kubeletDir }}/plugins_registry
type: Directory
- name: plugin-dir
hostPath:
path: {{ .Values.kubeletDir }}/plugins
type: Directory
- name: mountpoint-dir
hostPath:
path: {{ .Values.kubeletDir }}/pods
type: DirectoryOrCreate
- name: ceph-logdir
hostPath:
path: {{ .Values.cephLogDirHostPath }}
type: DirectoryOrCreate
- name: host-dev
hostPath:
path: /dev
- name: host-mount
hostPath:
path: /run/mount
- name: host-sys
hostPath:
path: /sys
- name: etc-selinux
hostPath:
path: /etc/selinux
- name: lib-modules
hostPath:
path: /lib/modules
- name: ceph-config
configMap:
name: ceph-config
- name: ceph-csi-config
configMap:
name: {{ .Values.configMapName | quote }}
{{- if .Values.configMapKey }}
items:
- key: {{ .Values.configMapKey | quote }}
path: config.json
{{- end }}
- name: ceph-csi-encryption-kms-config
configMap:
name: {{ .Values.kmsConfigMapName | quote }}
- name: keys-tmp-dir
emptyDir: {
medium: "Memory"
}
{{- if .Values.nodeplugin.affinity }}
affinity:
{{ toYaml .Values.nodeplugin.affinity | indent 8 -}}
{{- end -}}
{{- if .Values.nodeplugin.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeplugin.nodeSelector | indent 8 -}}
{{- end -}}
{{- if .Values.nodeplugin.tolerations }}
tolerations:
{{ toYaml .Values.nodeplugin.tolerations | indent 8 -}}
{{- end -}}

Some files were not shown because too many files have changed in this diff Show More