From 20749015827dd851f32e435cde6edf800a0f86c2 Mon Sep 17 00:00:00 2001 From: Samuel Attwood Date: Thu, 13 Jan 2022 03:04:48 -0500 Subject: [PATCH] Adding charts --- .../2.6.600/.helmignore | 23 + .../2.6.600/Chart.yaml | 18 + .../k8s-triliovault-operator/2.6.600/LICENSE | 1 + .../2.6.600/README.md | 124 ++ .../2.6.600/app-readme.md | 37 + ...iovault.trilio.io_triliovaultmanagers.yaml | 1183 +++++++++++++++++ .../2.6.600/templates/NOTES.txt | 66 + .../2.6.600/templates/TVMCustomResource.yaml | 41 + .../2.6.600/templates/_helpers.tpl | 66 + .../2.6.600/templates/clusterrole.yaml | 125 ++ .../templates/clusterrole_binding.yaml | 17 + .../2.6.600/templates/deployment.yaml | 202 +++ .../2.6.600/templates/mutating-webhook.yaml | 31 + .../templates/ns-validating-webhook.yaml | 37 + .../2.6.600/templates/proxyConfig.yaml | 21 + .../2.6.600/templates/secret.yaml | 11 + .../2.6.600/templates/serviceAccount.yaml | 10 + .../2.6.600/templates/validating-webhook.yaml | 31 + .../2.6.600/templates/webhook-service.yaml | 19 + .../2.6.600/values.yaml | 76 ++ 20 files changed, 2139 insertions(+) create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/.helmignore create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/Chart.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/LICENSE create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/README.md create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/app-readme.md create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/crds/triliovault.trilio.io_triliovaultmanagers.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/NOTES.txt create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/TVMCustomResource.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/_helpers.tpl create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole_binding.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/deployment.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/mutating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/ns-validating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/proxyConfig.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/secret.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/serviceAccount.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/validating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/webhook-service.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/values.yaml diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/.helmignore b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/.helmignore new file mode 100644 index 000000000..be86b789d --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Helm files +OWNERS diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/Chart.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/Chart.yaml new file mode 100644 index 000000000..4591e6e99 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator + catalog.cattle.io/release-name: k8s-triliovault-operator +apiVersion: v1 +appVersion: 2.6.6 +description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. +home: https://github.com/trilioData/k8s-triliovault-operator +icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png +kubeVersion: '>=1.18.0-0' +maintainers: +- email: prafull.ladha@trilio.io + name: prafull11 +name: k8s-triliovault-operator +sources: +- https://github.com/trilioData/k8s-triliovault-operator +version: 2.6.600 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/LICENSE b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/LICENSE new file mode 100644 index 000000000..76b559d3b --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/LICENSE @@ -0,0 +1 @@ +# Placeholder for the License if we decide to provide one diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/README.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/README.md new file mode 100644 index 000000000..469bfff1a --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/README.md @@ -0,0 +1,124 @@ +# K8s-TrilioVault-Operator +This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. + +## Introduction + +## Prerequisites + +- Kubernetes 1.18+ +- Alpha feature gates should be enabled +- PV provisioner support +- CSI driver should be installed + +## Installation + +To install the operator on local setup just run the latest helm charts inside this repo + +```shell script +helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator +helm install tvm trilio-vault-operator/k8s-triliovault-operator +``` + +Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows: + +``` +apiVersion: triliovault.trilio.io/v1 +kind: TrilioVaultManager +metadata: + labels: + triliovault: k8s + name: tvk +spec: + trilioVaultAppVersion: latest + applicationScope: Cluster + # User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section + ingressConfig: + host: "trilio.co.in" + tlsSecretName: "secret-name" + # TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook. + # User can configure resources for all componentes and can configure service type and host for the ingress-controller + componentConfiguration: + web-backend: + resources: + requests: + memory: "400Mi" + cpu: "200m" + limits: + memory: "2584Mi" + cpu: "1000m" + ingress-controller: + enabled: true + service: + type: LoadBalancer +``` + +### Apply the Custom Resource + +Apply `TVM.yaml`: + +```shell +kubectl create -f TVM.yaml +``` + +Check that the pods were created: + +``` +kubectl get pods +``` + +``` +NAME READY STATUS RESTARTS AGE +k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc 1/1 Running 0 81s +k8s-triliovault-backend-6f66b6b8d5-gxtmz 1/1 Running 0 81s +k8s-triliovault-control-plane-6c464c5d78-ftk6g 1/1 Running 0 81s +k8s-triliovault-exporter-59566f97dd-gs4xc 1/1 Running 0 81s +k8s-triliovault-ingress-controller-84cf46848-tkcdz 1/1 Running 0 18s +k8s-triliovault-web-967c8475-m7pc6 1/1 Running 0 81s +tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb 1/1 Running 0 6m48s +``` + +Check that ingress controller service is of type LoadBalancer: +``` +k8s-triliovault-admission-webhook ClusterIP 10.255.241.108 443/TCP 2m7s +k8s-triliovault-ingress-gateway LoadBalancer 10.255.254.153 34.75.176.146 80:30737/TCP,443:30769/TCP 2m7s +k8s-triliovault-web ClusterIP 10.255.245.52 80/TCP 2m7s +k8s-triliovault-web-backend ClusterIP 10.255.250.166 80/TCP 2m7s +kubernetes ClusterIP 10.255.240.1 443/TCP 6m9s +tvm-k8s-triliovault-operator-webhook-service ClusterIP 10.255.249.77 443/TCP 3m22s +``` + +Check that ingress resources has the host defined by the user: +``` +NAME CLASS HOSTS ADDRESS PORTS AGE +k8s-triliovault-ingress-master nginx trilio.co.in 80 98s +k8s-triliovault-ingress-minion nginx trilio.co.in 80 98s + +``` + +## Delete + +```shell +kubectl delete -f TVM.yaml +``` + +## Uninstall + +To uninstall/delete the operator helm chart : + +```bash +helm uninstall tvm +``` + +## TrilioVaultManager compatibility + +The following table captures the compatibility matrix of the TrilioVault Manager against TVK: + +| TVM Version | TVK 2.5.2 | TVK 2.5.1 | TVK 2.5.0 | TVK 2.1.0 | TVK 2.0.5 | TVK 2.0.4 | TVK 2.0.3 | TVK 2.0.2 | TVK 2.0.1 | +|-------------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------| +| 2.5.2 | yes | yes | yes | yes | yes | yes | yes | yes | yes | +| 2.5.0 | no | yes | yes | yes | yes | yes | yes | yes | yes | +| v2.1.0 | no | no | no | yes | yes | yes | yes | yes | yes | +| v2.0.5 | no | no | no | yes | yes | yes | yes | yes | yes | +| v2.0.2 | no | no | no | yes | yes | yes | yes | yes | yes | +| v2.0.1 | no | no | no | yes | yes | yes | yes | yes | yes | +| v2.0.0 | no | no | no | yes | yes | yes | yes | yes | yes | diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/app-readme.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/app-readme.md new file mode 100644 index 000000000..65a2b3495 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/app-readme.md @@ -0,0 +1,37 @@ +# TrilioVault for Kubernetes + +[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage +the K8s-TrilioVault Application Lifecycle. + +This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. + +Introduction: + +Prerequisites: + +Kubernetes 1.17+ +Alpha feature gates should be enabled +PV provisioner support +CSI driver should be installed + +Installation: + +To install the chart with the operator name trilio: + +helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator + +# For helm version 3 + +helm install triliovault-operator triliovault-operator/k8s-triliovault-operator + +The command deploys the Triliovault for Kubernetes Operator with the default configuration. + +Uninstall: + +To uninstall/delete the chart trilio : + +# For helm version 3 +helm uninstall k8s-triliovault-operator + +For more information around TVM manager installation, please follow below link: +https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/crds/triliovault.trilio.io_triliovaultmanagers.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/crds/triliovault.trilio.io_triliovaultmanagers.yaml new file mode 100644 index 000000000..22e62d8ef --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/crds/triliovault.trilio.io_triliovaultmanagers.yaml @@ -0,0 +1,1183 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: triliovaultmanagers.triliovault.trilio.io +spec: + group: triliovault.trilio.io + names: + kind: TrilioVaultManager + listKind: TrilioVaultManagerList + plural: triliovaultmanagers + shortNames: + - tvm + singular: triliovaultmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.trilioVaultAppVersion + name: TrilioVault-Version + type: string + - jsonPath: .spec.applicationScope + name: Scope + type: string + - jsonPath: .status.conditions.type + name: Status + type: string + - jsonPath: .spec.restoreNamespaces + name: Restore-Namespaces + type: string + name: v1 + schema: + openAPIV3Schema: + description: TrilioVaultManager is the Schema for the triliovaultmanagers + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager + properties: + affinity: + description: The scheduling constraints on application pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + applicationScope: + description: Scope for the application which will be installed in + the cluster NamespaceScope or ClusterScope + enum: + - Cluster + - Namespaced + type: string + componentConfiguration: + description: ComponentConfiguration holds all the field related to + components. + properties: + admission-webhook: + description: AdmissionWebhook holds all configuration keys related + to admission-webhook + type: object + x-kubernetes-preserve-unknown-fields: true + control-plane: + description: ControlPlane holds all configuration keys related + to control-plane + type: object + x-kubernetes-preserve-unknown-fields: true + exporter: + description: Exporter holds all configuration keys related to + exporter + type: object + x-kubernetes-preserve-unknown-fields: true + ingress-controller: + description: IngressController holds all configuration keys related + to ingress-controller + type: object + x-kubernetes-preserve-unknown-fields: true + web: + description: Web holds all configuration keys related to web + type: object + x-kubernetes-preserve-unknown-fields: true + web-backend: + description: WebBackend holds all configuration keys related to + web-backend + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + dataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Deprecated: DataJobLimits are the resource limits for + all the data processing jobs.' + type: object + dataJobResources: + description: DataJobResources is the resource limits & requests for + all the data processing jobs. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + deploymentLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DeploymentLimits are the resource limits for all the + deployments. + type: object + helmValues: + description: HelmValues holds all the additional fields in the values.yaml + of TVK helm chart. + type: object + x-kubernetes-preserve-unknown-fields: true + helmVersion: + description: 'Deprecated: Helm Version' + properties: + tillerNamespace: + type: string + version: + enum: + - v3 + type: string + required: + - version + type: object + ingressConfig: + description: IngressConfig holds field related to ingress + properties: + annotations: + additionalProperties: + type: string + type: object + host: + type: string + ingressClass: + type: string + tlsSecretName: + type: string + type: object + metadataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Deprecated: MetadataJobLimits are the resource limits + for all the meta processing jobs.' + type: object + metadataJobResources: + description: MetadataJobResources is the resource limits & requests + for all the meta processing jobs. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector specifies a map of key-value pairs. For + the pod to be eligible to run on a node, the node must have each + of the indicated key-value pairs as labels. + type: object + resources: + description: 'Deprecated: Resources are the resource requirements + for the containers.' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restoreNamespaces: + description: 'Deprecated: RestoreNamespaces are the namespace where + you want to restore your applications. Restore Namespaces depends + on your k8s RBAC' + items: + type: string + type: array + tolerations: + description: The toleration of application against the specific taints + on the nodes + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + trilioVaultAppVersion: + description: Helm Chart version + type: string + required: + - applicationScope + type: object + status: + description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager + properties: + conditions: + properties: + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + minLength: 0 + type: string + reason: + enum: + - InstallSuccessful + - UpdateSuccessful + - UninstallSuccessful + - InstallError + - UpdateError + - ReconcileError + - UninstallError + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + enum: + - Initialized + - Deployed + - Updated + - ReleaseFailed + - Irreconcilable + type: string + type: object + deployedRelease: + properties: + manifest: + type: string + name: + type: string + type: object + releaseVersion: + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/NOTES.txt b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/NOTES.txt new file mode 100644 index 000000000..10fe86aa0 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/NOTES.txt @@ -0,0 +1,66 @@ +TrilioVault Operator is a helm based operator which install/upgrade/delete the helm Chart of the TrilioVault For Kubernetes. +This operator watches over the entire helm application of TrilioVault for Kubernetes and has self-healing capabilities. + +To verify that TrilioVault Operator has started, run: + + kubectl --namespace={{ .Release.Namespace }} wait --for=condition=ready pod -l "release={{ .Release.Name }}" + +{{ if .Values.installTVK.enabled }} +In one click install, a cluster scope TVM custom resource {{ .Release.Name }}-tvk is created, you can check its +configuration by running following command: + +kubectl get triliovaultmanagers.triliovault.trilio.io {{ .Release.Name }}-tvk -o yaml + +{{- else }} + +Once the Triliovault operator is in running state, you can create the TrilioVault for Kubernetes(TVK) with the +following custom resource: + + apiVersion: triliovault.trilio.io/v1 + kind: TrilioVaultManager + metadata: + labels: + app: triliovault + name: {{ .Release.Name }}-tvk + namespace: {{ .Release.Namespace }} + spec: + trilioVaultAppVersion: latest + applicationScope: Cluster + ingressConfig: + host: "tvk.trilio.net" + componentConfiguration: + ingress-controller: + enabled: true + service: + type: LoadBalancer + +Once the above CR has been created, you have to