andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Charts CI 

```
Updated:
  dh2i/dxemssql:
    - 1.0.6
  dh2i/dxenterprisesqlag:
    - 1.0.2
  dh2i/dxoperator:
    - 1.0.2
  f5/nginx-ingress:
    - 1.2.2
  kasten/k10:
    - 7.0.0
  linkerd/linkerd-control-plane:
    - 2024.5.5
  linkerd/linkerd-crds:
    - 2024.5.5
  traefik/traefik:
    - 28.2.0
```
pull/1022/head
github-actions[bot] 2024-06-01 00:59:17 +00:00
parent 9216fbed52
commit 17d6677054
84 changed files with 5240 additions and 3573 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/dh2i/dxemssql-1.0.6.tgz Normal file
View File

Binary file not shown.

BIN
assets/dh2i/dxenterprisesqlag-1.0.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/dh2i/dxoperator-1.0.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-1.2.2.tgz Normal file
View File

Binary file not shown.

BIN
assets/kasten/k10-7.0.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-2024.5.4.tgz
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-2024.5.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-crds-2024.5.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/traefik/traefik-28.2.0.tgz Normal file
View File

Binary file not shown.

46
charts/dh2i/dxemssql/.helmignore
View File

@ -1,23 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

2
charts/dh2i/dxemssql/Chart.yaml
View File

@ -16,4 +16,4 @@ maintainers:
url: https://dh2i.com
name: dxemssql
type: application
version: 1.0.5
version: 1.0.6

30
charts/dh2i/dxemssql/README.md
View File

@ -1,15 +1,15 @@
# DxEnterprise for Microsoft SQL AG
This chart deploys a SQL Server availability group managed by DxEnterprise clustering technology.
## Prerequisites
- A secret on your Kubernetes cluster that contains SQL Server credentials (`MSSQL_SA_PASSWORD`) and your DxEnterprise cluster password (`DX_PASSKEY`)
- A DxEnterprise license key with availability group management features and tunnels enabled
- Optional: DxAdmin installed on a Windows machine. Installation instructions for DxAdmin can be found in [DH2i documentation](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/installation/dxadmin-qsg)
# Additional Information
Instructions for creating this chart using Rancher can be found in the [DxEnterprise Rancher guide](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes/mssql-ag-rancher#install-the-helm-chart), and additional DxEnterprise Kubernetes documentation can be found [here](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes).
Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy.
# DxEnterprise for Microsoft SQL AG
This chart deploys a SQL Server availability group managed by DxEnterprise clustering technology.
## Prerequisites
- A secret on your Kubernetes cluster that contains SQL Server credentials (`MSSQL_SA_PASSWORD`) and your DxEnterprise cluster password (`DX_PASSKEY`)
- A DxEnterprise license key with availability group management features and tunnels enabled
- Optional: DxAdmin installed on a Windows machine. Installation instructions for DxAdmin can be found in [DH2i documentation](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/installation/dxadmin-qsg)
# Additional Information
Instructions for creating this chart using Rancher can be found in the [DxEnterprise Rancher guide](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes/mssql-ag-rancher#install-the-helm-chart), and additional DxEnterprise Kubernetes documentation can be found [here](https://support.dh2i.com/docs/v22.0/guides/dxenterprise/containers/kubernetes).
Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy.

16
charts/dh2i/dxemssql/app-readme.md
View File

@ -1,8 +1,8 @@
# Availability Groups With DxEnterprise
DxEnterprise (DxE) uses Microsoft SQL Server Availability Groups clustering technology to dramatically reduce the complexity of configuring and managing highly available SQL Server AGs. DxEnterprise makes AGs highly available within containers without relying on WSFC or any other cumbersome and restrictive cluster orchestration technologies, while also providing advanced fault detection and failover automation to minimize outages for SQL Server databases, helping customers achieve nearest-to-zero total downtime. DxEnterprise AGs enable cross-network failover without opening external ports or the use of virtual private networks (VPNs), enabling simplified cross-network, cross-zone, and cross-region clusters.
- SDP-enhanced highly available SQL Server Availability Groups
- Realtime health detection and automatic failover
- Discreet and secure networking across AG nodes in separate sites, regions, or clouds - without a VPN
- Management simplicity and minimal complexity
# Availability Groups With DxEnterprise
DxEnterprise (DxE) uses Microsoft SQL Server Availability Groups clustering technology to dramatically reduce the complexity of configuring and managing highly available SQL Server AGs. DxEnterprise makes AGs highly available within containers without relying on WSFC or any other cumbersome and restrictive cluster orchestration technologies, while also providing advanced fault detection and failover automation to minimize outages for SQL Server databases, helping customers achieve nearest-to-zero total downtime. DxEnterprise AGs enable cross-network failover without opening external ports or the use of virtual private networks (VPNs), enabling simplified cross-network, cross-zone, and cross-region clusters.
- SDP-enhanced highly available SQL Server Availability Groups
- Realtime health detection and automatic failover
- Discreet and secure networking across AG nodes in separate sites, regions, or clouds - without a VPN
- Management simplicity and minimal complexity

243
charts/dh2i/dxemssql/questions.yml
View File

@ -1,116 +1,127 @@
questions:
- variable: replicas
label: "Replicas"
type: int
description: "The quantity of replicas (pods) to create. Note that setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. Only set this value below 3 if you intend to add these replicas to an existing AG."
default: 3
required: true
group: General
- variable: secretKeys
label: "Kubernetes Secret"
type: secret
description: "The name of the Kubernetes Secret to use for the MSSQL_SA_PASSWORD, DX_PASSKEY, and (optionally) DX_OTPK."
required: true
group: General
- variable: enableLoadBalancers
label: "Enable External Load Balancers"
type: string
description: "Enable or disable automatic provisioning of an external load balancer for each replica in the StatefulSet."
required: true
group: General
- variable: DX_LICENSE
label: "License Key"
type: string
description: "The license key for DxEnterprise."
required: true
group: "DxEnterprise"
- variable: DX_ACCEPT_EULA
label: "Accept EULA"
type: enum
default: "N"
description: "Accept the terms of the DxEnterprise license agreement. For more information, visit http://support.dh2i.com/docs/other/eula."
required: true
group: "DxEnterprise"
options:
- "Y"
- "N"
- variable: DX_VHOST_NAME
label: "Vhost Name"
type: string
description: "The name of the Vhost that the availability group will be created under."
default: "VHOST1"
group: "DxEnterprise"
- variable: DX_AG_NAME
label: "Availability Group Name"
type: string
description: "The name that will be given to the availability group."
default: "AG1"
group: "DxEnterprise"
- variable: DX_AG_OPTIONS
label: "Availability Group Options"
type: string
description: "Additional availability group options to apply during AG creation."
group: "DxEnterprise"
- variable: DX_NEW_CLUSTER
label: "Create a New Cluster"
type: string
description: "Whether or not to create a new DxEnterprise cluster, or join an existing one using the provided One-Time Passkey."
default: "true"
group: "DxEnterprise"
- variable: dxeImage.repository
label: "Repository"
type: string
description: "The repository to pull the DxEnterprise image from."
default: "dh2i/dxe"
group: "DxEnterprise"
subquestions:
- variable: dxeImage.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the DxEnterprise image."
default: "Always"
group: "DxEnterprise"
- variable: dxeImage.tag
label: "Image Tag"
type: string
description: "The tag to use for the DxEnterprise image."
default: "latest"
group: "DxEnterprise"
- variable: MSSQL_PID
label: Edition
type: string
description: "The SQL Server edition (PID)."
required: true
default: Developer
group: "SQL Server"
- variable: ACCEPT_EULA
label: "Accept EULA"
type: enum
default: "N"
description: "Accept the terms of the SQL Server EULA."
required: true
group: "SQL Server"
options:
- "Y"
- "N"
- variable: sqlImage.repository
label: "Repository"
type: string
description: "The repository to pull the SQL Server image from."
default: "mcr.microsoft.com/mssql/server"
group: "SQL Server"
subquestions:
- variable: sqlImage.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the SQL Server image."
default: "Always"
group: "SQL Server"
- variable: sqlImage.tag
label: "Image Tag"
type: string
description: "The tag to use for the SQL Server image."
default: "2022-latest"
group: "SQL Server"
questions:
- variable: replicas
label: "Replicas"
type: int
description: "The quantity of replicas (pods) to create. Note that setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA. Only set this value below 3 if you intend to add these replicas to an existing AG."
default: 3
required: true
group: General
- variable: secretKeys
label: "Kubernetes Secret"
type: secret
description: "The name of the Kubernetes Secret to use for the MSSQL_SA_PASSWORD, DX_PASSKEY, and (optionally) DX_OTPK."
required: true
group: General
- variable: enableLoadBalancers
label: "Enable External Load Balancers"
type: boolean
description: "Enable or disable automatic provisioning of an external load balancer for each replica in the StatefulSet."
default: true
group: General
- variable: DX_LICENSE
label: "License Key"
type: string
description: "The license key for DxEnterprise."
required: true
group: "DxEnterprise"
- variable: DX_ACCEPT_EULA
label: "Accept EULA"
type: enum
default: "N"
description: "Accept the terms of the DxEnterprise license agreement. For more information, visit http://support.dh2i.com/docs/other/eula."
required: true
group: "DxEnterprise"
options:
- "Y"
- "N"
- variable: DX_VHOST_NAME
label: "Vhost Name"
type: string
description: "The name of the Vhost that the availability group will be created under."
default: "VHOST1"
group: "DxEnterprise"
- variable: DX_AG_NAME
label: "Availability Group Name"
type: string
description: "The name that will be given to the availability group."
default: "AG1"
group: "DxEnterprise"
- variable: DX_AG_OPTIONS
label: "Availability Group Options"
type: string
description: "Additional availability group options to apply during AG creation."
group: "DxEnterprise"
- variable: DX_NEW_CLUSTER
label: "Create a New Cluster"
type: boolean
description: "Whether or not to create a new DxEnterprise cluster, or join an existing one using the provided One-Time Passkey."
default: true
group: "DxEnterprise"
- variable: DX_USE_NAT
label: "Join using NAT matchmaker"
type: boolean
default: false
description: "Enables the NAT matchmaker to find peers when forming a cluster. Requires DX_OTPK to be set in the dxe secret."
group: "DxEnterprise"
- variable: DX_JOIN_TARGET
label: "Join target"
type: string
default: ""
description: "The name or IP address of a peer DxEnterprise cluster node to join to when forming a cluster."
group: "DxEnterprise"
- variable: dxeImage.repository
label: "Repository"
type: string
description: "The repository to pull the DxEnterprise image from."
default: "docker.io/dh2i/dxe"
group: "DxEnterprise"
subquestions:
- variable: dxeImage.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the DxEnterprise image."
default: "Always"
group: "DxEnterprise"
- variable: dxeImage.tag
label: "Image Tag"
type: string
description: "The tag to use for the DxEnterprise image."
default: "latest"
group: "DxEnterprise"
- variable: MSSQL_PID
label: Edition
type: string
description: "The SQL Server edition (PID)."
required: true
default: Developer
group: "SQL Server"
- variable: ACCEPT_EULA
label: "Accept EULA"
type: enum
default: "N"
description: "Accept the terms of the SQL Server EULA."
group: "SQL Server"
options:
- "Y"
- "N"
- variable: sqlImage.repository
label: "Repository"
type: string
description: "The repository to pull the SQL Server image from."
default: "mcr.microsoft.com/mssql/server"
group: "SQL Server"
subquestions:
- variable: sqlImage.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the SQL Server image."
default: "Always"
group: "SQL Server"
- variable: sqlImage.tag
label: "Image Tag"
type: string
description: "The tag to use for the SQL Server image."
default: "2022-latest"
group: "SQL Server"

124
charts/dh2i/dxemssql/templates/_helpers.tpl
View File

@ -1,62 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dxemssql.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dxemssql.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dxemssql.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dxemssql.labels" -}}
helm.sh/chart: {{ include "dxemssql.chart" . }}
{{ include "dxemssql.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dxemssql.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dxemssql.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dxemssql.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dxemssql.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Expand the name of the chart.
*/}}
{{- define "dxemssql.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dxemssql.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dxemssql.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dxemssql.labels" -}}
helm.sh/chart: {{ include "dxemssql.chart" . }}
{{ include "dxemssql.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dxemssql.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dxemssql.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dxemssql.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dxemssql.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

44
charts/dh2i/dxemssql/templates/external-lb.yaml
View File

@ -1,23 +1,23 @@
{{- if eq (.Values.enableLoadBalancers | toString | lower) "true" }}
{{- range untilStep 0 (.Values.replicas | int) 1 }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "dxemssql.fullname" $ }}-lb-{{ . }}
spec:
type: LoadBalancer
externalTrafficPolicy: Local
selector:
statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }}
ports:
- name: sql
protocol: TCP
port: 1433
targetPort: 1433
- name: dxe-admin
protocol: TCP
port: 7979
targetPort: 7979
---
{{- end }}
{{- if eq (.Values.enableLoadBalancers | toString | lower) "true" }}
{{- range untilStep 0 (.Values.replicas | int) 1 }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "dxemssql.fullname" $ }}-lb-{{ . }}
spec:
type: LoadBalancer
externalTrafficPolicy: Local
selector:
statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }}
ports:
- name: sql
protocol: TCP
port: 1433
targetPort: 1433
- name: dxe-admin
protocol: TCP
port: 7979
targetPort: 7979
---
{{- end }}
{{- end }}

48
charts/dh2i/dxemssql/templates/headless-svc.yaml
View File

@ -1,25 +1,25 @@
#headless services for local connections/resolution
{{- range untilStep 0 (.Values.replicas | int) 1 }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "dxemssql.fullname" $ }}-{{ . }}
spec:
clusterIP: None
selector:
statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }}
ports:
- name: dxlmonitor
protocol: TCP
port: 7979
- name: dxcmonitor-tcp
protocol: TCP
port: 7980
- name: dxcmonitor-udp
protocol: UDP
port: 7981
- name: ag-endpoint
protocol: TCP
port: 5022
---
#headless services for local connections/resolution
{{- range untilStep 0 (.Values.replicas | int) 1 }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "dxemssql.fullname" $ }}-{{ . }}
spec:
clusterIP: None
selector:
statefulset.kubernetes.io/pod-name: {{ template "dxemssql.fullname" $ }}-{{ . }}
ports:
- name: dxlmonitor
protocol: TCP
port: 7979
- name: dxcmonitor-tcp
protocol: TCP
port: 7980
- name: dxcmonitor-udp
protocol: UDP
port: 7981
- name: ag-endpoint
protocol: TCP
port: 5022
---
{{- end }}

220
charts/dh2i/dxemssql/templates/statefulset.yaml
View File

@ -1,108 +1,112 @@
#DxEnterprise + MSSQL StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "dxemssql.fullname" . }}
labels:
{{- include "dxemssql.labels" . | nindent 4 }}
spec:
serviceName: {{ include "dxemssql.fullname" . }}
replicas: {{ .Values.replicas }}
selector:
matchLabels:
{{- include "dxemssql.labels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dxemssql.labels" . | nindent 8 }}
spec:
securityContext:
fsGroup: 10001
containers:
- name: sql
image: "{{ .Values.sqlImage.repository }}:{{ .Values.sqlImage.tag }}"
imagePullPolicy: {{ .Values.sqlImage.pullPolicy }}
env:
- name: ACCEPT_EULA
value: {{ required "You must accept the SQL Server EULA." .Values.ACCEPT_EULA | upper | quote }}
- name: MSSQL_AGENT_ENABLED
value: {{ .Values.MSSQL_AGENT_ENABLED | quote }}
- name: MSSQL_ENABLE_HADR
value: "1"
- name: MSSQL_PID
value: {{ .Values.MSSQL_PID | quote }}
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }}
key: MSSQL_SA_PASSWORD
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
tcpSocket:
port: 1433
volumeMounts:
- name: mssql
mountPath: "/var/opt/mssql"
- name: dxe
image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}"
imagePullPolicy: {{ .Values.dxeImage.pullPolicy }}
env:
- name: DX_LICENSE
value: {{ required "DxEnterprise license key is required." .Values.DX_LICENSE | upper | quote }}
- name: DX_ACCEPT_EULA
value: {{ required "You must accept the DxEnterprise EULA." .Values.DX_ACCEPT_EULA | lower | quote }}
- name: DX_OTPK
valueFrom:
secretKeyRef:
name: {{ .Values.secretKeys }}
key: DX_OTPK
optional: true
- name: DX_PASSKEY
valueFrom:
secretKeyRef:
name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }}
key: DX_PASSKEY
- name: DX_VHOST_NAME
value: {{ .Values.DX_VHOST_NAME | upper | quote }}
- name: DX_AG_NAME
value: {{ .Values.DX_AG_NAME | upper | quote }}
- name: DX_AG_OPTIONS
value: {{ .Values.DX_AG_OPTIONS | quote }}
- name: DX_NEW_CLUSTER
value: {{ .Values.DX_NEW_CLUSTER | lower | quote }}
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secretKeys }}
key: MSSQL_SA_PASSWORD
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 12
exec:
command:
- sh
- -c
- "cat /opt/dh2i/sbin/ready | grep -q \"1\""
volumeMounts:
- name: dxe
mountPath: "/etc/dh2i"
volumeClaimTemplates:
- metadata:
name: dxe
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- metadata:
name: mssql
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
#DxEnterprise + MSSQL StatefulSet
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: {{ include "dxemssql.fullname" . }}
labels:
{{- include "dxemssql.labels" . | nindent 4 }}
spec:
serviceName: {{ include "dxemssql.fullname" . }}
replicas: {{ .Values.replicas }}
selector:
matchLabels:
{{- include "dxemssql.labels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dxemssql.labels" . | nindent 8 }}
spec:
securityContext:
fsGroup: 10001
containers:
- name: sql
image: "{{ .Values.sqlImage.repository }}:{{ .Values.sqlImage.tag }}"
imagePullPolicy: {{ .Values.sqlImage.pullPolicy }}
env:
- name: ACCEPT_EULA
value: {{ required "You must accept the SQL Server EULA." .Values.ACCEPT_EULA | upper | quote }}
- name: MSSQL_AGENT_ENABLED
value: {{ .Values.MSSQL_AGENT_ENABLED | quote }}
- name: MSSQL_ENABLE_HADR
value: "1"
- name: MSSQL_PID
value: {{ .Values.MSSQL_PID | quote }}
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }}
key: MSSQL_SA_PASSWORD
readinessProbe:
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 12
tcpSocket:
port: 1433
volumeMounts:
- name: mssql
mountPath: "/var/opt/mssql"
- name: dxe
image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}"
imagePullPolicy: {{ .Values.dxeImage.pullPolicy }}
env:
- name: DX_LICENSE
value: {{ required "DxEnterprise license key is required." .Values.DX_LICENSE | upper | quote }}
- name: DX_ACCEPT_EULA
value: {{ required "You must accept the DxEnterprise EULA." .Values.DX_ACCEPT_EULA | lower | quote }}
- name: DX_OTPK
valueFrom:
secretKeyRef:
name: {{ .Values.secretKeys }}
key: DX_OTPK
optional: true
- name: DX_PASSKEY
valueFrom:
secretKeyRef:
name: {{ required "You must provide a secret key that contains MSSQL_SA_PASSWORD and DX_PASSKEY." .Values.secretKeys }}
key: DX_PASSKEY
- name: DX_VHOST_NAME
value: {{ .Values.DX_VHOST_NAME | upper | quote }}
- name: DX_AG_NAME
value: {{ .Values.DX_AG_NAME | upper | quote }}
- name: DX_AG_OPTIONS
value: {{ .Values.DX_AG_OPTIONS | quote }}
- name: DX_NEW_CLUSTER
value: {{ .Values.DX_NEW_CLUSTER | toString | lower | quote }}
- name: DX_USE_NAT
value: {{ .Values.DX_USE_NAT | toString | lower | quote }}
- name: DX_JOIN_TARGET
value: {{ .Values.DX_JOIN_TARGET | quote }}
- name: MSSQL_SA_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.secretKeys }}
key: MSSQL_SA_PASSWORD
readinessProbe:
initialDelaySeconds: 10
periodSeconds: 10
failureThreshold: 12
exec:
command:
- sh
- -c
- "cat /opt/dh2i/sbin/ready | grep -q \"1\""
volumeMounts:
- name: dxe
mountPath: "/etc/dh2i"
volumeClaimTemplates:
- metadata:
name: dxe
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
- metadata:
name: mssql
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi

56
charts/dh2i/dxemssql/templates/tests/test-setup.yaml
View File

@ -1,29 +1,29 @@
#Test for dxemssql
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "dxemssql.fullname" . }}-test"
labels:
{{- include "dxemssql.labels" . | nindent 4 }}
annotations:
helm.sh/hook: test
spec:
restartPolicy: Never
containers:
- name: dxe
image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}"
imagePullPolicy: {{ .Values.dxeImage.pullPolicy }}
env:
- name: DX_TARGET_HOSTNAME
value: "{{ include "dxemssql.fullname" . }}-0"
- name: DX_PASSKEY
valueFrom:
secretKeyRef:
name: {{ .Values.secretKeys }}
key: DX_PASSKEY
- name: DX_VHOST_NAME
value: {{ .Values.DX_VHOST_NAME | upper | quote }}
- name: DX_AG_NAME
value: {{ .Values.DX_AG_NAME | upper | quote }}
command: ["/bin/bash"]
#Test for dxemssql
apiVersion: v1
kind: Pod
metadata:
name: "{{ include "dxemssql.fullname" . }}-test"
labels:
{{- include "dxemssql.labels" . | nindent 4 }}
annotations:
helm.sh/hook: test
spec:
restartPolicy: Never
containers:
- name: dxe
image: "{{ .Values.dxeImage.repository }}:{{ .Values.dxeImage.tag }}"
imagePullPolicy: {{ .Values.dxeImage.pullPolicy }}
env:
- name: DX_TARGET_HOSTNAME
value: "{{ include "dxemssql.fullname" . }}-0"
- name: DX_PASSKEY
valueFrom:
secretKeyRef:
name: {{ .Values.secretKeys }}
key: DX_PASSKEY
- name: DX_VHOST_NAME
value: {{ .Values.DX_VHOST_NAME | upper | quote }}
- name: DX_AG_NAME
value: {{ .Values.DX_AG_NAME | upper | quote }}
command: ["/bin/bash"]
args: ["-c", "/opt/dh2i/sbin/helm-test.sh"]

26
charts/dh2i/dxemssql/values.schema.json
View File

@ -1,14 +1,14 @@
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"required": [
"replicas"
],
"properties": {
"replicas": {
"type": "integer",
"minimum": 1,
"maximum": 5
}
}
{
"$schema": "http://json-schema.org/schema#",
"type": "object",
"required": [
"replicas"
],
"properties": {
"replicas": {
"type": "integer",
"minimum": 1,
"maximum": 5
}
}
}

78
charts/dh2i/dxemssql/values.yaml
View File

@ -1,38 +1,40 @@
# Default values for dxemssql.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# General
# CAUTION: Setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA.
# See https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups
# Only set this value below 3 if you intend to assign these replicas to an existing availability group
replicas: 3
secretKeys: null
enableLoadBalancers: "true"
# SQL Server settings
sqlImage:
repository: "mcr.microsoft.com/mssql/server"
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "2022-latest"
MSSQL_PID: "Developer"
ACCEPT_EULA: null
MSSQL_AGENT_ENABLED: "false"
# DxEnterprise settings
dxeImage:
repository: dh2i/dxe
pullPolicy: Always
tag: latest
DX_LICENSE: null
DX_ACCEPT_EULA: null
DX_VHOST_NAME: "VHOST1"
DX_AG_NAME: "AG1"
DX_AG_OPTIONS: ""
DX_NEW_CLUSTER: "true"
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
# Default values for dxemssql.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# General
# CAUTION: Setting the replica quantity to a value less than 3 does not meet Microsoft's quorum requirements for HA.
# See https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups
# Only set this value below 3 if you intend to assign these replicas to an existing availability group
replicas: 3
secretKeys: null
enableLoadBalancers: true
# SQL Server settings
sqlImage:
repository: "mcr.microsoft.com/mssql/server"
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: "2022-latest"
MSSQL_PID: "Developer"
ACCEPT_EULA: null
MSSQL_AGENT_ENABLED: "false"
# DxEnterprise settings
dxeImage:
repository: docker.io/dh2i/dxe
pullPolicy: Always
tag: latest
DX_LICENSE: null
DX_ACCEPT_EULA: null
DX_VHOST_NAME: "VHOST1"
DX_AG_NAME: "AG1"
DX_AG_OPTIONS: ""
DX_NEW_CLUSTER: true
DX_USE_NAT: false
DX_JOIN_TARGET: ""
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}

46
charts/dh2i/dxenterprisesqlag/.helmignore
View File

@ -1,23 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/dh2i/dxenterprisesqlag/Chart.yaml
View File

@ -1,18 +1,18 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxOperator - DxE + SQL Server AG
catalog.cattle.io/kube-version: '>= 1.20.0-0'
catalog.cattle.io/kube-version: '>= 1.26.0-0'
catalog.cattle.io/release-name: dxenterprisesqlag
charts.openshift.io/name: DxOperator - DxE + SQL Server AG
apiVersion: v2
appVersion: "23.0"
description: SQL Server AGs using DH2i DxOperator
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
kubeVersion: '>= 1.20.0-0'
kubeVersion: '>= 1.26.0-0'
maintainers:
- email: support@dh2i.com
name: DH2i Company
url: https://dh2i.com
name: dxenterprisesqlag
type: application
version: 1.0.1
version: 1.0.2

28
charts/dh2i/dxenterprisesqlag/README.md
View File

@ -1,14 +1,14 @@
# DxOperator - DxE & SQL Server AG
This chart deploys a SQL Server Availability group in Kubernetes managed by DxOperator, DH2i's custom operator. DxOperator can create new availability groups in Kubernetes, or join existing availability groups that are managed using DxEnterprise.
## Prerequisites
- DxOperator installed and running in your Kubernetes cluster.
- A DxEnterprise license key with availability group management, tunnels, and (optionally) NAT features.
## Additional Information
Instructions for creating this chart using Helm can be found in the [DxOperator Helm Guide](https://support.dh2i.com).
Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy.
# DxOperator - DxE & SQL Server AG
This chart deploys a SQL Server Availability group in Kubernetes managed by DxOperator, DH2i's custom operator. DxOperator can create new availability groups in Kubernetes, or join existing availability groups that are managed using DxEnterprise.
## Prerequisites
- DxOperator installed and running in your Kubernetes cluster.
- A DxEnterprise license key with availability group management, tunnels, and (optionally) NAT features.
## Additional Information
Instructions for creating this chart using Helm can be found in the [DxOperator Helm Guide](https://support.dh2i.com/dxoperator/v1.0.67.0/guides/dxesqlag-helm).
Before creating an availability group, reference SQL Server's [quorum considerations](https://support.dh2i.com/docs/v23.0/kbs/sql_server/availability_groups/quorum-considerations-for-sql-server-availability-groups) when determining the quantity of replicas to deploy.

303
charts/dh2i/dxenterprisesqlag/questions.yaml
View File

@ -1,148 +1,155 @@
questions:
- variable: synchronousReplicas
label: "Synchronous Replicas"
type: int
description: "The quantity of synchronous replicas (pods) to create. Note that this value must be at least one if not joining an existing AG."
required: true
default: 3
group: "Availability Group"
- variable: asynchronousReplicas
label: "Asynchronous Replicas"
type: int
description: "The quantity of asynchronous replicas to create."
required: true
default: 0
group: "Availability Group"
- variable: configurationOnlyReplicas
label: "Configuration Only Replicas"
type: int
description: "The quantity of configuration only replicas to create."
required: true
default: 0
group: "Availability Group"
- variable: availabilityGroupName
label: "Availability Group Name"
type: string
description: "The name that will be given to the availability group, or the name of the availability group to join for in an existing cluster."
required: false
default: AG1
group: "Availability Group"
- variable: availabilityGroupListenerPort
label: "Availability Group Listener Port"
type: int
description: "The listener port for the SQL Server Availability Group."
required: false
group: "Availability Group"
- variable: availabilityGroupOptions
label: "Availability Group Options"
type: string
description: "Custom options passed to SQL Server when creating the availability group, for example \"CONTAINED\"."
required: false
group: "Availability Group"
- variable: availabilityGroupClusterType
label: "Availability Group Cluster Type"
type: enum
description: "The clustering type of the SQL Server Availability Group."
group: "Availability Group"
default: "EXTERNAL"
options:
- "EXTERNAL"
- "NONE"
- variable: createLoadBalancers
label: "Create Load Balancers"
type: boolean
description: "Whether to create load balancers for each of the pods in the cluster for external access."
group: "Availability Group"
required: false
# DxEnterprise section
- variable: dxEnterpriseContainer.acceptEula
label: "Accept EULA"
type: boolean
description: "Accept the terms of the DxEnterprise license agreement. For more information, visit http://support.dh2i.com/docs/other/eula."
default: false
required: true
group: "DxEnterprise"
- variable: dxEnterpriseContainer.repository
label: "Repository"
type: string
description: "The repository to pull the image from."
default: "docker.io/dh2i/dxe"
required: true
group: "DxEnterprise"
subquestions:
- variable: dxEnterpriseContainer.tag
label: "Tag"
type: string
description: "The tag to use for the image."
- variable: dxEnterpriseContainer.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the image."
default: IfNotPresent
- variable: dxEnterpriseContainer.clusterSecret
label: "Cluster Secret"
type: secret
description: "The name of the Kubernetes secret that contains the DX_PASSKEY, DX_LICENSE, and (optionally) DX_OTPK environment variables."
required: true
group: DxEnterprise
- variable: dxEnterpriseContainer.vhostName
label: "Vhost Name"
type: string
description: "The name of the Vhost that will host the AG."
required: false
default: VHOST1
group: DxEnterprise
- variable: dxEnterpriseContainer.joinExistingCluster
label: "Join Existing cluster"
type: boolean
description: "Whether or not the DxEnterprise cluster should join an existing DxEnterprise cluster using a provided OTPK."
required: false
default: false
group: DxEnterprise
# SQL Server section
- variable: sqlServerContainer.acceptEula
label: "Accept EULA"
type: boolean
description: "Accept the terms of the SQL Server license agreement."
default: false
required: true
group: "SQL Server"
- variable: sqlServerContainer.repository
label: "Repository"
type: string
description: "The repository to pull the image from."
default: "mcr.microsoft.com/mssql/server"
required: true
group: "SQL Server"
subquestions:
- variable: sqlServerContainer.tag
label: "Tag"
type: string
description: "The tag to use for the image."
default: latest
- variable: sqlServerContainer.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the image."
default: IfNotPresent
- variable: sqlServerContainer.mssqlSecret
label: "SQL Secret"
type: secret
description: "The name of the Kubernetes secret that contains the MSSQL_SA_PASSWORD environment variable."
required: true
group: "SQL Server"
- variable: sqlServerContainer.mssqlPID
label: "SQL Server PID"
type: string
description: "The PID to use for SQL Server."
default: Developer
required: true
group: "SQL Server"
- variable: mssqlConfigMap
label: "mssql.conf"
type: multiline
description: "The contents of the mssql.conf file."
required: false
group: "SQL Server"
questions:
- variable: synchronousReplicas
label: "Synchronous Replicas"
type: int
description: "The quantity of synchronous replicas (pods) to create. Note that this value must be at least one if not joining an existing AG."
required: true
default: 3
group: "Availability Group"
- variable: asynchronousReplicas
label: "Asynchronous Replicas"
type: int
description: "The quantity of asynchronous replicas to create."
required: true
default: 0
group: "Availability Group"
- variable: configurationOnlyReplicas
label: "Configuration Only Replicas"
type: int
description: "The quantity of configuration only replicas to create."
required: true
default: 0
group: "Availability Group"
- variable: availabilityGroupName
label: "Availability Group Name"
type: string
description: "The name that will be given to the availability group, or the name of the availability group to join for in an existing cluster."
required: false
default: AG1
group: "Availability Group"
- variable: availabilityGroupListenerPort
label: "Availability Group Listener Port"
type: int
description: "The listener port for the SQL Server Availability Group."
required: false
group: "Availability Group"
- variable: availabilityGroupOptions
label: "Availability Group Options"
type: string
description: "Custom options passed to SQL Server when creating the availability group, for example \"CONTAINED\"."
required: false
group: "Availability Group"
- variable: availabilityGroupClusterType
label: "Availability Group Cluster Type"
type: enum
description: "The clustering type of the SQL Server Availability Group."
group: "Availability Group"
default: "EXTERNAL"
options:
- "EXTERNAL"
- "NONE"
- variable: createLoadBalancers
label: "Create Load Balancers"
type: boolean
description: "Whether to create load balancers for each of the pods in the cluster for external access."
group: "Availability Group"
required: false
# DxEnterprise section
- variable: dxEnterpriseContainer.acceptEula
label: "Accept EULA"
type: boolean
description: "Accept the terms of the DxEnterprise license agreement. For more information, visit http://support.dh2i.com/docs/other/eula."
default: false
required: true
group: "DxEnterprise"
- variable: dxEnterpriseContainer.repository
label: "Repository"
type: string
description: "The repository to pull the image from."
default: "docker.io/dh2i/dxe"
required: true
group: "DxEnterprise"
subquestions:
- variable: dxEnterpriseContainer.tag
label: "Tag"
type: string
description: "The tag to use for the image."
- variable: dxEnterpriseContainer.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the image."
default: IfNotPresent
- variable: dxEnterpriseContainer.clusterSecret
label: "Cluster Secret"
type: secret
description: "The name of the Kubernetes secret that contains the DX_PASSKEY, DX_LICENSE, and (optionally) DX_OTPK environment variables."
required: true
group: DxEnterprise
- variable: dxEnterpriseContainer.vhostName
label: "Vhost Name"
type: string
description: "The name of the Vhost that will host the AG."
required: false
default: VHOST1
group: DxEnterprise
- variable: dxEnterpriseContainer.joinTarget.useNat
label: "Join using NAT matchmaker"
type: boolean
default: false
description: "Enables the NAT matchmaker to find peers when forming a cluster. Requires DX_OTPK to be set in the dxe secret."
required: false
group: DxEnterprise
- variable: dxEnterpriseContainer.joinTarget.target
label: "Join target"
type: string
default: ""
description: "The name or IP address of a peer DxEnterprise cluster node to join to when forming a cluster."
required: false
group: "DxEnterprise"
# SQL Server section
- variable: sqlServerContainer.acceptEula
label: "Accept EULA"
type: boolean
description: "Accept the terms of the SQL Server license agreement."
default: false
required: true
group: "SQL Server"
- variable: sqlServerContainer.repository
label: "Repository"
type: string
description: "The repository to pull the image from."
default: "mcr.microsoft.com/mssql/server"
required: true
group: "SQL Server"
subquestions:
- variable: sqlServerContainer.tag
label: "Tag"
type: string
description: "The tag to use for the image."
default: latest
- variable: sqlServerContainer.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the image."
default: IfNotPresent
- variable: sqlServerContainer.mssqlSecret
label: "SQL Secret"
type: secret
description: "The name of the Kubernetes secret that contains the MSSQL_SA_PASSWORD environment variable."
required: true
group: "SQL Server"
- variable: sqlServerContainer.mssqlPID
label: "SQL Server PID"
type: string
description: "The PID to use for SQL Server."
default: Developer
required: true
group: "SQL Server"
- variable: mssqlConfigMap
label: "mssql.conf"
type: multiline
description: "The contents of the mssql.conf file."
required: false
group: "SQL Server"

124
charts/dh2i/dxenterprisesqlag/templates/_helpers.tpl
View File

@ -1,62 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dxenterprisesqlag.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dxenterprisesqlag.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dxenterprisesqlag.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dxenterprisesqlag.labels" -}}
helm.sh/chart: {{ include "dxenterprisesqlag.chart" . }}
{{ include "dxenterprisesqlag.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dxenterprisesqlag.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dxenterprisesqlag.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dxenterprisesqlag.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dxenterprisesqlag.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Expand the name of the chart.
*/}}
{{- define "dxenterprisesqlag.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dxenterprisesqlag.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dxenterprisesqlag.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dxenterprisesqlag.labels" -}}
helm.sh/chart: {{ include "dxenterprisesqlag.chart" . }}
{{ include "dxenterprisesqlag.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dxenterprisesqlag.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dxenterprisesqlag.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dxenterprisesqlag.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dxenterprisesqlag.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

18
charts/dh2i/dxenterprisesqlag/templates/configmap.yaml
View File

@ -1,9 +1,9 @@
{{ if .Values.mssqlConfigMap }}
kind: ConfigMap
apiVersion: v1
immutable: true
metadata:
name: "mssqlconf-{{ .Release.Name }}"
data:
mssql.conf: {{- .Values.mssqlConfigMap | toYaml | indent 2 -}}
{{ end }}
{{ if .Values.mssqlConfigMap }}
kind: ConfigMap
apiVersion: v1
immutable: true
metadata:
name: "mssqlconf-{{ .Release.Name }}"
data:
mssql.conf: {{- .Values.mssqlConfigMap | toYaml | indent 2 -}}
{{ end }}