wait for the TVK pods to come up. +{{- end }} + +To check all the TVK pods come into running state, run: + + kubectl --namespace {{ .Release.Namespace }} wait --for=condition=ready pod -l "release={{ .Release.Name }}-tvk-{{ .Release.Namespace }}" + +Once all the pods are in running state, you can access the TVK UI from your browser using following steps: + +{{- if .Values.installTVK.enabled }} +{{- if eq .Values.installTVK.ComponentConfiguration.ingressController.service.type "LoadBalancer" }} + 1. Add the /etc/hosts entry: ` {{ .Release.Namespace}}.k8s-tvk.com` + 2. Hit the URL in browser: https://{{ .Release.Namespace}}.k8s-tvk.com +{{- else }} + 1. Add the /etc/hosts entry: ` {{ .Release.Namespace}}.k8s-tvk.com` + 2. Find the NodePort from the service `k8s-triliovault-ingress-gateway` + 3. Hit the URL in browser with NodePort: http://{{ .Release.Namespace}}.k8s-tvk.com:/ +{{- end }} +{{- else }} + 1. Add the /etc/hosts entry: ` tvk.trilio.net` + 2. Hit the URL in browser: https://tvk.trilio.net + +Note: The host `tvk.trilio.net` is used from the `ingressConfig.host` defined in the TVM CR by the user. + +{{- end }} + +For more details on how to access the TVK UI, follow this guide: https://docs.trilio.io/kubernetes/management-console/user-interface/accessing-the-ui + +You can start backup and restore of your application using TVK. For more details on how to do that, please follow our +getting started guide: https://docs.trilio.io/kubernetes/getting-started/getting-started-1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/TVMCustomResource.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/TVMCustomResource.yaml new file mode 100644 index 000000000..7b7553581 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/TVMCustomResource.yaml @@ -0,0 +1,41 @@ +{{- if .Values.installTVK.enabled }} +{{- if not (lookup "triliovault.trilio.io/v1" "TrilioVaultManager" "" "").items }} + {{template "k8s-triliovault-operator.tlsSecretValidation" .}} +apiVersion: triliovault.trilio.io/v1 +kind: TrilioVaultManager +metadata: + name: "triliovault-manager" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install +spec: + {{- if eq .Chart.Version "0.1.0" }} + trilioVaultAppVersion: latest + {{- else}} + trilioVaultAppVersion: {{ .Chart.AppVersion }} + {{- end }} + applicationScope: {{ .Values.installTVK.applicationScope }} + # User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section + ingressConfig: + {{- if and (gt (len .Values.installTVK.ingressConfig.annotations) 0) (not .Values.installTVK.ComponentConfiguration.ingressController.enabled) }} + annotations: + {{- range $key, $value := .Values.installTVK.ingressConfig.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end -}} + {{- end }} + host: {{ .Values.installTVK.ingressConfig.host | default (printf "%s.k8s-tvk.com" $.Release.Namespace) | quote }} + {{- if not .Values.installTVK.ComponentConfiguration.ingressController.enabled }} + ingressClass: {{ .Values.installTVK.ingressConfig.ingressClass | quote }} + {{- end }} + {{- if .Values.installTVK.ingressConfig.tlsSecretName }} + tlsSecretName: {{ .Values.installTVK.ingressConfig.tlsSecretName | quote }} + {{- end }} + # TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook. + # User can configure resources for all componentes and can configure service type and host for the ingress-controller + componentConfiguration: + ingress-controller: + enabled: {{ .Values.installTVK.ComponentConfiguration.ingressController.enabled }} + service: + type: {{ .Values.installTVK.ComponentConfiguration.ingressController.service.type }} +{{- end -}} +{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/_helpers.tpl b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/_helpers.tpl new file mode 100644 index 000000000..46d123feb --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-triliovault-operator.name" -}} +{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "k8s-triliovault-operator.appName" -}} +{{- printf "%s" .Chart.Name -}} +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "k8s-triliovault-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper TrilioVault Operator image name +*/}} +{{- define "k8s-triliovault-operator.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Validation of the secret of CA bundle if provided +*/}} +{{- define "k8s-triliovault-operator.caBundleValidation" -}} +{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} +{{- if not (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP) }} + {{ fail "Proxy CA bundle proxy is not present in the release namespace" }} +{{- else }} + {{- $caMap := (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP).data }} + {{- if not (get $caMap "ca-bundle.crt") }} + {{ fail "Proxy CA certificate file key should be ca-bundle.crt" }} + {{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Validation for the ingress tlsSecret, should exists if provided +*/}} + +{{- define "k8s-triliovault-operator.tlsSecretValidation" }} +{{- if .Values.installTVK.ingressConfig.tlsSecretName -}} +{{- if not (lookup "v1" "Secret" .Release.Namespace .Values.installTVK.ingressConfig.tlsSecretName ) -}} + {{ fail "Ingress tls secret is not present in the release namespace" }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole.yaml new file mode 100644 index 000000000..b3eed777d --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole.yaml @@ -0,0 +1,125 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + - services/finalizers + - secrets + - events + - pods + - endpoints + - configmaps + verbs: + - create + - update + - delete + - patch + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - update + - delete + - patch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - update + - delete + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - create + - update + - delete + - patch + - bind + - escalate + - apiGroups: + - triliovault.trilio.