122
charts/dh2i/dxenterprisesqlag/templates/dxenterprisesqlag.yaml
View File

@ -1,60 +1,62 @@
apiVersion: dh2i.com/v1
kind: DxEnterpriseSqlAg
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dxenterprisesqlag.labels" . | nindent 4 }}
spec:
synchronousReplicas: {{ .Values.synchronousReplicas }}
asynchronousReplicas: {{ .Values.asynchronousReplicas }}
configurationOnlyReplicas: {{ .Values.configurationOnlyReplicas }}
availabilityGroupName: {{ .Values.availabilityGroupName }}
availabilityGroupOptions: {{ .Values.availabilityGroupOptions }}
availabilityGroupClusterType: {{ .Values.availabilityGroupClusterType }}
{{ if .Values.availabilityGroupListenerPort }}
availabilityGroupListenerPort: {{ .Values.availabilityGroupListenerPort }}
{{ end }}
createLoadBalancers: {{ .Values.createLoadBalancers }}
template:
metadata:
annotations:
{{- toYaml .Values.podAnnotations | nindent 8 }}
spec:
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
dnsConfig:
{{- toYaml .Values.dnsConfig | nindent 8 }}
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
initContainers:
{{- toYaml .Values.initContainers | nindent 8 }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
dxEnterpriseContainer:
image: "{{ .Values.dxEnterpriseContainer.repository }}:{{ .Values.dxEnterpriseContainer.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.dxEnterpriseContainer.pullPolicy }}
acceptEula: {{ .Values.dxEnterpriseContainer.acceptEula }}
clusterSecret: {{ .Values.dxEnterpriseContainer.clusterSecret }}
vhostName: {{ .Values.dxEnterpriseContainer.vhostName }}
joinExistingCluster: {{ .Values.dxEnterpriseContainer.joinExistingCluster }}
volumeClaimConfiguration:
{{- toYaml .Values.dxEnterpriseContainer.volumeClaimConfiguration | nindent 10 }}
resources:
{{- toYaml .Values.dxEnterpriseContainer.resources | nindent 10 }}
mssqlServerContainer:
image: "{{ .Values.sqlServerContainer.repository }}:{{ .Values.sqlServerContainer.tag }}"
imagePullPolicy: {{ .Values.sqlServerContainer.pullPolicy }}
mssqlSecret: {{ .Values.sqlServerContainer.mssqlSecret }}
acceptEula: {{ .Values.sqlServerContainer.acceptEula }}
mssqlPID: {{ .Values.sqlServerContainer.mssqlPID }}
volumeClaimConfiguration:
{{- toYaml .Values.sqlServerContainer.volumeClaimConfiguration | nindent 10 }}
resources:
{{- toYaml .Values.sqlServerContainer.resources | nindent 10 }}
{{ if .Values.mssqlConfigMap }}
mssqlConfigMap: "mssqlconf-{{ .Release.Name }}"
{{ end }}
apiVersion: dh2i.com/v1
kind: DxEnterpriseSqlAg
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dxenterprisesqlag.labels" . | nindent 4 }}
spec:
synchronousReplicas: {{ .Values.synchronousReplicas }}
asynchronousReplicas: {{ .Values.asynchronousReplicas }}
configurationOnlyReplicas: {{ .Values.configurationOnlyReplicas }}
availabilityGroupName: {{ .Values.availabilityGroupName }}
availabilityGroupOptions: {{ .Values.availabilityGroupOptions }}
availabilityGroupClusterType: {{ .Values.availabilityGroupClusterType }}
{{ if .Values.availabilityGroupListenerPort }}
availabilityGroupListenerPort: {{ .Values.availabilityGroupListenerPort }}
{{ end }}
createLoadBalancers: {{ .Values.createLoadBalancers }}
template:
metadata:
annotations:
{{- toYaml .Values.podAnnotations | nindent 8 }}
spec:
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
dnsConfig:
{{- toYaml .Values.dnsConfig | nindent 8 }}
imagePullSecrets:
{{- toYaml .Values.imagePullSecrets | nindent 8 }}
initContainers:
{{- toYaml .Values.initContainers | nindent 8 }}
nodeSelector:
{{- toYaml .Values.nodeSelector | nindent 8 }}
tolerations:
{{- toYaml .Values.tolerations | nindent 8 }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
dxEnterpriseContainer:
image: "{{ .Values.dxEnterpriseContainer.repository }}:{{ .Values.dxEnterpriseContainer.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.dxEnterpriseContainer.pullPolicy }}
acceptEula: {{ .Values.dxEnterpriseContainer.acceptEula }}
clusterSecret: {{ .Values.dxEnterpriseContainer.clusterSecret }}
vhostName: {{ .Values.dxEnterpriseContainer.vhostName }}
joinTarget:
target: {{ .Values.dxEnterpriseContainer.joinTarget.target }}
useNat: {{ .Values.dxEnterpriseContainer.joinTarget.useNat }}
volumeClaimConfiguration:
{{- toYaml .Values.dxEnterpriseContainer.volumeClaimConfiguration | nindent 10 }}
resources:
{{- toYaml .Values.dxEnterpriseContainer.resources | nindent 10 }}
mssqlServerContainer:
image: "{{ .Values.sqlServerContainer.repository }}:{{ .Values.sqlServerContainer.tag }}"
imagePullPolicy: {{ .Values.sqlServerContainer.pullPolicy }}
mssqlSecret: {{ .Values.sqlServerContainer.mssqlSecret }}
acceptEula: {{ .Values.sqlServerContainer.acceptEula }}
mssqlPID: {{ .Values.sqlServerContainer.mssqlPID }}
volumeClaimConfiguration:
{{- toYaml .Values.sqlServerContainer.volumeClaimConfiguration | nindent 10 }}
resources:
{{- toYaml .Values.sqlServerContainer.resources | nindent 10 }}
{{ if .Values.mssqlConfigMap }}
mssqlConfigMap: "mssqlconf-{{ .Release.Name }}"
{{ end }}

56
charts/dh2i/dxenterprisesqlag/templates/tests/test-setup.yaml
View File

@ -1,29 +1,29 @@
#Test for dxemssql
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-test"
labels:
{{- include "dxenterprisesqlag.labels" . | nindent 4 }}
annotations:
helm.sh/hook: test
spec:
restartPolicy: Never
containers:
- name: dxe
image: "{{ .Values.dxEnterpriseContainer.repository }}:{{ .Values.dxEnterpriseContainer.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.dxEnterpriseContainer.pullPolicy }}
env:
- name: DX_TARGET_HOSTNAME
value: "{{ .Release.Name }}-0"
- name: DX_PASSKEY
valueFrom:
secretKeyRef:
name: {{ .Values.dxEnterpriseContainer.clusterSecret }}
key: DX_PASSKEY
- name: DX_VHOST_NAME
value: {{ .Values.dxEnterpriseContainer.vhostName | upper | quote }}
- name: DX_AG_NAME
value: {{ .Values.availabilityGroupName | upper | quote }}
command: ["/bin/bash"]
#Test for dxemssql
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-test"
labels:
{{- include "dxenterprisesqlag.labels" . | nindent 4 }}
annotations:
helm.sh/hook: test
spec:
restartPolicy: Never
containers:
- name: dxe
image: "{{ .Values.dxEnterpriseContainer.repository }}:{{ .Values.dxEnterpriseContainer.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.dxEnterpriseContainer.pullPolicy }}
env:
- name: DX_TARGET_HOSTNAME
value: "{{ .Release.Name }}-0"
- name: DX_PASSKEY
valueFrom:
secretKeyRef:
name: {{ .Values.dxEnterpriseContainer.clusterSecret }}
key: DX_PASSKEY
- name: DX_VHOST_NAME
value: {{ .Values.dxEnterpriseContainer.vhostName | upper | quote }}
- name: DX_AG_NAME
value: {{ .Values.availabilityGroupName | upper | quote }}
command: ["/bin/bash"]
args: ["-c", "/opt/dh2i/sbin/helm-test.sh"]

130
charts/dh2i/dxenterprisesqlag/values.yaml
View File

@ -1,64 +1,66 @@
# Default values for DxEnterpriseSqlAg.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Replica quantities and settings for the availability group
synchronousReplicas: 3
asynchronousReplicas: 0
configurationOnlyReplicas: 0
availabilityGroupName: AG1
availabilityGroupOptions: ""
availabilityGroupClusterType: EXTERNAL
availabilityGroupListenerPort: 0
createLoadBalancers: false
# Other pod configuration options
podSecurityContext:
fsGroup: 10001
initContainers: []
dnsConfig: {}
imagePullSecrets: []
podAnnotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
# Configuration options for the DxEnterprise container
dxEnterpriseContainer:
repository: "docker.io/dh2i/dxe"
tag: ""
pullPolicy: Always
acceptEula: false
clusterSecret: ""
vhostName: VHOST1
joinExistingCluster: false
volumeClaimConfiguration: null
#operator will assume the values below if volumeClaimConfiguration: null
#storageClassName: <Kubernetes default>
#resources:
# requests:
# storage: 1Gi
resources: {}
# Configuration options for the SQL Server container
sqlServerContainer:
repository: "mcr.microsoft.com/mssql/server"
tag: 2022-latest
pullPolicy: Always
mssqlSecret: ""
acceptEula: false
mssqlPID: Developer
volumeClaimConfiguration: null
#operator will assume the values below if volumeClaimConfiguration: null
#storageClassName: <Kubernetes default>
#resources:
# requests:
# storage: 4Gi
resources: {}
mssqlConfigMap: |
[network]
tcpport = 1433
nameOverride: ""
fullnameOverride: ""
# Default values for DxEnterpriseSqlAg.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Replica quantities and settings for the availability group
synchronousReplicas: 3
asynchronousReplicas: 0
configurationOnlyReplicas: 0
availabilityGroupName: AG1
availabilityGroupOptions: ""
availabilityGroupClusterType: EXTERNAL
availabilityGroupListenerPort: 0
createLoadBalancers: false
# Other pod configuration options
podSecurityContext:
fsGroup: 10001
initContainers: []
dnsConfig: {}
imagePullSecrets: []
podAnnotations: {}
nodeSelector: {}
tolerations: []
affinity: {}
# Configuration options for the DxEnterprise container
dxEnterpriseContainer:
repository: "docker.io/dh2i/dxe"
tag: ""
pullPolicy: Always
acceptEula: false
clusterSecret: ""
vhostName: VHOST1
joinTarget:
target: ""
useNat: false
volumeClaimConfiguration: null
#operator will assume the values below if volumeClaimConfiguration: null
#storageClassName: <Kubernetes default>
#resources:
# requests:
# storage: 1Gi
resources: {}
# Configuration options for the SQL Server container
sqlServerContainer:
repository: "mcr.microsoft.com/mssql/server"
tag: 2022-latest
pullPolicy: Always
mssqlSecret: ""
acceptEula: false
mssqlPID: Developer
volumeClaimConfiguration: null
#operator will assume the values below if volumeClaimConfiguration: null
#storageClassName: <Kubernetes default>
#resources:
# requests:
# storage: 4Gi
resources: {}
mssqlConfigMap: |
[network]
tcpport = 1433
nameOverride: ""
fullnameOverride: ""

46
charts/dh2i/dxoperator/.helmignore
View File

@ -1,23 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

6
charts/dh2i/dxoperator/Chart.yaml
View File

@ -1,16 +1,18 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxOperator
catalog.cattle.io/kube-version: '>= 1.26.0-0'
catalog.cattle.io/release-name: dxoperator
charts.openshift.io/name: DxOperator
apiVersion: v2
appVersion: 1.0.57.0
appVersion: 1.0.67.0
description: DH2i operator for Kubernetes
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
kubeVersion: '>= 1.26.0-0'
maintainers:
- email: support@dh2i.com
name: DH2i Company
url: https://dh2i.com
name: dxoperator
type: application
version: 1.0.1
version: 1.0.2

22
charts/dh2i/dxoperator/README.md
View File

@ -1,11 +1,11 @@
# DxOperator
This chart deploys DH2i's Kubernetes operator.
## Prerequisites
- None
## Additional Information
Instructions for creating this chart using Helm can be found in the [DxOperator Helm Guide](https://support.dh2i.com).
# DxOperator
This chart deploys DH2i's Kubernetes operator.
## Prerequisites
- None
## Additional Information
Instructions for creating this chart using Helm can be found in the [DxOperator Helm Guide](https://support.dh2i.com/dxoperator/v1.0.67.0/guides/dxesqlag-helm).

4750
charts/dh2i/dxoperator/crds/crd.yaml
View File

File diff suppressed because it is too large Load Diff

32
charts/dh2i/dxoperator/questions.yaml
View File

@ -1,17 +1,17 @@
questions:
- variable: image.repository
label: "Repository"
type: string
description: "The repository to pull the image from."
default: "docker.io/dh2i/dxoperator"
required: true
subquestions:
- variable: image.tag
label: "Tag"
type: string
description: "The tag to use for the image."
- variable: image.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the image."
questions:
- variable: image.repository
label: "Repository"
type: string
description: "The repository to pull the image from."
default: "docker.io/dh2i/dxoperator"
required: true
subquestions:
- variable: image.tag
label: "Tag"
type: string
description: "The tag to use for the image."
- variable: image.pullPolicy
label: "Pull Policy"
type: string
description: "The pull policy for the image."
default: IfNotPresent

124
charts/dh2i/dxoperator/templates/_helpers.tpl
View File

@ -1,62 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dxoperator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dxoperator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dxoperator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dxoperator.labels" -}}
helm.sh/chart: {{ include "dxoperator.chart" . }}
{{ include "dxoperator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dxoperator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dxoperator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dxoperator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dxoperator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Expand the name of the chart.
*/}}
{{- define "dxoperator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dxoperator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dxoperator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "dxoperator.labels" -}}
helm.sh/chart: {{ include "dxoperator.chart" . }}
{{ include "dxoperator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "dxoperator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "dxoperator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dxoperator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dxoperator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

214
charts/dh2i/dxoperator/templates/clusterrole.yaml
View File

@ -1,107 +1,107 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
operator: dxoperator
operator-element: rbac
name: dxoperator-operator-role
rules:
- apiGroups:
- ""
- dh2i.com
- coordination.k8s.io
resources:
- pods
- persistentvolumeclaims
- dxenterprisesqlags
- leases
verbs:
- '*'
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- get
- patch
- update
- delete
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- get
- patch
- update
- apiGroups:
- dh2i.com
resources:
- dxenterprisesqlags/status
verbs:
- get
- patch
- update
- apiGroups:
- dh2i.com
resources:
- dxenterprisesqlags/status
verbs:
- get
- patch
- update
- apiGroups:
- apps
resources:
- deployments/status
verbs:
- get
- patch
- update
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
operator: dxoperator
operator-element: rbac
name: dxoperator-operator-role
rules:
- apiGroups:
- ""
- dh2i.com
- coordination.k8s.io
resources:
- pods
- persistentvolumeclaims
- dxenterprisesqlags
- leases
verbs:
- '*'
- apiGroups:
- ""
resources:
- services
verbs:
- '*'
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs:
- '*'
- apiGroups:
- ""
resources:
- events
verbs:
- create
- get
- list
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- get
- patch
- update
- delete
- apiGroups:
- apps
resources:
- deployments
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- services/status
verbs:
- get
- patch
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims/status
verbs:
- get
- patch
- update
- apiGroups:
- dh2i.com
resources:
- dxenterprisesqlags/status
verbs:
- get
- patch
- update
- apiGroups:
- dh2i.com
resources:
- dxenterprisesqlags/status
verbs:
- get
- patch
- update
- apiGroups:
- apps
resources:
- deployments/status
verbs:
- get
- patch
- update

30
charts/dh2i/dxoperator/templates/clusterrolebinding.yaml
View File

@ -1,15 +1,15 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
operator: dxoperator
operator-element: rbac
name: dxoperator-operator-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dxoperator-operator-role
subjects:
- kind: ServiceAccount
name: default
namespace: dxoperator-system
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
operator: dxoperator
operator-element: rbac
name: dxoperator-operator-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dxoperator-operator-role
subjects:
- kind: ServiceAccount
name: default
namespace: dxoperator-system

212
charts/dh2i/dxoperator/templates/deployment.yaml
View File

@ -1,106 +1,106 @@
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
operator: dxoperator
operator-deployment: dxoperator
operator-element: operator-instance
{{- include "dxoperator.labels" . | nindent 4 }}
name: dxoperator-operator
namespace: dxoperator-system
spec:
replicas: 1
revisionHistoryLimit: 0
selector:
matchLabels:
operator: dxoperator
operator-element: operator-instance
{{- include "dxoperator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
operator: dxoperator
operator-element: operator-instance
{{- include "dxoperator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets}}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- configMapRef:
name: dxoperator-webhook-config-ght4ttc5g7
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
timeoutSeconds: 1
name: operator
ports:
- containerPort: 5000
name: http
- containerPort: 5001
name: https
readinessProbe:
httpGet:
path: /ready
port: http
initialDelaySeconds: 15
timeoutSeconds: 1
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: /certs
name: certificates
readOnly: true
initContainers:
- args:
- webhooks
- install
- -r
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
name: webhook-installer
volumeMounts:
- mountPath: /certs
name: certificates
- mountPath: /ca
name: ca-certificates
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: certificates
- configMap:
name: dxoperator-webhook-ca-mg9t64c78d
name: ca-certificates
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
operator: dxoperator
operator-deployment: dxoperator
operator-element: operator-instance
{{- include "dxoperator.labels" . | nindent 4 }}
name: dxoperator-operator
namespace: dxoperator-system
spec:
replicas: 1
revisionHistoryLimit: 0
selector:
matchLabels:
operator: dxoperator
operator-element: operator-instance
{{- include "dxoperator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
operator: dxoperator
operator-element: operator-instance
{{- include "dxoperator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets}}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
envFrom:
- configMapRef:
name: dxoperator-webhook-config-ght4ttc5g7
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
livenessProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 30
timeoutSeconds: 1
name: operator
ports:
- containerPort: 5000
name: http
- containerPort: 5001
name: https
readinessProbe:
httpGet:
path: /ready
port: http
initialDelaySeconds: 15
timeoutSeconds: 1
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: /certs
name: certificates
readOnly: true
initContainers:
- args:
- webhooks
- install
- -r
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
name: webhook-installer
volumeMounts:
- mountPath: /certs
name: certificates
- mountPath: /ca
name: ca-certificates
readOnly: true
terminationGracePeriodSeconds: 10
volumes:
- emptyDir: {}
name: certificates
- configMap:
name: dxoperator-webhook-ca-mg9t64c78d
name: ca-certificates

26
charts/dh2i/dxoperator/templates/endpoints-configmap.yaml
View File

@ -1,13 +1,13 @@
apiVersion: v1
data:
KESTREL__ENDPOINTS__HTTP__URL: http://0.0.0.0:5000
KESTREL__ENDPOINTS__HTTPS__CERTIFICATE__KEYPATH: /certs/ca-key.pem
KESTREL__ENDPOINTS__HTTPS__CERTIFICATE__PATH: /certs/ca.pem
KESTREL__ENDPOINTS__HTTPS__URL: https://0.0.0.0:5001
kind: ConfigMap
metadata:
labels:
operator: dxoperator
operator-element: operator-instance
name: dxoperator-webhook-config-ght4ttc5g7
namespace: dxoperator-system
apiVersion: v1
data:
KESTREL__ENDPOINTS__HTTP__URL: http://0.0.0.0:5000
KESTREL__ENDPOINTS__HTTPS__CERTIFICATE__KEYPATH: /certs/ca-key.pem
KESTREL__ENDPOINTS__HTTPS__CERTIFICATE__PATH: /certs/ca.pem
KESTREL__ENDPOINTS__HTTPS__URL: https://0.0.0.0:5001
kind: ConfigMap
metadata:
labels:
operator: dxoperator
operator-element: operator-instance
name: dxoperator-webhook-config-ght4ttc5g7
namespace: dxoperator-system

12
charts/dh2i/dxoperator/templates/namespace.yaml
View File

@ -1,6 +1,6 @@
apiVersion: v1
kind: Namespace
metadata:
labels:
operator: dxoperator
name: dxoperator-system
apiVersion: v1
kind: Namespace
metadata:
labels:
operator: dxoperator
name: dxoperator-system

34
charts/dh2i/dxoperator/templates/tests/test-setup.yaml
View File

@ -1,17 +1,17 @@
#Test for dxemssql
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-test"
labels:
{{- include "dxoperator.labels" . | nindent 4 }}
annotations:
helm.sh/hook: test
namespace: dxoperator-system
spec:
restartPolicy: Never
containers:
- name: wget
image: busybox
command: ['/bin/sh']
args: ['-c', 'wget --no-check-certificate https://$DXOPERATOR_SERVICE_HOST:$DXOPERATOR_SERVICE_PORT/health && cat health | grep -q "Healthy"']
#Test for dxemssql
apiVersion: v1
kind: Pod
metadata:
name: "{{ .Release.Name }}-test"
labels:
{{- include "dxoperator.labels" . | nindent 4 }}
annotations:
helm.sh/hook: test
namespace: dxoperator-system
spec:
restartPolicy: Never
containers:
- name: wget
image: busybox
command: ['/bin/sh']
args: ['-c', 'wget --no-check-certificate https://$DXOPERATOR_SERVICE_HOST:$DXOPERATOR_SERVICE_PORT/health && cat health | grep -q "Healthy"']

118
charts/dh2i/dxoperator/templates/webhooks-configmap.yaml
View File

@ -1,59 +1,59 @@
apiVersion: v1
data:
ca-key.pem: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwAW6I+4kRlzBZAYwF93aQKFIG4w595CpGKlqtHd4oKUQ7s4a
IWd6qgAQbwcKopybIF9njm95hSvZ/BfjtSnRfzsHd3s31wtkf5pLZ6EIRZWmKLHL
wnJmMOY6fsQb60yMKSNBHZHhXQ5iRK+O6oa8EbmK3TvRyyWuaw1RUr0L5PfTQDGd
l9e8TCj5le2I6Ym3if1KNemgnWnq32fVsGQONqfMeo9T6YyYGkP1qtrTO6EpFf/p
0SeUtoBGrATuuwe6Cs5uabxE2QaQe8RXzjjizGDV50YcSUJ+Iz3oEA2Ft7tVKbuJ
kDeDkiFF9LlZDXQt200+2fz9ogxjaD8ts/BhOQIDAQABAoIBAD0I1Pycsj0HOJUx
flHnu3q1iPTwonA1M/pZx0frfZUaQoKVUirx+ERW1uJji5baTliA2qqkdizFHnmJ
omAwFZ3qRlpM+RfKUDxa78LVpYpwoarnsItyz1aVp1wpu3IUF6zvvr/GYaqxarzI
TJXxE5BSuHfPjsSSipkOV54D5ub07eY0KauOGB06kgMENH6h134f3/dUwIdsUU+I
exzZ4sCNOQ9pr8CdhE3Ln5IDY61uInNO3GIzsosHBJy9YFH/G4JIdG11Phlm7lgE
3Pp/tMigy61lSsIFn1sEikRZdQSOO9RXTDzfhdloig2A5TplNPx3rq5gMKiowHGx
gRTdhAECgYEA2/m9GxId1Nh9Vf1WS91012lV0KlkK+ffLcYd3nHQclsxa2zGOYTw
BNF0afp5MMetWWrp/B9wR1PjgTIQRO3prxSms4ruhkjupUrxyJyq+bujH1U0oxls
MscfoZc6rzGm5ClHt3rwlO2mCVLMmmngcHlQNQIDLtwnGoqEbAdwLIECgYEA33gU
L/D0MloDnaDlTnzhsE9ckednm1H5rZqNGD/nY+9rsS9gIzNm0pVJ1S8V2Yxl9NaW
EtgejGiUAE8BJgerxR3Ag9oTiovabQEGzTBkBlWnG/fGh+fagUcazmGsfZkAnSmo
OkuAMRqzTr8c2T3tI+rCzz9IKhKZ05uTkYgkOLkCgYEAjMrJSHxN758oiVL+WsxB
LmZS8Jyaaqeb5pY5I9jAy5CmjtUuAj6dyNeupO4Vhy0mPGb7n80Xde+xW02JsDR+
LvsOvzea9wPTCqRvIDF2FSUNgM5uRD3PTKi6DBjZDKzA3qO1LTBYr1lzvd/q6KH/
br2WonbJRsLNnGUv4FzaZQECgYB/Wmp+y94PF/d5jKlB6q+gEApcaDlGbhhRlIOW
b0zKSjbgenRaez+9ATFbmgLkwTuVpflO8fWu5SZ7aoroBnUg2AzP16dNTNiFSJF8
vHg0l/mtWa694ydGh6RCO63Wwix0ZLonxsFeuq23Ufj54W3VC0RMYe8ZcxJRYxdd
V+30mQKBgHyevOm2gUulwWgNXLUASwUBdUgK5xcr2BxNw37mJ/gXuJChQjKuNM1T
rrPXmgLEqwZJkrMLJGWTndWT7PMvSjiyMwF7kxZL6AojmbJnzzAeH3Pq42LYFvPp
cVbCjZeaaNhj6no+9Sbh4lqOdjjpqsteYo3kDKI51rAOOsacVyFY
-----END RSA PRIVATE KEY-----
ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIUHrUIfKIHu0byZ/SvyJ4/l0/i16swDQYJKoZIhvcNAQEL
BQAwXDEMMAoGA1UEBhMDREVWMRMwEQYDVQQHEwpLdWJlcm5ldGVzMRwwGgYDVQQK
ExNLdWJlcm5ldGVzIE9wZXJhdG9yMRkwFwYDVQQDExBPcGVyYXRvciBSb290IENB
MB4XDTIzMTIxMjAxNTYwMFoXDTI4MTIxMDAxNTYwMFowXDEMMAoGA1UEBhMDREVW
MRMwEQYDVQQHEwpLdWJlcm5ldGVzMRwwGgYDVQQKExNLdWJlcm5ldGVzIE9wZXJh
dG9yMRkwFwYDVQQDExBPcGVyYXRvciBSb290IENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwAW6I+4kRlzBZAYwF93aQKFIG4w595CpGKlqtHd4oKUQ
7s4aIWd6qgAQbwcKopybIF9njm95hSvZ/BfjtSnRfzsHd3s31wtkf5pLZ6EIRZWm
KLHLwnJmMOY6fsQb60yMKSNBHZHhXQ5iRK+O6oa8EbmK3TvRyyWuaw1RUr0L5PfT
QDGdl9e8TCj5le2I6Ym3if1KNemgnWnq32fVsGQONqfMeo9T6YyYGkP1qtrTO6Ep
Ff/p0SeUtoBGrATuuwe6Cs5uabxE2QaQe8RXzjjizGDV50YcSUJ+Iz3oEA2Ft7tV
KbuJkDeDkiFF9LlZDXQt200+2fz9ogxjaD8ts/BhOQIDAQABo0IwQDAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyZFpOtmvl6Nf/+KX
6/MBKpQ7Xb0wDQYJKoZIhvcNAQELBQADggEBAEOBguxQ1NI5I+1/z2AdpRqDb1Wj
9O5mJMh+3iu053u5pbqX7qnGSgxmuUTM/l+c8AQTG/pDEpFI1LZhg4C1EgSz2Km6
UmhTvKIIAH+VQkkUk9y4nAXVkQ8zg6ssOGeJLroVwD5nrfkeXHMrrqvD5CuQF2/n
ke1phoWwCfLTOqnOu2sh7GtgV4wZdLB/SFqirdZJVFJxnNHEpBkeXoJrdleIWym/
Cpx8UizoPSjhHv9tA4Al3W1qV7jNwaCLDgIKY4KojEx/OtgVsGJrg5m9/B7PR2bk
cyUw0VCWbwZ3BFr3FwSuy+Ubbt4JmOL3YT51m5X+n6TX/4GsVEibZ7EHx+k=
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
labels:
operator: dxoperator
operator-element: operator-instance
name: dxoperator-webhook-ca-mg9t64c78d
namespace: dxoperator-system
apiVersion: v1
data:
ca-key.pem: |
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwAW6I+4kRlzBZAYwF93aQKFIG4w595CpGKlqtHd4oKUQ7s4a
IWd6qgAQbwcKopybIF9njm95hSvZ/BfjtSnRfzsHd3s31wtkf5pLZ6EIRZWmKLHL
wnJmMOY6fsQb60yMKSNBHZHhXQ5iRK+O6oa8EbmK3TvRyyWuaw1RUr0L5PfTQDGd
l9e8TCj5le2I6Ym3if1KNemgnWnq32fVsGQONqfMeo9T6YyYGkP1qtrTO6EpFf/p
0SeUtoBGrATuuwe6Cs5uabxE2QaQe8RXzjjizGDV50YcSUJ+Iz3oEA2Ft7tVKbuJ
kDeDkiFF9LlZDXQt200+2fz9ogxjaD8ts/BhOQIDAQABAoIBAD0I1Pycsj0HOJUx
flHnu3q1iPTwonA1M/pZx0frfZUaQoKVUirx+ERW1uJji5baTliA2qqkdizFHnmJ
omAwFZ3qRlpM+RfKUDxa78LVpYpwoarnsItyz1aVp1wpu3IUF6zvvr/GYaqxarzI
TJXxE5BSuHfPjsSSipkOV54D5ub07eY0KauOGB06kgMENH6h134f3/dUwIdsUU+I
exzZ4sCNOQ9pr8CdhE3Ln5IDY61uInNO3GIzsosHBJy9YFH/G4JIdG11Phlm7lgE
3Pp/tMigy61lSsIFn1sEikRZdQSOO9RXTDzfhdloig2A5TplNPx3rq5gMKiowHGx
gRTdhAECgYEA2/m9GxId1Nh9Vf1WS91012lV0KlkK+ffLcYd3nHQclsxa2zGOYTw
BNF0afp5MMetWWrp/B9wR1PjgTIQRO3prxSms4ruhkjupUrxyJyq+bujH1U0oxls
MscfoZc6rzGm5ClHt3rwlO2mCVLMmmngcHlQNQIDLtwnGoqEbAdwLIECgYEA33gU
L/D0MloDnaDlTnzhsE9ckednm1H5rZqNGD/nY+9rsS9gIzNm0pVJ1S8V2Yxl9NaW
EtgejGiUAE8BJgerxR3Ag9oTiovabQEGzTBkBlWnG/fGh+fagUcazmGsfZkAnSmo
OkuAMRqzTr8c2T3tI+rCzz9IKhKZ05uTkYgkOLkCgYEAjMrJSHxN758oiVL+WsxB
LmZS8Jyaaqeb5pY5I9jAy5CmjtUuAj6dyNeupO4Vhy0mPGb7n80Xde+xW02JsDR+
LvsOvzea9wPTCqRvIDF2FSUNgM5uRD3PTKi6DBjZDKzA3qO1LTBYr1lzvd/q6KH/
br2WonbJRsLNnGUv4FzaZQECgYB/Wmp+y94PF/d5jKlB6q+gEApcaDlGbhhRlIOW
b0zKSjbgenRaez+9ATFbmgLkwTuVpflO8fWu5SZ7aoroBnUg2AzP16dNTNiFSJF8
vHg0l/mtWa694ydGh6RCO63Wwix0ZLonxsFeuq23Ufj54W3VC0RMYe8ZcxJRYxdd
V+30mQKBgHyevOm2gUulwWgNXLUASwUBdUgK5xcr2BxNw37mJ/gXuJChQjKuNM1T
rrPXmgLEqwZJkrMLJGWTndWT7PMvSjiyMwF7kxZL6AojmbJnzzAeH3Pq42LYFvPp
cVbCjZeaaNhj6no+9Sbh4lqOdjjpqsteYo3kDKI51rAOOsacVyFY
-----END RSA PRIVATE KEY-----
ca.pem: |
-----BEGIN CERTIFICATE-----
MIIDiDCCAnCgAwIBAgIUHrUIfKIHu0byZ/SvyJ4/l0/i16swDQYJKoZIhvcNAQEL
BQAwXDEMMAoGA1UEBhMDREVWMRMwEQYDVQQHEwpLdWJlcm5ldGVzMRwwGgYDVQQK
ExNLdWJlcm5ldGVzIE9wZXJhdG9yMRkwFwYDVQQDExBPcGVyYXRvciBSb290IENB
MB4XDTIzMTIxMjAxNTYwMFoXDTI4MTIxMDAxNTYwMFowXDEMMAoGA1UEBhMDREVW
MRMwEQYDVQQHEwpLdWJlcm5ldGVzMRwwGgYDVQQKExNLdWJlcm5ldGVzIE9wZXJh
dG9yMRkwFwYDVQQDExBPcGVyYXRvciBSb290IENBMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAwAW6I+4kRlzBZAYwF93aQKFIG4w595CpGKlqtHd4oKUQ
7s4aIWd6qgAQbwcKopybIF9njm95hSvZ/BfjtSnRfzsHd3s31wtkf5pLZ6EIRZWm
KLHLwnJmMOY6fsQb60yMKSNBHZHhXQ5iRK+O6oa8EbmK3TvRyyWuaw1RUr0L5PfT
QDGdl9e8TCj5le2I6Ym3if1KNemgnWnq32fVsGQONqfMeo9T6YyYGkP1qtrTO6Ep
Ff/p0SeUtoBGrATuuwe6Cs5uabxE2QaQe8RXzjjizGDV50YcSUJ+Iz3oEA2Ft7tV
KbuJkDeDkiFF9LlZDXQt200+2fz9ogxjaD8ts/BhOQIDAQABo0IwQDAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUyZFpOtmvl6Nf/+KX
6/MBKpQ7Xb0wDQYJKoZIhvcNAQELBQADggEBAEOBguxQ1NI5I+1/z2AdpRqDb1Wj
9O5mJMh+3iu053u5pbqX7qnGSgxmuUTM/l+c8AQTG/pDEpFI1LZhg4C1EgSz2Km6
UmhTvKIIAH+VQkkUk9y4nAXVkQ8zg6ssOGeJLroVwD5nrfkeXHMrrqvD5CuQF2/n
ke1phoWwCfLTOqnOu2sh7GtgV4wZdLB/SFqirdZJVFJxnNHEpBkeXoJrdleIWym/
Cpx8UizoPSjhHv9tA4Al3W1qV7jNwaCLDgIKY4KojEx/OtgVsGJrg5m9/B7PR2bk
cyUw0VCWbwZ3BFr3FwSuy+Ubbt4JmOL3YT51m5X+n6TX/4GsVEibZ7EHx+k=
-----END CERTIFICATE-----
kind: ConfigMap
metadata:
labels:
operator: dxoperator
operator-element: operator-instance
name: dxoperator-webhook-ca-mg9t64c78d
namespace: dxoperator-system

56
charts/dh2i/dxoperator/values.yaml
View File

@ -1,28 +1,28 @@
# Default values for DxOperator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: docker.io/dh2i/dxoperator
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
# Default values for DxOperator.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
image:
repository: docker.io/dh2i/dxoperator
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}

8
charts/f5/nginx-ingress/Chart.yaml
View File

@ -4,10 +4,10 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.23.0-0'
catalog.cattle.io/release-name: nginx-ingress
apiVersion: v2
appVersion: 3.5.1
appVersion: 3.5.2
description: NGINX Ingress Controller
home: https://github.com/nginxinc/kubernetes-ingress
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/charts/nginx-ingress/chart-icon.png
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.2/charts/nginx-ingress/chart-icon.png
keywords:
- ingress
- nginx
@ -17,6 +17,6 @@ maintainers:
name: nginxinc
name: nginx-ingress
sources:
- https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.1/charts/nginx-ingress
- https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.2/charts/nginx-ingress
type: application
version: 1.2.1
version: 1.2.2

20
charts/f5/nginx-ingress/README.md
View File

@ -51,10 +51,10 @@ kubectl apply -f crds/
Alternatively, CRDs can be upgraded without pulling the chart by running:
```console
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.1/deploy/crds.yaml
kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.2/deploy/crds.yaml
```
In the above command, `v3.5.1` represents the version of NGINX Ingress Controller release rather than the Helm chart version.
In the above command, `v3.5.2` represents the version of NGINX Ingress Controller release rather than the Helm chart version.
> **Note**
>
@ -87,14 +87,14 @@ To install the chart with the release name my-release (my-release is the name th
For NGINX:
```console
helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.2.1
helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.2.2
```
For NGINX Plus: (assuming you have pushed the Ingress Controller image `nginx-plus-ingress` to your private registry
`myregistry.example.com`)
```console
helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.2.1 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
helm install my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.2.2 --set controller.image.repository=myregistry.example.com/nginx-plus-ingress --set controller.nginxplus=true
```
This will install the latest `edge` version of the Ingress Controller from GitHub Container Registry. If you prefer to
@ -109,7 +109,7 @@ CRDs](#upgrading-the-crds).
To upgrade the release `my-release`:
```console
helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.2.1
helm upgrade my-release oci://ghcr.io/nginxinc/charts/nginx-ingress --version 1.2.2
```
### Uninstalling the Chart
@ -150,7 +150,7 @@ upgrading/deleting the CRDs.
1. Pull the chart sources:
```console
helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 1.2.1
helm pull oci://ghcr.io/nginxinc/charts/nginx-ingress --untar --version 1.2.2
```
2. Change your working directory to nginx-ingress:
@ -236,7 +236,7 @@ The steps you should follow depend on the Helm release name:
Selector: app=nginx-ingress-nginx-ingress
```
2. Checkout the latest available tag using `git checkout v3.5.1`
2. Checkout the latest available tag using `git checkout v3.5.2`
3. Navigate to `/kubernates-ingress/charts/nginx-ingress`
@ -288,7 +288,7 @@ reviewing its events:
Selector: app=<helm_release_name>-nginx-ingress
```
2. Checkout the latest available tag using `git checkout v3.5.1`
2. Checkout the latest available tag using `git checkout v3.5.2`
3. Navigate to `/kubernates-ingress/charts/nginx-ingress`
@ -355,7 +355,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
|`controller.logLevel` | The log level of the Ingress Controller. | 1 |
|`controller.image.digest` | The image digest of the Ingress Controller. | None |
|`controller.image.repository` | The image repository of the Ingress Controller. | nginx/nginx-ingress |
|`controller.image.tag` | The tag of the Ingress Controller image. | 3.5.1 |
|`controller.image.tag` | The tag of the Ingress Controller image. | 3.5.2 |
|`controller.image.pullPolicy` | The pull policy for the Ingress Controller image. | IfNotPresent |
|`controller.lifecycle` | The lifecycle of the Ingress Controller pods. | {} |
|`controller.customConfigMap` | The name of the custom ConfigMap used by the Ingress Controller. If set, then the default config is ignored. | "" |
@ -386,7 +386,7 @@ The following tables lists the configurable parameters of the NGINX Ingress Cont
|`controller.initContainerResources` | The resources of the init container which is used when `readOnlyRootFilesystem` is enabled by either setting `controller.securityContext.readOnlyRootFilesystem` or `controller.readOnlyRootFilesystem`to `true`. | requests: cpu=100m,memory=128Mi |
|`controller.replicaCount` | The number of replicas of the Ingress Controller deployment. | 1 |
|`controller.ingressClass.name` | A class of the Ingress Controller. An IngressClass resource with the name equal to the class must be deployed. Otherwise, the Ingress Controller will fail to start. The Ingress Controller only processes resources that belong to its class - i.e. have the "ingressClassName" field resource equal to the class. The Ingress Controller processes all the VirtualServer/VirtualServerRoute/TransportServer resources that do not have the "ingressClassName" field for all versions of Kubernetes. | nginx |
|`controller.ingressClass.create` | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.5.1, do not set the value to false. | true |
|`controller.ingressClass.create` | Creates a new IngressClass object with the name `controller.ingressClass.name`. Set to `false` to use an existing ingressClass created using `kubectl` with the same name. If you use `helm upgrade`, do not change the values from the previous release as helm will delete IngressClass objects managed by helm. If you are upgrading from a release earlier than 3.5.2, do not set the value to false. | true |
|`controller.ingressClass.setAsDefaultIngress` | New Ingresses without an `"ingressClassName"` field specified will be assigned the class specified in `controller.ingressClass.name`. Requires `controller.ingressClass.create`. | false |
|`controller.watchNamespace` | Comma separated list of namespaces the Ingress Controller should watch for resources. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespaceLabel`. Please note that if configuring multiple namespaces using the Helm cli `--set` option, the string needs to wrapped in double quotes and the commas escaped using a backslash - e.g. `--set controller.watchNamespace="default\,nginx-ingress"`. | "" |
|`controller.watchNamespaceLabel` | Configures the Ingress Controller to watch only those namespaces with label foo=bar. By default the Ingress Controller watches all namespaces. Mutually exclusive with `controller.watchNamespace`. | "" |

2
charts/f5/nginx-ingress/values-icp.yaml
View File

@ -4,7 +4,7 @@ controller:
nginxplus: true
image:
repository: mycluster.icp:8500/kube-system/nginx-plus-ingress
tag: "3.5.1"
tag: "3.5.2"
nodeSelector:
beta.kubernetes.io/arch: "amd64"
proxy: true

2
charts/f5/nginx-ingress/values-plus.yaml
View File

@ -3,4 +3,4 @@ controller:
nginxplus: true
image:
repository: nginx-plus-ingress
tag: "3.5.1"
tag: "3.5.2"

10
charts/f5/nginx-ingress/values.schema.json
View File

@ -336,10 +336,10 @@
},
"tag": {
"type": "string",
"default": "3.5.1",
"default": "3.5.2",
"title": "The tag of the Ingress Controller image",
"examples": [
"3.5.1"
"3.5.2"
]
},
"digest": {
@ -376,7 +376,7 @@
"examples": [
{
"repository": "nginx/nginx-ingress",
"tag": "3.5.1",
"tag": "3.5.2",
"pullPolicy": "IfNotPresent"
}
]
@ -1466,7 +1466,7 @@
"customPorts": [],
"image": {
"repository": "nginx/nginx-ingress",
"tag": "3.5.1",
"tag": "3.5.2",
"digest": "",
"pullPolicy": "IfNotPresent"
},
@ -2007,7 +2007,7 @@
"customPorts": [],
"image": {
"repository": "nginx/nginx-ingress",
"tag": "3.5.1",
"tag": "3.5.2",
"digest": "",
"pullPolicy": "IfNotPresent"
},

2
charts/f5/nginx-ingress/values.yaml
View File

@ -78,7 +78,7 @@ controller:
repository: nginx/nginx-ingress
## The tag of the Ingress Controller image. If not specified the appVersion from Chart.yaml is used as a tag.
# tag: "3.5.1"
# tag: "3.5.2"
## The digest of the Ingress Controller image.
## If digest is specified it has precedence over tag and will be used instead
# digest: "sha256:CHANGEME"

2
charts/kasten/k10/Chart.lock
View File

@ -6,4 +6,4 @@ dependencies:
repository: ""
version: 25.18.0
digest: sha256:e35117c8aba9f6bde24ae45b5e05b0342b03029dfb2676236c389572cc502066
generated: "2024-05-18T05:55:02.501542941Z"
generated: "2024-05-31T17:50:43.005351945Z"

4
charts/kasten/k10/Chart.yaml
View File

@ -4,7 +4,7 @@ annotations:
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 6.5.14
appVersion: 7.0.0
dependencies:
- condition: grafana.enabled
name: grafana
@ -21,4 +21,4 @@ maintainers:
- email: contact@kasten.io
name: kastenIO
name: k10
version: 6.5.1401
version: 7.0.1

2
charts/kasten/k10/README.md
View File

@ -285,6 +285,8 @@ Parameter | Description | Default
`priorityClassName.<deploymentName>` | Overrides the default [priority class](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) name for the specified deployment | `{}`
`ephemeralPVCOverhead` | Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. PVC size = (file raw size) * (1 + `ephemeralPVCOverhead`) | `0.1`
`datastore.parallelUploads` | Specifies how many files can be uploaded in parallel to the data store | `8`
`kastenDisasterRecovery.quickMode.enabled` | Enables K10 Quick Disaster Recovery | `false`
`fips.enabled` | Specifies whether K10 should be run in the FIPS mode of operation | `false`
## Helm tips and tricks
There is a way of setting values via a yaml file instead of using `--set`.

4
charts/kasten/k10/templates/NOTES.txt
View File

@ -1,4 +1,8 @@
Thank you for installing Kastens K10 Data Management Platform {{ .Chart.Version }}!
{{- if .Values.fips.enabled }}
You are operating in FIPS mode.
{{- end }}
Documentation can be found at https://docs.kasten.io/.

5
charts/kasten/k10/templates/_definitions.tpl
View File

@ -208,16 +208,17 @@ state-svc:
cpu: 2m
memory: 30Mi
{{- end -}}
{{- define "k10.multiClusterVersion" -}}2{{- end -}}
{{- define "k10.multiClusterVersion" -}}2.5{{- end -}}
{{- define "k10.mcExternalPort" -}}18000{{- end -}}
{{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}}
{{- define "k10.aggAuditPolicyFile" -}}agg-audit-policy.yaml{{- end -}}
{{- define "k10.siemAuditLogFilePath" -}}-{{- end -}}
{{- define "k10.siemAuditLogFileSize" -}}100{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.108.0{{- end -}}
{{- define "k10.kanisterToolsImageTag" -}}0.109.0{{- end -}}
{{- define "k10.disabledServicesEnvVar" -}}K10_DISABLED_SERVICES{{- end -}}
{{- define "k10.openShiftClientSecretEnvVar" -}}K10_OPENSHIFT_CLIENT_SECRET{{- end -}}
{{- define "k10.defaultK10DefaultPriorityClassName" -}}{{- end -}}
{{- define "k10.dexServiceAccountName" -}}k10-dex-k10-sa{{- end -}}
{{- define "k10.gatewayPrefixVarName" -}}PREFIX_PATH{{- end -}}
{{- define "k10.gatewayRequestHeadersVarName" -}}EXTAUTH_REQUEST_HEADERS{{- end -}}
{{- define "k10.gatewayAuthHeadersVarName" -}}EXTAUTH_AUTH_HEADERS{{- end -}}

61
charts/kasten/k10/templates/_helpers.tpl
View File

@ -116,11 +116,12 @@
{{- end -}}
{{- /* FIPS */ -}}
{{- $fips := .Values.fips | default dict -}}
{{- if $fips.enabled -}}
{{- if .Values.fips.enabled -}}
{{- $internal_capabilities = append $internal_capabilities "fips.strict" -}}
{{- $internal_capabilities = append $internal_capabilities "crypto.k10.v2" -}}
{{- $internal_capabilities = append $internal_capabilities "crypto.storagerepository.v2" -}}
{{- $internal_capabilities = append $internal_capabilities "crypto.vbr.v2" -}}
{{- $internal_capabilities = append $internal_capabilities "gateway" -}}
{{- end -}}
{{- concat $internal_capabilities (.Values.capabilities | default list) | join " " -}}
@ -138,6 +139,32 @@
{{- concat $internal_capabilities_mask (.Values.capabilitiesMask | default list) | join " " -}}
{{- end -}}
{{/*
k10.capability checks whether a given capability is enabled
For example:
include "k10.capability" (. | merge (dict "capability" "SOME.CAPABILITY"))
*/}}
{{- define "k10.capability" -}}
{{- $capabilities := dict -}}
{{- range $capability := include "k10.capabilities" . | splitList " " -}}
{{- $_ := set $capabilities $capability "enabled" -}}
{{- end -}}
{{- range $capability := include "k10.capabilities_mask" . | splitList " " -}}
{{- $_ := unset $capabilities $capability -}}
{{- end -}}
{{- index $capabilities .capability | default "" -}}
{{- end -}}
{{/*
k10.capability.gateway checks whether the "gateway" capability is enabled
*/}}
{{- define "k10.capability.gateway" -}}
{{- include "k10.capability" (. | merge (dict "capability" "gateway")) -}}
{{- end -}}
{{/* Check if basic auth is needed */}}
{{- define "basicauth.check" -}}
{{- if .Values.auth.basicAuth.enabled }}
@ -1213,39 +1240,32 @@ running in the same cluster.
{{/* Fail if FIPS is enabled and Grafana is turned on */}}
{{- define "k10.fail.fipsGrafana" -}}
{{- if and ((.Values.fips | default dict).enabled) (.Values.grafana.enabled) -}}
{{- if and (.Values.fips.enabled) (.Values.grafana.enabled) -}}
{{- fail "fips.enabled and grafana.enabled cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Fail if FIPS is enabled and Prometheus is turned on */}}
{{- define "k10.fail.fipsPrometheus" -}}
{{- if and ((.Values.fips | default dict).enabled) (.Values.prometheus.server.enabled) -}}
{{- if and (.Values.fips.enabled) (.Values.prometheus.server.enabled) -}}
{{- fail "fips.enabled and prometheus.server.enabled cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Fail if FIPS is enabled and Multicluster is turned on */}}
{{- define "k10.fail.fipsMulticluster" -}}
{{- if and ((.Values.fips | default dict).enabled) (.Values.multicluster.enabled) -}}
{{- if and (.Values.fips.enabled) (.Values.multicluster.enabled) -}}
{{- fail "fips.enabled and multicluster.enabled cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Fail if FIPS is enabled and PDF reporting is turned on */}}
{{- define "k10.fail.fipsPDFReports" -}}
{{- if and ((.Values.fips | default dict).enabled) (.Values.reporting.pdfReports) -}}
{{- if and (.Values.fips.enabled) (.Values.reporting.pdfReports) -}}
{{- fail "fips.enabled and reporting.pdfReports cannot both be enabled at the same time" -}}
{{- end -}}
{{- end -}}
{{/* Fail if FIPS is enabled and next gen gateway is turned off */}}
{{- define "k10.fail.fipsGatewayNextGen" -}}
{{- if and ((.Values.fips | default dict).enabled) (not .Values.gateway.next_gen) -}}
{{- fail "gateway.next_gen must be enabled if fips.enabled=true" -}}
{{- end -}}
{{- end -}}
{{/* Check to see whether SIEM logging is enabled */}}
{{- define "k10.siemEnabled" -}}
{{- if or .Values.siem.logging.cluster.enabled .Values.siem.logging.cloud.awsS3.enabled -}}
@ -1273,8 +1293,15 @@ running in the same cluster.
{{/* Returns a generated name for the OpenShift Service Account secret */}}
{{- define "get.openshiftServiceAccountSecretName" -}}
{{- $serviceAccount := required "auth.openshift.serviceAccount field is required" .Values.auth.openshift.serviceAccount -}}
{{ printf "%s-k10-secret" $serviceAccount | quote }}
{{ printf "%s-k10-secret" (include "get.openshiftServiceAccountName" .) | quote }}
{{- end -}}
{{/*
Returns a generated name for the OpenShift Service Account if a service account name
is not configuredby the user using the helm value auth.openshift.serviceAccount
*/}}
{{- define "get.openshiftServiceAccountName" -}}
{{ default (include "k10.dexServiceAccountName" .) .Values.auth.openshift.serviceAccount}}
{{- end -}}
{{/*
@ -1286,6 +1313,10 @@ the Microsoft Go toolchain and Red Hat's OpenSSL.
value: "1"
- name: OPENSSL_FORCE_FIPS_MODE
value: "1"
{{- if .Values.fips.disable_ems }}
- name: KASTEN_CRYPTO_POLICY
value: disable_ems
{{- end }}
{{- end }}
{{/*

15
charts/kasten/k10/templates/_k10_container.tpl
View File

@ -309,7 +309,7 @@ There are 3 valid states of the secret provided by customer:
name: k10-config
key: clustername
{{- end }}
{{- if (.Values.fips | default dict).enabled }}
{{- if .Values.fips.enabled }}
{{- include "k10.enforceFIPSEnvironmentVariables" . | indent 10 }}
{{- end }}
{{- with $capabilities := include "k10.capabilities" . }}
@ -333,6 +333,13 @@ There are 3 valid states of the secret provided by customer:
name: k10-config
key: kubeVirtVMsUnFreezeTimeout
{{- end }}
{{- if eq $service "executor" }}
- name: QUICK_DISASTER_RECOVERY_ENABLED
valueFrom:
configMapKeyRef:
name: k10-config
key: quickDisasterRecoveryEnabled
{{- end }}
{{- if or (eq $service "executor") (eq $service "controllermanager") }}
{{- if or .Values.global.imagePullSecret (or .Values.secrets.dockerConfig .Values.secrets.dockerConfigPath) }}
- name: IMAGE_PULL_SECRET_NAMES
@ -877,7 +884,7 @@ There are 3 valid states of the secret provided by customer:
- name: K10_CAPABILITIES_MASK
value: {{ $capabilities_mask | quote }}
{{- end }}
{{- if (.Values.fips | default dict).enabled }}
{{- if .Values.fips.enabled }}
{{- include "k10.enforceFIPSEnvironmentVariables" . | nindent 10 }}
{{- end }}
volumeMounts:
@ -899,7 +906,7 @@ There are 3 valid states of the secret provided by customer:
image: {{ include "get.dexImage" . }}
{{- if .Values.auth.ldap.enabled }}
command: ["/usr/local/bin/dex", "serve", "/dex-config/config.yaml"]
{{- if (.Values.fips | default dict).enabled }}
{{- if .Values.fips.enabled }}
env:
{{- include "k10.enforceFIPSEnvironmentVariables" . | nindent 10 }}
{{- end }}
@ -924,7 +931,7 @@ There are 3 valid states of the secret provided by customer:
{{- else }}
value: {{ .Values.auth.openshift.clientSecret }}
{{- end }}
{{- if (.Values.fips | default dict).enabled }}
{{- if .Values.fips.enabled }}
{{- include "k10.enforceFIPSEnvironmentVariables" . | indent 10 }}
{{- end }}
{{- end }}

2
charts/kasten/k10/templates/_k10_image_tag.tpl
View File

@ -1 +1 @@
{{- define "k10.imageTag" -}}6.5.14{{- end -}}
{{- define "k10.imageTag" -}}7.0.0{{- end -}}

2
charts/kasten/k10/templates/_k10_metering.tpl
View File

@ -183,7 +183,7 @@ spec:
name: k10-config
key: clustername
{{- end }}
{{- if (.Values.fips | default dict).enabled }}
{{- if .Values.fips.enabled }}
{{- include "k10.enforceFIPSEnvironmentVariables" . | indent 10 }}
{{- end }}
{{- with $capabilities := include "k10.capabilities" . }}

8
charts/kasten/k10/templates/gateway.yaml
View File

@ -10,7 +10,7 @@ metadata:
service: gateway
{{ include "helm.labels" . | indent 4 }}
name: gateway
{{- if not $.Values.gateway.next_gen }}
{{- if not (include "k10.capability.gateway" $) }}
annotations:
getambassador.io/config: |
---
@ -82,7 +82,7 @@ spec:
selector:
service: gateway
---
{{- if not $.Values.gateway.next_gen }}
{{- if not (include "k10.capability.gateway" $) }}
{{- if .Values.gateway.exposeAdminPort }}
apiVersion: v1
kind: Service
@ -125,7 +125,7 @@ spec:
component: gateway
{{ include "helm.labels" . | indent 8 }}
{{- include "k10.azMarketPlace.billingIdentifier" . }}
{{- if $.Values.gateway.next_gen }}
{{- if (include "k10.capability.gateway" $) }}
spec:
serviceAccountName: {{ template "serviceAccountName" . }}
{{- dict "main" . "k10_deployment_name" "gateway" | include "k10.priorityClassName" | indent 6}}
@ -151,7 +151,7 @@ spec:
configMapKeyRef:
name: k10-config
key: version
{{- if (.Values.fips | default dict).enabled }}
{{- if .Values.fips.enabled }}
{{- include "k10.enforceFIPSEnvironmentVariables" . | indent 10 }}
{{- end }}
{{- with $capabilities := include "k10.capabilities" . }}

6
charts/kasten/k10/templates/k10-config.yaml
View File

@ -69,6 +69,8 @@ data:
k10JobMaxWaitDuration: {{ .Values.maxJobWaitDuration | quote }}
quickDisasterRecoveryEnabled: {{ .Values.kastenDisasterRecovery.quickMode.enabled | quote }}
k10ForceRootInKanisterHooks: {{ .Values.forceRootInKanisterHooks | quote }}
{{- if .Values.awsConfig.efsBackupVaultName }}
@ -135,7 +137,7 @@ data:
name: OpenShift
config:
issuer: {{ .Values.auth.openshift.openshiftURL }}
clientID: {{printf "system:serviceaccount:%s:%s" .Release.Namespace .Values.auth.openshift.serviceAccount }}
clientID: {{ printf "system:serviceaccount:%s:%s" .Release.Namespace (include "get.openshiftServiceAccountName" .) }}
clientSecret: {{ printf "{{ getenv \"%s\" }}" (include "k10.openShiftClientSecretEnvVar" . ) }}
redirectURI: {{ printf "%s/dex/callback" (trimSuffix "/" .Values.auth.openshift.dashboardURL) }}
insecureCA: {{ .Values.auth.openshift.insecureCA }}
@ -222,7 +224,7 @@ binaryData:
{{ $files.Get . | b64enc }}
{{- end }}
{{ end }}
{{ if .Values.gateway.next_gen }}
{{ if (include "k10.capability.gateway" $) }}
---
apiVersion: v1
kind: ConfigMap

48
charts/kasten/k10/templates/rbac.yaml
View File

@ -71,14 +71,36 @@ metadata:
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
- "apps"
resources:
- deployments
verbs:
- get
- update
- watch
- list
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- create
- delete
- list
- apiGroups:
- "apik10.kasten.io"
resources:
- k10s
verbs:
- list
- patch
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- apiGroups:
- ""
resources:
@ -105,6 +127,30 @@ rules:
- jobs
verbs:
- get
- apiGroups:
- ""
resources:
- services
verbs:
- create
- get
- delete
- apiGroups:
- "networking.k8s.io"
resources:
- networkpolicies
verbs:
- get
- create
- list
- delete
- apiGroups:
- ""
resources:
- endpoints
verbs:
- list
- get
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1

2
charts/kasten/k10/templates/secrets.yaml
View File

@ -158,7 +158,7 @@ type: kubernetes.io/service-account-token
metadata:
name: {{ include "get.openshiftServiceAccountSecretName" . }}
annotations:
kubernetes.io/service-account.name: {{ .Values.auth.openshift.serviceAccount | quote }}
kubernetes.io/service-account.name: {{ include "get.openshiftServiceAccountName" . | quote }}
{{- end }}
{{- if and (.Values.auth.openshift.enabled) (not .Values.auth.openshift.secretName) }}
---

1
charts/kasten/k10/templates/secure_deployment.tpl
View File

@ -18,4 +18,3 @@ A secure deployment is defined as one of the following:
{{- include "k10.fail.fipsPrometheus" . -}}
{{- include "k10.fail.fipsMulticluster" . -}}
{{- include "k10.fail.fipsPDFReports" . -}}
{{- include "k10.fail.fipsGatewayNextGen" . -}}

17
charts/kasten/k10/templates/serviceaccount.yaml
View File

@ -25,3 +25,20 @@ metadata:
name: {{ template "meteringServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end }}
{{- if and (.Values.auth.openshift.enabled) (not .Values.auth.openshift.serviceAccount) }}
{{- if or (.Values.auth.openshift.clientSecret) (.Values.auth.openshift.clientSecretName) }}
{{ fail "auth.openshift.serviceAccount is required when auth.openshift.clientSecret or auth.openshift.clientSecretName is used "}}
{{- end }}
---
kind: ServiceAccount
apiVersion: v1
metadata:
name: {{ include "k10.dexServiceAccountName" . }}
namespace: {{ .Release.Namespace }}
annotations:
{{- $dashboardURL := (trimSuffix "/" (required "auth.openshift.dashboardURL field is required" .Values.auth.openshift.dashboardURL)) -}}
{{- if (not (hasSuffix .Release.Name $dashboardURL)) }}
{{ fail "auth.openshift.dashboardURL should end with the K10's release name" }}
{{- end }}
serviceaccounts.openshift.io/oauth-redirecturi.dex: {{ printf "%s/dex/callback" $dashboardURL }}
{{- end }}

4
charts/kasten/k10/templates/v0services.yaml
View File

@ -21,7 +21,7 @@ metadata:
{{ include "helm.labels" $ | indent 4 }}
component: {{ . }}
run: {{ . }}-svc
{{- if not $.Values.gateway.next_gen }}
{{- if not (include "k10.capability.gateway" $) }}
{{- if or $exposed_service (eq . "frontend") $mc_exposed_service }}
annotations:
getambassador.io/config: |
@ -164,7 +164,7 @@ spec:
apiVersion: v1
kind: Service
metadata:
{{- if not $.Values.gateway.next_gen }}
{{- if not (include "k10.capability.gateway" $) }}
annotations:
getambassador.io/config: |
---

27
charts/kasten/k10/values.schema.json
View File

@ -2712,6 +2712,33 @@
"default": 0.1,
"title": "Storage overhead for ephemeral PVCs",
"description": "Set the percentage increase for the ephemeral Persistent Volume Claim's storage request, e.g. pvc size = (file raw size) * (1 + `ephemeralPVCOverhead`)"
},
"kastenDisasterRecovery": {
"type": "object",
"properties": {
"quickMode": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Enables K10 Quick Disaster Recovery feature, with ability to restore necessary K10 resources and exported restore points of applications.",
"title": "Enable K10 Quick Disaster Recovery."
}
}
}
}
},
"fips": {
"type": "object",
"properties": {
"enabled": {
"type": "boolean",
"default": false,
"description": "Enables K10 FIPS (Federal Information Processing Standard) mode of operation.",
"title": "Enable K10 FIPS mode of operation."
}
}
}
}
}

7
charts/kasten/k10/values.yaml
View File

@ -513,3 +513,10 @@ ephemeralPVCOverhead: 0.1
datastore:
parallelUploads: 8
kastenDisasterRecovery:
quickMode:
enabled: false
fips:
enabled: false

4
charts/linkerd/linkerd-control-plane/Chart.yaml
View File

@ -6,7 +6,7 @@ annotations:
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: linkerd-control-plane
apiVersion: v2
appVersion: edge-24.5.4
appVersion: edge-24.5.5
dependencies:
- name: partials
repository: file://./charts/partials
@ -26,4 +26,4 @@ name: linkerd-control-plane
sources:
- https://github.com/linkerd/linkerd2/
type: application
version: 2024.5.4
version: 2024.5.5

2
charts/linkerd/linkerd-control-plane/README.md
View File

@ -3,7 +3,7 @@
Linkerd gives you observability, reliability, and security
for your microservices — with no code change required.
![Version: 2024.5.4](https://img.shields.io/badge/Version-2024.5.4-informational?style=flat-square)
![Version: 2024.5.5](https://img.shields.io/badge/Version-2024.5.5-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![AppVersion: edge-XX.X.X](https://img.shields.io/badge/AppVersion-edge--XX.X.X-informational?style=flat-square)

2
charts/linkerd/linkerd-control-plane/values.yaml
View File

@ -24,7 +24,7 @@ controlPlaneTracing: false
# -- namespace to send control plane traces to
controlPlaneTracingNamespace: linkerd-jaeger
# -- control plane version. See Proxy section for proxy version
linkerdVersion: edge-24.5.4
linkerdVersion: edge-24.5.5
# -- default kubernetes deployment strategy
deploymentStrategy:
rollingUpdate:

2
charts/linkerd/linkerd-crds/Chart.yaml
View File

@ -23,4 +23,4 @@ name: linkerd-crds
sources:
- https://github.com/linkerd/linkerd2/
type: application
version: 2024.5.4
version: 2024.5.5

2
charts/linkerd/linkerd-crds/README.md
View File

@ -3,7 +3,7 @@
Linkerd gives you observability, reliability, and security
for your microservices — with no code change required.
![Version: 2024.5.4](https://img.shields.io/badge/Version-2024.5.4-informational?style=flat-square)
![Version: 2024.5.5](https://img.shields.io/badge/Version-2024.5.5-informational?style=flat-square)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
**Homepage:** <https://linkerd.io>

380
charts/traefik/traefik/Changelog.md
View File

@ -1,5 +1,385 @@
# Change Log
## 28.2.0 ![AppVersion: v3.0.1](https://img.shields.io/static/v1?label=AppVersion&message=v3.0.1&color=success&logo=) ![Kubernetes: >=1.22.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.22.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
**Release date:** 2024-05-28
* fix(IngressClass): provides annotation on IngressRoutes when it's enabled
* feat: ✨ simplify values and provide more examples
* feat: add deletecollection right on secrets
* chore(release): 🚀 publish v28.2.0
* chore(deps): update traefik docker tag to v3.0.1
### Default value changes
```diff
diff --git a/traefik/values.yaml b/traefik/values.yaml
index 2fd9282..c558c78 100644
--- a/traefik/values.yaml
+++ b/traefik/values.yaml
@@ -1,4 +1,7 @@
# Default values for Traefik
+# This is a YAML-formatted file.
+# Declare variables to be passed into templates
+
image:
# -- Traefik image host registry
registry: docker.io
@@ -12,9 +15,6 @@ image:
# -- Add additional label to all resources
commonLabels: {}
-#
-# Configure the deployment
-#
deployment:
# -- Enable deployment
enabled: true
@@ -74,10 +74,6 @@ deployment:
# - name: volume-permissions
# image: busybox:latest
# command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
- # securityContext:
- # runAsNonRoot: true
- # runAsGroup: 65532
- # runAsUser: 65532
# volumeMounts:
# - name: data
# mountPath: /data
@@ -112,13 +108,11 @@ deployment:
# -- Set a runtimeClassName on pod
runtimeClassName:
-# -- Pod disruption budget
+# -- [Pod Disruption Budget](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/)
podDisruptionBudget:
- enabled: false
- # maxUnavailable: 1
- # maxUnavailable: 33%
- # minAvailable: 0
- # minAvailable: 25%
+ enabled:
+ maxUnavailable:
+ minAvailable:
# -- Create a default IngressClass for Traefik
ingressClass:
@@ -155,7 +149,6 @@ experimental:
# annotations:
# cert-manager.io/issuer: letsencrypt
-## Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
# -- Create an IngressRoute for the dashboard
@@ -221,15 +214,7 @@ livenessProbe:
# -- The number of seconds to wait for a probe response before considering it as failed.
timeoutSeconds: 2
-# -- Define Startup Probe for container: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
-# eg.
-# `startupProbe:
-# exec:
-# command:
-# - mycommand
-# - foo
-# initialDelaySeconds: 5
-# periodSeconds: 5`
+# -- Define [Startup Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes)
startupProbe:
providers:
@@ -276,18 +261,8 @@ providers:
# -- Allows Traefik to automatically watch for file changes
watch: true
# -- File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/)
- content: ""
- # http:
- # routers:
- # router0:
- # entryPoints:
- # - web
- # middlewares:
- # - my-basic-auth
- # service: service-foo
- # rule: Path(`/foo`)
+ content:
-#
# -- Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
@@ -311,26 +286,21 @@ additionalVolumeMounts: []
logs:
general:
- # -- By default, the logs use a text format (common), but you can
- # also ask for the json format in the format option
- # format: json
+ # -- Set [logs format](https://doc.traefik.io/traefik/observability/logs/#format)
+ # @default common
+ format:
# By default, the level is set to ERROR.
# -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: INFO
access:
# -- To enable access logs
enabled: false
- ## By default, logs are written using the Common Log Format (CLF) on stdout.
- ## To write logs in JSON, use json in the format option.
- ## If the given format is unsupported, the default (CLF) is used instead.
- # format: json
+ # -- Set [access log format](https://doc.traefik.io/traefik/observability/access-logs/#format)
+ format:
# filePath: "/var/log/traefik/access.log
- ## To write the logs in an asynchronous fashion, specify a bufferingSize option.
- ## This option represents the number of log lines Traefik will keep in memory before writing
- ## them to the selected output. In some cases, this option can greatly help performances.
- # bufferingSize: 100
- ## Filtering
- # -- https://docs.traefik.io/observability/access-logs/#filtering
+ # -- Set [bufferingSize](https://doc.traefik.io/traefik/observability/access-logs/#bufferingsize)
+ bufferingSize:
+ # -- Set [filtering](https://docs.traefik.io/observability/access-logs/#filtering)
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
@@ -345,15 +315,11 @@ logs:
names: {}
## Examples:
# ClientUsername: drop
+ # -- [Limit logged fields or headers](https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers)
headers:
# -- Available modes: keep, drop, redact.
defaultmode: drop
- # -- Names of the headers to limit.
names: {}
- ## Examples:
- # User-Agent: redact
- # Authorization: drop
- # Content-Type: keep
metrics:
## -- Enable metrics for internal resources. Default: false
@@ -567,16 +533,15 @@ globalArguments:
- "--global.checknewversion"
- "--global.sendanonymoususage"
-#
-# Configure Traefik static configuration
# -- Additional arguments to be passed at Traefik's binary
-# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
-## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
+# See [CLI Reference](https://docs.traefik.io/reference/static-configuration/cli/)
+# Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments: []
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# -- Environment variables to be passed to Traefik's binary
+# @default -- See _values.yaml_
env:
- name: POD_NAME
valueFrom:
@@ -586,25 +551,9 @@ env:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
-# - name: SOME_VAR
-# value: some-var-value
-# - name: SOME_VAR_FROM_CONFIG_MAP
-# valueFrom:
-# configMapRef:
-# name: configmap-name
-# key: config-key
-# - name: SOME_SECRET
-# valueFrom:
-# secretKeyRef:
-# name: secret-name
-# key: secret-key
# -- Environment variables to be passed to Traefik's binary from configMaps or secrets
envFrom: []
-# - configMapRef:
-# name: config-map-name
-# - secretRef:
-# name: secret-name
ports:
traefik:
@@ -766,28 +715,12 @@ ports:
# -- The port protocol (TCP/UDP)
protocol: TCP
-# -- TLS Options are created as TLSOption CRDs
-# https://doc.traefik.io/traefik/https/tls/#tls-options
+# -- TLS Options are created as [TLSOption CRDs](https://doc.traefik.io/traefik/https/tls/#tls-options)
# When using `labelSelector`, you'll need to set labels on tlsOption accordingly.
-# Example:
-# tlsOptions:
-# default:
-# labels: {}
-# sniStrict: true
-# custom-options:
-# labels: {}
-# curvePreferences:
-# - CurveP521
-# - CurveP384
+# See EXAMPLE.md for details.
tlsOptions: {}
-# -- TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
-# https://doc.traefik.io/traefik/https/tls/#default-certificate
-# Example:
-# tlsStore:
-# default:
-# defaultCertificate:
-# secretName: tls-cert
+# -- TLS Store are created as [TLSStore CRDs](https://doc.traefik.io/traefik/https/tls/#default-certificate). This is useful if you want to set a default certificate. See EXAMPLE.md for details.
tlsStore: {}
service:
@@ -839,29 +772,8 @@ service:
autoscaling:
# -- Create HorizontalPodAutoscaler object.
+ # See EXAMPLES.md for more details.
enabled: false
-# minReplicas: 1
-# maxReplicas: 10
-# metrics:
-# - type: Resource
-# resource:
-# name: cpu
-# target:
-# type: Utilization
-# averageUtilization: 60
-# - type: Resource
-# resource:
-# name: memory
-# target:
-# type: Utilization
-# averageUtilization: 60
-# behavior:
-# scaleDown:
-# stabilizationWindowSeconds: 300
-# policies:
-# - type: Pods
-# value: 1
-# periodSeconds: 60
persistence:
# -- Enable persistence using Persistent Volume Claims
@@ -879,27 +791,10 @@ persistence:
# -- Only mount a subpath of the Volume into the pod
# subPath: ""
-# -- Certificates resolvers configuration
+# -- Certificates resolvers configuration.
+# Ref: https://doc.traefik.io/traefik/https/acme/#certificate-resolvers
+# See EXAMPLES.md for more details.
certResolvers: {}
-# letsencrypt:
-# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
-# email: email@example.com
-# dnsChallenge:
-# # also add the provider's required configuration under env
-# # or expand then from secrets/configmaps with envfrom
-# # cf. https://doc.traefik.io/traefik/https/acme/#providers
-# provider: digitalocean
-# # add futher options for the dns challenge as needed
-# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
-# delayBeforeCheck: 30
-# resolvers:
-# - 1.1.1.1
-# - 8.8.8.8
-# tlsChallenge: true
-# httpChallenge:
-# entryPoint: "web"
-# # It has to match the path with a persistent volume
-# storage: /data/acme.json
# -- If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
@@ -933,14 +828,8 @@ serviceAccount:
# -- Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
-# -- The resources parameter defines CPU and memory requirements and limits for Traefik's containers.
+# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for `traefik` container.
resources: {}
-# requests:
-# cpu: "100m"
-# memory: "50Mi"
-# limits:
-# cpu: "300m"
-# memory: "150Mi"
# -- This example pod anti-affinity forces the scheduler to put traefik pods
# -- on nodes where no other traefik pods are scheduled.
@@ -970,30 +859,22 @@ topologySpreadConstraints: []
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
-# -- Pods can have priority.
-# -- Priority indicates the importance of a Pod relative to other Pods.
+# -- [Pod Priority and Preemption](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/)
priorityClassName: ""
-# -- Set the container security context
-# -- To run the container with ports below 1024 this will need to be adjusted to run as root
+# -- [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)
+# @default -- See _values.yaml_
securityContext:
+ allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
+# -- [Pod Security Context](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context)
+# @default -- See _values.yaml_
podSecurityContext:
- # /!\ When setting fsGroup, Kubernetes will recursively change ownership and
- # permissions for the contents of each volume to match the fsGroup. This can
- # be an issue when storing sensitive content like TLS Certificates /!\
- # fsGroup: 65532
- # -- Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup.
- fsGroupChangePolicy: "OnRootMismatch"
- # -- The ID of the group for all containers in the pod to run as.
runAsGroup: 65532
- # -- Specifies whether the containers should run as a non-root user.
runAsNonRoot: true
- # -- The ID of the user for all containers in the pod to run as.
runAsUser: 65532
#
@@ -1003,16 +884,16 @@ podSecurityContext:
# See #595 for more details and traefik/tests/values/extra.yaml for example.
extraObjects: []
-# This will override the default Release Namespace for Helm.
+# -- This field override the default Release Namespace for Helm.
# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
-# namespaceOverride: traefik
-#
-## -- This will override the default app.kubernetes.io/instance label for all Objects.
-# instanceLabelOverride: traefik
+namespaceOverride:
+
+## -- This field override the default app.kubernetes.io/instance label for all Objects.
+instanceLabelOverride:
-# -- Traefik Hub configuration. See https://doc.traefik.io/traefik-hub/
+# Traefik Hub configuration. See https://doc.traefik.io/traefik-hub/
hub:
- # Name of Secret with key 'token' set to a valid license token.
+ # -- Name of `Secret` with key 'token' set to a valid license token.
# It enables API Gateway.
token:
apimanagement:
```
## 28.1.0 ![AppVersion: v3.0.0](https://img.shields.io/static/v1?label=AppVersion&message=v3.0.0&color=success&logo=) ![Kubernetes: >=1.22.0-0](https://img.shields.io/static/v1?label=Kubernetes&message=%3E%3D1.22.0-0&color=informational&logo=kubernetes) ![Helm: v3](https://img.shields.io/static/v1?label=Helm&message=v3&color=informational&logo=helm)
* fix(Traefik Hub): do not deploy mutating webhook when enabling only API Gateway

11
charts/traefik/traefik/Chart.yaml
View File

@ -1,13 +1,14 @@
annotations:
artifacthub.io/changes: "- \"fix(Traefik Hub): do not deploy mutating webhook when
enabling only API Gateway\"\n- \"feat(Traefik Hub): use Traefik Proxy otlp config\"\n-
\"chore: \U0001F527 update Traefik Hub CRD to v1.3.3\"\n"
artifacthub.io/changes: "- \"fix(IngressClass): provides annotation on IngressRoutes
when it's enabled\"\n- \"feat: ✨ simplify values and provide more examples\"\n-
\"feat: add deletecollection right on secrets\"\n- \"chore(release): \U0001F680
publish v28.2.0\"\n- \"chore(deps): update traefik docker tag to v3.0.1\"\n"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Traefik Proxy
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: traefik
apiVersion: v2
appVersion: v3.0.0
appVersion: v3.0.1
description: A Traefik based Kubernetes ingress controller
home: https://traefik.io/
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
@ -29,4 +30,4 @@ sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
type: application
version: 28.1.0
version: 28.2.0

117
charts/traefik/traefik/EXAMPLES.md
View File

@ -278,6 +278,64 @@ service:
service.beta.kubernetes.io/azure-load-balancer-resource-group: myResourceGroup
```
Here is a more complete example, using also native Let's encrypt feature of Traefik Proxy with Azure DNS:
```yaml
persistence:
enabled: true
size: 128Mi
certResolvers:
letsencrypt:
email: "{{ letsencrypt_email }}"
#caServer: https://acme-v02.api.letsencrypt.org/directory # Production server
caServer: https://acme-staging-v02.api.letsencrypt.org/directory # Staging server
dnsChallenge:
provider: azuredns
storage: /data/acme.json
env:
- name: AZURE_CLIENT_ID
value: "{{ azure_dns_challenge_application_id }}"
- name: AZURE_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: azuredns-secret
key: client-secret
- name: AZURE_SUBSCRIPTION_ID
value: "{{ azure_subscription_id }}"
- name: AZURE_TENANT_ID
value: "{{ azure_tenant_id }}"
- name: AZURE_RESOURCE_GROUP
value: "{{ azure_resource_group }}"
deployment:
initContainers:
- name: volume-permissions
image: busybox:latest
command: ["sh", "-c", "ls -la /; touch /data/acme.json; chmod -v 600 /data/acme.json"]
volumeMounts:
- mountPath: /data
name: data
podSecurityContext:
fsGroup: 65532
fsGroupChangePolicy: "OnRootMismatch"
service:
spec:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/azure-load-balancer-resource-group: "{{ azure_node_resource_group }}"
service.beta.kubernetes.io/azure-pip-name: "{{ azure_resource_group }}"
service.beta.kubernetes.io/azure-dns-label-name: "{{ azure_resource_group }}"
service.beta.kubernetes.io/azure-allowed-ip-ranges: "{{ ip_range | join(',') }}"
extraObjects:
- apiVersion: v1
kind: Secret
metadata:
name: azuredns-secret
namespace: traefik
type: Opaque
stringData:
client-secret: "{{ azure_dns_challenge_application_secret }}"
```
# Use HTTP3
By default, it will use a Load balancers with mixed protocols on `websecure`
@ -356,6 +414,26 @@ By default, Kubernetes recursively changes ownership and permissions for the con
=> An initContainer can be used to avoid an issue on this sensitive file.
See [#396](https://github.com/traefik/traefik-helm-chart/issues/396) for more details.
Once the provider is ready, it can be used in an `IngressRoute`:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: [...]
spec:
entryPoints: [...]
routes: [...]
tls:
certResolver: letsencrypt
```
See [the list of supported providers](https://doc.traefik.io/traefik/https/acme/#providers) for others.
## Example with CloudFlare
This example needs a CloudFlare token in a Kubernetes `Secret` and a working `StorageClass`.
**Step 1**: Create `Secret` with CloudFlare token:
```yaml
@ -366,7 +444,7 @@ metadata:
name: cloudflare
type: Opaque
stringData:
token: TTT
token: {{ SET_A_VALID_TOKEN_HERE }}
```
**Step 2**:
@ -394,26 +472,11 @@ deployment:
volumeMounts:
- mountPath: /data
name: data
podSecurityContext:
fsGroup: 65532
fsGroupChangePolicy: "OnRootMismatch"
```
and after, in an `IngressRoute`:
```yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: [...]
spec:
entryPoints: [...]
routes: [...]
tls:
certResolver: letsencrypt
```
This example needs a CloudFlare token in a Kubernetes `Secret` and a working `StorageClass`.
See [the list of supported providers](https://doc.traefik.io/traefik/https/acme/#providers) for others.
# Provide default certificate with cert-manager and CloudFlare DNS
Setup:
@ -619,6 +682,22 @@ spec:
maxReplicas: 3
```
# Configure TLS
The [TLS options](https://doc.traefik.io/traefik/https/tls/#tls-options) allow one to configure some parameters of the TLS connection.
```yaml
tlsOptions:
default:
labels: {}
sniStrict: true
custom-options:
labels: {}
curvePreferences:
- CurveP521
- CurveP384
```
# Use latest build of Traefik v3 from master
An experimental build of Traefik Proxy is available on a specific repository.

43
charts/traefik/traefik/VALUES.md
View File

@ -1,6 +1,6 @@
# traefik
![Version: 28.1.0](https://img.shields.io/badge/Version-28.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.0.0](https://img.shields.io/badge/AppVersion-v3.0.0-informational?style=flat-square)
![Version: 28.2.0](https://img.shields.io/badge/Version-28.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v3.0.1](https://img.shields.io/badge/AppVersion-v3.0.1-informational?style=flat-square)
A Traefik based Kubernetes ingress controller
@ -28,11 +28,11 @@ Kubernetes: `>=1.22.0-0`
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| additionalArguments | list | `[]` | Additional arguments to be passed at Traefik's binary All available options available on https://docs.traefik.io/reference/static-configuration/cli/ # Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` |
| additionalArguments | list | `[]` | Additional arguments to be passed at Traefik's binary See [CLI Reference](https://docs.traefik.io/reference/static-configuration/cli/) Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"` |
| additionalVolumeMounts | list | `[]` | Additional volumeMounts to add to the Traefik container |
| affinity | object | `{}` | on nodes where no other traefik pods are scheduled. It should be used when hostNetwork: true to prevent port conflicts |
| autoscaling.enabled | bool | `false` | Create HorizontalPodAutoscaler object. |
| certResolvers | object | `{}` | Certificates resolvers configuration |
| autoscaling.enabled | bool | `false` | Create HorizontalPodAutoscaler object. See EXAMPLES.md for more details. |
| certResolvers | object | `{}` | Certificates resolvers configuration. Ref: https://doc.traefik.io/traefik/https/acme/#certificate-resolvers See EXAMPLES.md for more details. |
| commonLabels | object | `{}` | Add additional label to all resources |
| core.defaultRuleSyntax | string | `nil` | Can be used to use globally v2 router syntax See https://doc.traefik.io/traefik/v3.0/migration/v2-to-v3/#new-v3-syntax-notable-changes |
| deployment.additionalContainers | list | `[]` | Additional containers (e.g. for metric offloading sidecars) |
@ -52,14 +52,13 @@ Kubernetes: `>=1.22.0-0`
| deployment.runtimeClassName | string | `nil` | Set a runtimeClassName on pod |
| deployment.shareProcessNamespace | bool | `false` | Use process namespace sharing |
| deployment.terminationGracePeriodSeconds | int | `60` | Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down |
| env | list | `[{"name":"POD_NAME","valueFrom":{"fieldRef":{"fieldPath":"metadata.name"}}},{"name":"POD_NAMESPACE","valueFrom":{"fieldRef":{"fieldPath":"metadata.namespace"}}}]` | Environment variables to be passed to Traefik's binary |
| env | list | See _values.yaml_ | Environment variables to be passed to Traefik's binary |
| envFrom | list | `[]` | Environment variables to be passed to Traefik's binary from configMaps or secrets |
| experimental.kubernetesGateway.enabled | bool | `false` | Enable traefik experimental GatewayClass CRD |
| experimental.plugins | object | `{}` | Enable traefik experimental plugins |
| extraObjects | list | `[]` | Extra objects to deploy (value evaluated as a template) In some cases, it can avoid the need for additional, extended or adhoc deployments. See #595 for more details and traefik/tests/values/extra.yaml for example. |
| globalArguments | list | `["--global.checknewversion","--global.sendanonymoususage"]` | Global command arguments to be passed to all traefik's pods |
| hostNetwork | bool | `false` | If hostNetwork is true, runs traefik in the host network namespace To prevent unschedulabel pods due to port collisions, if hostNetwork=true and replicas>1, a pod anti-affinity is recommended and will be set if the affinity is left as default. |
| hub | object | `{"apimanagement":{"admission":{"listenAddr":null,"secretName":null},"enabled":null},"ratelimit":{"redis":{"cluster":null,"database":null,"endpoints":null,"password":null,"sentinel":{"masterset":null,"password":null,"username":null},"timeout":null,"tls":{"ca":null,"cert":null,"insecureSkipVerify":null,"key":null},"username":null}},"sendlogs":null,"token":null}` | Traefik Hub configuration. See https://doc.traefik.io/traefik-hub/ |
| hub.apimanagement.admission.listenAddr | string | `nil` | WebHook admission server listen address. Default: "0.0.0.0:9943". |
| hub.apimanagement.admission.secretName | string | `nil` | Certificate of the WebHook admission server. Default: "hub-agent-cert". |
| hub.apimanagement.enabled | string | `nil` | Set to true in order to enable API Management. Requires a valid license token. |
@ -76,6 +75,8 @@ Kubernetes: `>=1.22.0-0`
| hub.ratelimit.redis.tls.insecureSkipVerify | string | `nil` | When insecureSkipVerify is set to true, the TLS connection accepts any certificate presented by the server. Default: false. |
| hub.ratelimit.redis.tls.key | string | `nil` | Path to the private key used for the secure connection. |
| hub.ratelimit.redis.username | string | `nil` | The username to use when connecting to Redis endpoints. Default: "". |
| hub.sendlogs | string | `nil` | |
| hub.token | string | `nil` | Name of `Secret` with key 'token' set to a valid license token. It enables API Gateway. |
| image.pullPolicy | string | `"IfNotPresent"` | Traefik image pull policy |
| image.registry | string | `"docker.io"` | Traefik image host registry |
| image.repository | string | `"traefik"` | Traefik image repository |
@ -95,18 +96,22 @@ Kubernetes: `>=1.22.0-0`
| ingressRoute.healthcheck.matchRule | string | `"PathPrefix(`/ping`)"` | The router match rule used for the healthcheck ingressRoute |
| ingressRoute.healthcheck.middlewares | list | `[]` | Additional ingressRoute middlewares (e.g. for authentication) |
| ingressRoute.healthcheck.tls | object | `{}` | TLS options (e.g. secret containing certificate) |
| instanceLabelOverride | string | `nil` | |
| livenessProbe.failureThreshold | int | `3` | The number of consecutive failures allowed before considering the probe as failed. |
| livenessProbe.initialDelaySeconds | int | `2` | The number of seconds to wait before starting the first probe. |
| livenessProbe.periodSeconds | int | `10` | The number of seconds to wait between consecutive probes. |
| livenessProbe.successThreshold | int | `1` | The minimum consecutive successes required to consider the probe successful. |
| livenessProbe.timeoutSeconds | int | `2` | The number of seconds to wait for a probe response before considering it as failed. |
| logs.access.addInternals | string | `nil` | Enables accessLogs for internal resources. Default: false. |
| logs.access.bufferingSize | string | `nil` | Set [bufferingSize](https://doc.traefik.io/traefik/observability/access-logs/#bufferingsize) |
| logs.access.enabled | bool | `false` | To enable access logs |
| logs.access.fields.general.defaultmode | string | `"keep"` | Available modes: keep, drop, redact. |
| logs.access.fields.general.names | object | `{}` | Names of the fields to limit. |
| logs.access.fields.headers | object | `{"defaultmode":"drop","names":{}}` | [Limit logged fields or headers](https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers) |
| logs.access.fields.headers.defaultmode | string | `"drop"` | Available modes: keep, drop, redact. |
| logs.access.fields.headers.names | object | `{}` | Names of the headers to limit. |
| logs.access.filters | object | `{}` | https://docs.traefik.io/observability/access-logs/#filtering |
| logs.access.filters | object | `{}` | Set [filtering](https://docs.traefik.io/observability/access-logs/#filtering) |
| logs.access.format | string | `nil` | Set [access log format](https://doc.traefik.io/traefik/observability/access-logs/#format) |
| logs.general.format | string | `nil` | Set [logs format](https://doc.traefik.io/traefik/observability/logs/#format) @default common |
| logs.general.level | string | `"INFO"` | Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO. |
| metrics.addInternals | string | `nil` | |
| metrics.otlp.addEntryPointsLabels | string | `nil` | Enable metrics on entry points. Default: true |
@ -130,6 +135,7 @@ Kubernetes: `>=1.22.0-0`
| metrics.otlp.http.tls.key | string | `nil` | The path to the private key. When using this option, setting the cert option is required. |
| metrics.otlp.pushInterval | string | `nil` | Interval at which metrics are sent to the OpenTelemetry Collector. Default: 10s |
| metrics.prometheus.entryPoint | string | `"metrics"` | Entry point used to expose metrics. |
| namespaceOverride | string | `nil` | This field override the default Release Namespace for Helm. It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules` |
| nodeSelector | object | `{}` | nodeSelector is the simplest recommended form of node selection constraint. |
| persistence.accessMode | string | `"ReadWriteOnce"` | |
| persistence.annotations | object | `{}` | |
@ -137,11 +143,8 @@ Kubernetes: `>=1.22.0-0`
| persistence.name | string | `"data"` | |
| persistence.path | string | `"/data"` | |
| persistence.size | string | `"128Mi"` | |
| podDisruptionBudget | object | `{"enabled":false}` | Pod disruption budget |
| podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` | Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup. |
| podSecurityContext.runAsGroup | int | `65532` | The ID of the group for all containers in the pod to run as. |
| podSecurityContext.runAsNonRoot | bool | `true` | Specifies whether the containers should run as a non-root user. |
| podSecurityContext.runAsUser | int | `65532` | The ID of the user for all containers in the pod to run as. |
| podDisruptionBudget | object | `{"enabled":null,"maxUnavailable":null,"minAvailable":null}` | [Pod Disruption Budget](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/) |
| podSecurityContext | object | See _values.yaml_ | [Pod Security Context](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context) |
| podSecurityPolicy | object | `{"enabled":false}` | Enable to create a PodSecurityPolicy and assign it to the Service Account via RoleBinding or ClusterRoleBinding |
| ports.metrics.expose | object | `{"default":false}` | You may not want to expose the metrics port on production deployments. If you want to access it from outside your cluster, use `kubectl port-forward` or create a secure ingress |
| ports.metrics.exposedPort | int | `9100` | The exposed port for this service |
@ -167,8 +170,8 @@ Kubernetes: `>=1.22.0-0`
| ports.websecure.tls.enabled | bool | `true` | |
| ports.websecure.tls.options | string | `""` | |
| ports.websecure.transport | object | `{"keepAliveMaxRequests":null,"keepAliveMaxTime":null,"lifeCycle":{"graceTimeOut":null,"requestAcceptGraceTimeout":null},"respondingTimeouts":{"idleTimeout":null,"readTimeout":null,"writeTimeout":null}}` | Set transport settings for the entrypoint; see also https://doc.traefik.io/traefik/routing/entrypoints/#transport |
| priorityClassName | string | `""` | Priority indicates the importance of a Pod relative to other Pods. |
| providers.file.content | string | `""` | File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/) |
| priorityClassName | string | `""` | [Pod Priority and Preemption](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) |
| providers.file.content | string | `nil` | File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/) |
| providers.file.enabled | bool | `false` | Create a file provider |
| providers.file.watch | bool | `true` | Allows Traefik to automatically watch for file changes |
| providers.kubernetesCRD.allowCrossNamespace | bool | `false` | Allows IngressRoute to reference resources in namespace other than theirs |
@ -188,8 +191,8 @@ Kubernetes: `>=1.22.0-0`
| readinessProbe.periodSeconds | int | `10` | The number of seconds to wait between consecutive probes. |
| readinessProbe.successThreshold | int | `1` | The minimum consecutive successes required to consider the probe successful. |
| readinessProbe.timeoutSeconds | int | `2` | The number of seconds to wait for a probe response before considering it as failed. |
| resources | object | `{}` | The resources parameter defines CPU and memory requirements and limits for Traefik's containers. |
| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"readOnlyRootFilesystem":true}` | To run the container with ports below 1024 this will need to be adjusted to run as root |
| resources | object | `{}` | [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for `traefik` container. |
| securityContext | object | See _values.yaml_ | [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1) |
| service.additionalServices | object | `{}` | |
| service.annotations | object | `{}` | Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config) |
| service.annotationsTCP | object | `{}` | Additional annotations for TCP service only |
@ -203,9 +206,9 @@ Kubernetes: `>=1.22.0-0`
| service.type | string | `"LoadBalancer"` | |
| serviceAccount | object | `{"name":""}` | The service account the pods will use to interact with the Kubernetes API |
| serviceAccountAnnotations | object | `{}` | Additional serviceAccount annotations (e.g. for oidc authentication) |
| startupProbe | string | `nil` | Define Startup Probe for container: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes eg. `startupProbe: exec: command: - mycommand - foo initialDelaySeconds: 5 periodSeconds: 5` |
| tlsOptions | object | `{}` | TLS Options are created as TLSOption CRDs https://doc.traefik.io/traefik/https/tls/#tls-options When using `labelSelector`, you'll need to set labels on tlsOption accordingly. Example: tlsOptions: default: labels: {} sniStrict: true custom-options: labels: {} curvePreferences: - CurveP521 - CurveP384 |
| tlsStore | object | `{}` | TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate https://doc.traefik.io/traefik/https/tls/#default-certificate Example: tlsStore: default: defaultCertificate: secretName: tls-cert |
| startupProbe | string | `nil` | Define [Startup Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes) |
| tlsOptions | object | `{}` | TLS Options are created as [TLSOption CRDs](https://doc.traefik.io/traefik/https/tls/#tls-options) When using `labelSelector`, you'll need to set labels on tlsOption accordingly. See EXAMPLE.md for details. |
| tlsStore | object | `{}` | TLS Store are created as [TLSStore CRDs](https://doc.traefik.io/traefik/https/tls/#default-certificate). This is useful if you want to set a default certificate. See EXAMPLE.md for details. |
| tolerations | list | `[]` | Tolerations allow the scheduler to schedule pods with matching taints. |
| topologySpreadConstraints | list | `[]` | You can use topology spread constraints to control how Pods are spread across your cluster among failure-domains. |
| tracing | object | `{"addInternals":null,"otlp":{"enabled":false,"grpc":{"enabled":false,"endpoint":null,"insecure":null,"tls":{"ca":null,"cert":null,"insecureSkipVerify":null,"key":null}},"http":{"enabled":false,"endpoint":null,"headers":null,"tls":{"ca":null,"cert":null,"insecureSkipVerify":null,"key":null}}}}` | https://doc.traefik.io/traefik/observability/tracing/overview/ |

7
charts/traefik/traefik/templates/dashboard-ingressroute.yaml
View File

@ -4,10 +4,13 @@ kind: IngressRoute
metadata:
name: {{ template "traefik.fullname" . }}-dashboard
namespace: {{ template "traefik.namespace" . }}
{{- with .Values.ingressRoute.dashboard.annotations }}
annotations:
{{- if and .Values.ingressClass.enabled (or .Values.providers.kubernetesCRD.enabled .Values.providers.kubernetesIngress.enabled) }}
kubernetes.io/ingress.class: {{ .Values.ingressClass.name | default (include "traefik.fullname" .) }}
{{- end }}
{{- with .Values.ingressRoute.dashboard.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
labels:
{{- include "traefik.labels" . | nindent 4 }}
{{- with .Values.ingressRoute.dashboard.labels }}

3
charts/traefik/traefik/templates/healthcheck-ingressroute.yaml
View File

@ -5,6 +5,9 @@ metadata:
name: {{ template "traefik.fullname" . }}-healthcheck
namespace: {{ template "traefik.namespace" . }}
annotations:
{{- if and .Values.ingressClass.enabled (or .Values.providers.kubernetesCRD.enabled .Values.providers.kubernetesIngress.enabled) }}
kubernetes.io/ingress.class: {{ .Values.ingressClass.name | default (include "traefik.fullname" .) }}
{{- end }}
{{- with .Values.ingressRoute.healthcheck.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}

4
charts/traefik/traefik/templates/provider-file-cm.yaml
View File

@ -7,6 +7,6 @@ metadata:
labels:
{{- include "traefik.labels" . | nindent 4 }}
data:
config.yml: |
{{ .Values.providers.file.content | nindent 4 }}
config.yml:
{{ toYaml .Values.providers.file.content | nindent 4 }}
{{- end -}}

11
charts/traefik/traefik/templates/rbac/clusterrole.yaml
View File

@ -127,7 +127,6 @@ rules:
- apiratelimits
- apis
- apiversions
- edgeingresses
verbs:
- list
- watch
@ -146,8 +145,6 @@ rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- namespaces
- pods
- nodes
@ -193,13 +190,11 @@ rules:
- update
- create
- delete
- deletecollection
- apiGroups:
- apps
resources:
- deployments
- statefulsets
- replicasets
- daemonsets
verbs:
- get
- list
@ -213,8 +208,4 @@ rules:
- get
- list
- watch
- create
- update
- patch
- delete
{{- end -}}

85
charts/traefik/traefik/templates/rbac/role.yaml
View File

@ -119,5 +119,90 @@ rules:
verbs:
- update
{{- end -}}
{{- if $.Values.hub.token }}
- apiGroups:
- hub.traefik.io
resources:
- accesscontrolpolicies
- apiaccesses
- apiportals
- apiratelimits
- apis
- apiversions
verbs:
- list
- watch
- create
- update
- patch
- delete
- get
- apiGroups:
- ""
resources:
- namespaces
- pods
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- list
- get
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- update
- create
- delete
- deletecollection
- apiGroups:
- apps
resources:
- replicasets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
{{- end -}}
{{- end -}}
{{- end -}}

203
charts/traefik/traefik/values.yaml
View File

@ -1,4 +1,7 @@
# Default values for Traefik
# This is a YAML-formatted file.
# Declare variables to be passed into templates
image:
# -- Traefik image host registry
registry: docker.io
@ -12,9 +15,6 @@ image:
# -- Add additional label to all resources
commonLabels: {}
#
# Configure the deployment
#
deployment:
# -- Enable deployment
enabled: true
@ -74,10 +74,6 @@ deployment:
# - name: volume-permissions
# image: busybox:latest
# command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
# securityContext:
# runAsNonRoot: true
# runAsGroup: 65532
# runAsUser: 65532
# volumeMounts:
# - name: data
# mountPath: /data
@ -112,13 +108,11 @@ deployment:
# -- Set a runtimeClassName on pod
runtimeClassName:
# -- Pod disruption budget
# -- [Pod Disruption Budget](https://kubernetes.io/docs/reference/kubernetes-api/policy-resources/pod-disruption-budget-v1/)
podDisruptionBudget:
enabled: false
# maxUnavailable: 1
# maxUnavailable: 33%
# minAvailable: 0
# minAvailable: 25%
enabled:
maxUnavailable:
minAvailable:
# -- Create a default IngressClass for Traefik
ingressClass:
@ -155,7 +149,6 @@ experimental:
# annotations:
# cert-manager.io/issuer: letsencrypt
## Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
# -- Create an IngressRoute for the dashboard
@ -221,15 +214,7 @@ livenessProbe:
# -- The number of seconds to wait for a probe response before considering it as failed.
timeoutSeconds: 2
# -- Define Startup Probe for container: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
# eg.
# `startupProbe:
# exec:
# command:
# - mycommand
# - foo
# initialDelaySeconds: 5
# periodSeconds: 5`
# -- Define [Startup Probe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes)
startupProbe:
providers:
@ -276,18 +261,8 @@ providers:
# -- Allows Traefik to automatically watch for file changes
watch: true
# -- File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/)
content: ""
# http:
# routers:
# router0:
# entryPoints:
# - web
# middlewares:
# - my-basic-auth
# service: service-foo
# rule: Path(`/foo`)
content:
#
# -- Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
@ -311,26 +286,21 @@ additionalVolumeMounts: []
logs:
general:
# -- By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# -- Set [logs format](https://doc.traefik.io/traefik/observability/logs/#format)
# @default common
format:
# By default, the level is set to ERROR.
# -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: INFO
access:
# -- To enable access logs
enabled: false
## By default, logs are written using the Common Log Format (CLF) on stdout.
## To write logs in JSON, use json in the format option.
## If the given format is unsupported, the default (CLF) is used instead.
# format: json
# -- Set [access log format](https://doc.traefik.io/traefik/observability/access-logs/#format)
format:
# filePath: "/var/log/traefik/access.log
## To write the logs in an asynchronous fashion, specify a bufferingSize option.
## This option represents the number of log lines Traefik will keep in memory before writing
## them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
## Filtering
# -- https://docs.traefik.io/observability/access-logs/#filtering
# -- Set [bufferingSize](https://doc.traefik.io/traefik/observability/access-logs/#bufferingsize)
bufferingSize:
# -- Set [filtering](https://docs.traefik.io/observability/access-logs/#filtering)
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
@ -345,15 +315,11 @@ logs:
names: {}
## Examples:
# ClientUsername: drop
# -- [Limit logged fields or headers](https://doc.traefik.io/traefik/observability/access-logs/#limiting-the-fieldsincluding-headers)
headers:
# -- Available modes: keep, drop, redact.
defaultmode: drop
# -- Names of the headers to limit.
names: {}
## Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
metrics:
## -- Enable metrics for internal resources. Default: false
@ -567,16 +533,15 @@ globalArguments:
- "--global.checknewversion"
- "--global.sendanonymoususage"
#
# Configure Traefik static configuration
# -- Additional arguments to be passed at Traefik's binary
# All available options available on https://docs.traefik.io/reference/static-configuration/cli/
## Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
# See [CLI Reference](https://docs.traefik.io/reference/static-configuration/cli/)
# Use curly braces to pass values: `helm install --set="additionalArguments={--providers.kubernetesingress.ingressclass=traefik-internal,--log.level=DEBUG}"`
additionalArguments: []
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# -- Environment variables to be passed to Traefik's binary
# @default -- See _values.yaml_
env:
- name: POD_NAME
valueFrom:
@ -586,25 +551,9 @@ env:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# - name: SOME_VAR
# value: some-var-value
# - name: SOME_VAR_FROM_CONFIG_MAP
# valueFrom:
# configMapRef:
# name: configmap-name
# key: config-key
# - name: SOME_SECRET
# valueFrom:
# secretKeyRef:
# name: secret-name
# key: secret-key
# -- Environment variables to be passed to Traefik's binary from configMaps or secrets
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
ports:
traefik:
@ -766,28 +715,12 @@ ports:
# -- The port protocol (TCP/UDP)
protocol: TCP
# -- TLS Options are created as TLSOption CRDs
# https://doc.traefik.io/traefik/https/tls/#tls-options
# -- TLS Options are created as [TLSOption CRDs](https://doc.traefik.io/traefik/https/tls/#tls-options)
# When using `labelSelector`, you'll need to set labels on tlsOption accordingly.
# Example:
# tlsOptions:
# default:
# labels: {}
# sniStrict: true
# custom-options:
# labels: {}
# curvePreferences:
# - CurveP521
# - CurveP384
# See EXAMPLE.md for details.
tlsOptions: {}
# -- TLS Store are created as TLSStore CRDs. This is useful if you want to set a default certificate
# https://doc.traefik.io/traefik/https/tls/#default-certificate
# Example:
# tlsStore:
# default:
# defaultCertificate:
# secretName: tls-cert
# -- TLS Store are created as [TLSStore CRDs](https://doc.traefik.io/traefik/https/tls/#default-certificate). This is useful if you want to set a default certificate. See EXAMPLE.md for details.
tlsStore: {}
service:
@ -839,29 +772,8 @@ service:
autoscaling:
# -- Create HorizontalPodAutoscaler object.
# See EXAMPLES.md for more details.
enabled: false
# minReplicas: 1
# maxReplicas: 10
# metrics:
# - type: Resource
# resource:
# name: cpu
# target:
# type: Utilization
# averageUtilization: 60
# - type: Resource
# resource:
# name: memory
# target:
# type: Utilization
# averageUtilization: 60
# behavior:
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Pods
# value: 1
# periodSeconds: 60
persistence:
# -- Enable persistence using Persistent Volume Claims
@ -879,27 +791,10 @@ persistence:
# -- Only mount a subpath of the Volume into the pod
# subPath: ""
# -- Certificates resolvers configuration
# -- Certificates resolvers configuration.
# Ref: https://doc.traefik.io/traefik/https/acme/#certificate-resolvers
# See EXAMPLES.md for more details.
certResolvers: {}
# letsencrypt:
# # for challenge options cf. https://doc.traefik.io/traefik/https/acme/
# email: email@example.com
# dnsChallenge:
# # also add the provider's required configuration under env
# # or expand then from secrets/configmaps with envfrom
# # cf. https://doc.traefik.io/traefik/https/acme/#providers
# provider: digitalocean
# # add futher options for the dns challenge as needed
# # cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
# delayBeforeCheck: 30
# resolvers:
# - 1.1.1.1
# - 8.8.8.8
# tlsChallenge: true
# httpChallenge:
# entryPoint: "web"
# # It has to match the path with a persistent volume
# storage: /data/acme.json
# -- If hostNetwork is true, runs traefik in the host network namespace
# To prevent unschedulabel pods due to port collisions, if hostNetwork=true
@ -933,14 +828,8 @@ serviceAccount:
# -- Additional serviceAccount annotations (e.g. for oidc authentication)
serviceAccountAnnotations: {}
# -- The resources parameter defines CPU and memory requirements and limits for Traefik's containers.
# -- [Resources](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for `traefik` container.
resources: {}
# requests:
# cpu: "100m"
# memory: "50Mi"
# limits:
# cpu: "300m"
# memory: "150Mi"
# -- This example pod anti-affinity forces the scheduler to put traefik pods
# -- on nodes where no other traefik pods are scheduled.
@ -970,30 +859,22 @@ topologySpreadConstraints: []
# topologyKey: kubernetes.io/hostname
# whenUnsatisfiable: DoNotSchedule
# -- Pods can have priority.
# -- Priority indicates the importance of a Pod relative to other Pods.
# -- [Pod Priority and Preemption](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/)
priorityClassName: ""
# -- Set the container security context
# -- To run the container with ports below 1024 this will need to be adjusted to run as root
# -- [SecurityContext](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context-1)
# @default -- See _values.yaml_
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
# -- [Pod Security Context](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#security-context)
# @default -- See _values.yaml_
podSecurityContext:
# /!\ When setting fsGroup, Kubernetes will recursively change ownership and
# permissions for the contents of each volume to match the fsGroup. This can
# be an issue when storing sensitive content like TLS Certificates /!\
# fsGroup: 65532
# -- Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup.
fsGroupChangePolicy: "OnRootMismatch"
# -- The ID of the group for all containers in the pod to run as.
runAsGroup: 65532
# -- Specifies whether the containers should run as a non-root user.
runAsNonRoot: true
# -- The ID of the user for all containers in the pod to run as.
runAsUser: 65532
#
@ -1003,16 +884,16 @@ podSecurityContext:
# See #595 for more details and traefik/tests/values/extra.yaml for example.
extraObjects: []
# This will override the default Release Namespace for Helm.
# -- This field override the default Release Namespace for Helm.
# It will not affect optional CRDs such as `ServiceMonitor` and `PrometheusRules`
# namespaceOverride: traefik
#
## -- This will override the default app.kubernetes.io/instance label for all Objects.
# instanceLabelOverride: traefik
namespaceOverride:
# -- Traefik Hub configuration. See https://doc.traefik.io/traefik-hub/
## -- This field override the default app.kubernetes.io/instance label for all Objects.
instanceLabelOverride:
# Traefik Hub configuration. See https://doc.traefik.io/traefik-hub/
hub:
# Name of Secret with key 'token' set to a valid license token.
# -- Name of `Secret` with key 'token' set to a valid license token.
# It enables API Gateway.
token:
apimanagement:

228
index.yaml
View File

@ -13330,6 +13330,29 @@ entries:
- assets/weka/csi-wekafsplugin-0.6.400.tgz
version: 0.6.400
dxemssql:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG
catalog.cattle.io/kube-version: '>= 1.20.0-0'
catalog.cattle.io/release-name: dxemssql
charts.openshift.io/name: DxEnterprise for Microsoft SQL AG
apiVersion: v2
appVersion: "23.0"
created: "2024-06-01T00:58:21.691766865Z"
description: Helm chart for DH2i's DxEnterprise clustering solution with SQL Server
availability groups
digest: 30550a1c6803eb6bbbc5b7f5796af8ee652a671bd325fe6e724899ff1845deb8
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
kubeVersion: '>= 1.20.0-0'
maintainers:
- email: support@dh2i.com
name: DH2i Company
url: https://dh2i.com
name: dxemssql
type: application
urls:
- assets/dh2i/dxemssql-1.0.6.tgz
version: 1.0.6
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxEnterprise for Microsoft SQL AG
@ -13446,6 +13469,28 @@ entries:
- assets/dh2i/dxemssql-1.0.1.tgz
version: 1.0.1
dxenterprisesqlag:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxOperator - DxE + SQL Server AG
catalog.cattle.io/kube-version: '>= 1.26.0-0'
catalog.cattle.io/release-name: dxenterprisesqlag
charts.openshift.io/name: DxOperator - DxE + SQL Server AG
apiVersion: v2
appVersion: "23.0"
created: "2024-06-01T00:58:21.692560248Z"
description: SQL Server AGs using DH2i DxOperator
digest: e0370474c5b4076ba19b9d21763ed5545b7553be4bc163c2333f60a25d396daa
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
kubeVersion: '>= 1.26.0-0'
maintainers:
- email: support@dh2i.com
name: DH2i Company
url: https://dh2i.com
name: dxenterprisesqlag
type: application
urls:
- assets/dh2i/dxenterprisesqlag-1.0.2.tgz
version: 1.0.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxOperator - DxE + SQL Server AG
@ -13469,6 +13514,28 @@ entries:
- assets/dh2i/dxenterprisesqlag-1.0.1.tgz
version: 1.0.1
dxoperator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxOperator
catalog.cattle.io/kube-version: '>= 1.26.0-0'
catalog.cattle.io/release-name: dxoperator
charts.openshift.io/name: DxOperator
apiVersion: v2
appVersion: 1.0.67.0
created: "2024-06-01T00:58:21.693613874Z"
description: DH2i operator for Kubernetes
digest: 4bb8c1d637f9e7b00fa96daddeacc0ce8df6214abfdc379deff308674fe21cb0
icon: https://raw.githubusercontent.com/dh2i/helm/main/assets/DH2i_Logo_Icon.png
kubeVersion: '>= 1.26.0-0'
maintainers:
- email: support@dh2i.com
name: DH2i Company
url: https://dh2i.com
name: dxoperator
type: application
urls:
- assets/dh2i/dxoperator-1.0.2.tgz
version: 1.0.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: DxOperator
@ -26690,6 +26757,34 @@ entries:
- assets/trilio/k8s-triliovault-operator-v2.0.200.tgz
version: v2.0.200
k10:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: K10
catalog.cattle.io/kube-version: '>= 1.17.0-0'
catalog.cattle.io/release-name: k10
apiVersion: v2
appVersion: 7.0.0
created: "2024-06-01T00:58:24.07274013Z"
dependencies:
- condition: grafana.enabled
name: grafana
repository: file://./charts/grafana
version: 7.3.2
- condition: prometheus.server.enabled
name: prometheus
repository: file://./charts/prometheus
version: 25.18.0
description: Kastens K10 Data Management Platform
digest: a49e4e7b8eb31c2755244ee1033980fe5354f226d40caddfd575fb7ef9b86ce7
home: https://kasten.io/
icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png
maintainers:
- email: contact@kasten.io
name: kastenIO
name: k10
urls:
- assets/kasten/k10-7.0.1.tgz
version: 7.0.1
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: K10
@ -31467,17 +31562,49 @@ entries:
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: linkerd-control-plane
apiVersion: v2
appVersion: edge-24.5.4
created: "2024-05-24T00:54:44.438401576Z"
appVersion: edge-24.5.5
created: "2024-06-01T00:58:33.125548498Z"
dependencies:
- name: partials
repository: file://./charts/partials
version: 0.1.0
description: 'Linkerd gives you observability, reliability, and security for your
microservices — with no code change required. '
digest: e1a189d3d116d340861cc32c37d694a5c9eadafd2cd541e2cc0b400cea05638e
digest: a46935897d5e1abc1af3d24d9775d27d6bd26d7adfecd3ff3a0d7da45eeca5b8
home: https://linkerd.io
icon: file://assets/icons/linkerd-control-plane.png
icon: https://linkerd.io/images/logo-only-200h.png
keywords:
- service-mesh
kubeVersion: '>=1.22.0-0'
maintainers:
- email: cncf-linkerd-dev@lists.cncf.io
name: Linkerd authors
url: https://linkerd.io/
name: linkerd-control-plane
sources:
- https://github.com/linkerd/linkerd2/
type: application
urls:
- assets/linkerd/linkerd-control-plane-2024.5.5.tgz
version: 2024.5.5
- annotations:
catalog.cattle.io/auto-install: linkerd-crds
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Linkerd Control Plane
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: linkerd-control-plane
apiVersion: v2
appVersion: edge-24.5.4
created: "2024-06-01T00:58:24.854642237Z"
dependencies:
- name: partials
repository: file://./charts/partials
version: 0.1.0
description: 'Linkerd gives you observability, reliability, and security for your
microservices — with no code change required. '
digest: 166e27da10c14a8959f3c9a53271e1305c186d40bcc0f344f78f5595df37b7e6
home: https://linkerd.io
icon: https://linkerd.io/images/logo-only-200h.png
keywords:
- service-mesh
kubeVersion: '>=1.22.0-0'
@ -32186,6 +32313,36 @@ entries:
- assets/linkerd/linkerd-control-plane-1.12.5.tgz
version: 1.12.5
linkerd-crds:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Linkerd CRDs
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: linkerd-crds
apiVersion: v2
created: "2024-06-01T00:58:33.166902996Z"
dependencies:
- name: partials
repository: file://./charts/partials
version: 0.1.0
description: 'Linkerd gives you observability, reliability, and security for your
microservices — with no code change required. '
digest: f9654f224f8ba7319bd7b260e103de6fd819a357fe9542b5a4a00de30e0f210b
home: https://linkerd.io
icon: https://linkerd.io/images/logo-only-200h.png
keywords:
- service-mesh
kubeVersion: '>=1.22.0-0'
maintainers:
- email: cncf-linkerd-dev@lists.cncf.io
name: Linkerd authors
url: https://linkerd.io/
name: linkerd-crds
sources:
- https://github.com/linkerd/linkerd2/
type: application
urls:
- assets/linkerd/linkerd-crds-2024.5.5.tgz
version: 2024.5.5
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Linkerd CRDs
@ -35081,6 +35238,32 @@ entries:
- assets/nats/nats-0.10.0.tgz
version: 0.10.0
nginx-ingress:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: NGINX Ingress Controller
catalog.cattle.io/kube-version: '>= 1.23.0-0'
catalog.cattle.io/release-name: nginx-ingress
apiVersion: v2
appVersion: 3.5.2
created: "2024-06-01T00:58:21.846303816Z"
description: NGINX Ingress Controller
digest: 6716e2355dc8fa9f11a11a43b512deb76a24d9cd98950ee1119ccd3dc219619f
home: https://github.com/nginxinc/kubernetes-ingress
icon: https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v3.5.2/charts/nginx-ingress/chart-icon.png
keywords:
- ingress
- nginx
kubeVersion: '>= 1.23.0-0'
maintainers:
- email: kubernetes@nginx.com
name: nginxinc
name: nginx-ingress
sources:
- https://github.com/nginxinc/kubernetes-ingress/tree/v3.5.2/charts/nginx-ingress
type: application
urls:
- assets/f5/nginx-ingress-1.2.2.tgz
version: 1.2.2
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: NGINX Ingress Controller
@ -52605,6 +52788,43 @@ entries:
- assets/intel/tcs-issuer-0.1.0.tgz
version: 0.1.0
traefik:
- annotations:
artifacthub.io/changes: "- \"fix(IngressClass): provides annotation on IngressRoutes
when it's enabled\"\n- \"feat: ✨ simplify values and provide more examples\"\n-
\"feat: add deletecollection right on secrets\"\n- \"chore(release): \U0001F680
publish v28.2.0\"\n- \"chore(deps): update traefik docker tag to v3.0.1\"\n"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Traefik Proxy
catalog.cattle.io/kube-version: '>=1.22.0-0'
catalog.cattle.io/release-name: traefik
apiVersion: v2
appVersion: v3.0.1
created: "2024-06-01T00:58:35.248532017Z"
description: A Traefik based Kubernetes ingress controller
digest: adaf0ea047da678d8b8bc77bea3319d709d4fce6887974b90485e8f17c0838e9
home: https://traefik.io/
icon: https://raw.githubusercontent.com/traefik/traefik/v2.3/docs/content/assets/img/traefik.logo.png
keywords:
- traefik
- ingress
- networking
kubeVersion: '>=1.22.0-0'
maintainers:
- email: michel.loiseleur@traefik.io
name: mloiseleur
- email: charlie.haley@traefik.io
name: charlie-haley
- email: remi.buisson@traefik.io
name: darkweaver87
- name: jnoordsij
name: traefik
sources:
- https://github.com/traefik/traefik
- https://github.com/traefik/traefik-helm-chart
type: application
urls:
- assets/traefik/traefik-28.2.0.tgz
version: 28.2.0
- annotations:
artifacthub.io/changes: "- \"fix(Traefik Hub): do not deploy mutating webhook
when enabling only API Gateway\"\n- \"feat(Traefik Hub): use Traefik Proxy