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - update + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - delete + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - update + - patch + - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + verbs: + - create + - patch + - update + - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - delete diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole_binding.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole_binding.yaml new file mode 100644 index 000000000..49d5655f6 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/clusterrole_binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-manager-rolebinding + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role +subjects: +- kind: ServiceAccount + name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account + namespace: {{ .Release.Namespace }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/deployment.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/deployment.yaml new file mode 100644 index 000000000..580f5774e --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/deployment.yaml @@ -0,0 +1,202 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + selector: + matchLabels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + spec: + hostNetwork: {{ .Values.podSpec.hostNetwork }} + hostIPC: {{ .Values.podSpec.hostIPC }} + hostPID: {{ .Values.podSpec.hostPID }} + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.podSpec.securityContext | nindent 8 }} + {{- end }} + containers: + - name: k8s-triliovault-operator + image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.proxySettings.PROXY_ENABLED }} + envFrom: + - secretRef: + name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- end }} + env: + {{- if .Values.proxySettings.PROXY_ENABLED }} + - name: PROXY_SETTINGS_SECRET + value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: PROXY_CA_CONFIGMAP + value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + {{- end }} + {{- end }} + {{- if .Values.tvkEnv }} + - name: TVK_ENV + value: {{ .Values.tvkEnv }} + {{- end}} + {{- if .Values.tvkHelmRepo }} + - name: TVK_HELM_REPO + value: {{ .Values.tvkHelmRepo }} + {{- end }} + - name: INSTALL_NAMESPACE + value: {{ .Release.Namespace }} + - name: REGISTRY + value: {{ .Values.registry }} + - name: ADMISSION_MUTATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + - name: ADMISSION_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + - name: NAMESPACE_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + livenessProbe: + httpGet: + path: /healthz + port: 8081 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: proxy-ca-cert + mountPath: /proxy-certs + readOnly: true + {{- end }} + {{- if .Values.tls.enable }} + - name: helm-tls-certs + mountPath: /root/.helm + readOnly: true + {{- if .Values.tls.verify }} + - name: helm-tls-ca + mountPath: /root/.helm/ca.crt + readOnly: true + {{- end }} + {{- end }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: webhook-certs + readOnly: true + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 10Mi + initContainers: + - name: webhook-init + image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.proxySettings.PROXY_ENABLED }} + envFrom: + - secretRef: + name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- end }} + env: + {{- if .Values.proxySettings.PROXY_ENABLED }} + - name: PROXY_SETTINGS_SECRET + value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: PROXY_CA_CONFIGMAP + value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + {{- end }} + {{- end }} + - name: TVK_ENV + value: {{ .Values.tvkEnv }} + - name: TVK_HELM_REPO + value: {{ .Values.tvkHelmRepo }} + - name: RELEASE_VERSION + value: {{ .Chart.AppVersion }} + - name: ADMISSION_MUTATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + - name: ADMISSION_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + - name: NAMESPACE_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + - name: WEBHOOK_SERVICE + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + - name: WEBHOOK_NAMESPACE + value: {{ .Release.Namespace }} + - name: SECRET_NAME + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + volumeMounts: + - name: proxy-ca-cert + mountPath: /proxy-certs + readOnly: true + {{- end }} + serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account + {{- if .Values.nodeSelector }} + nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: proxy-ca-cert + configMap: + name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + {{- end }} + {{- if .Values.tls.enable }} + - name: helm-tls-certs + secret: + secretName: {{ .Values.tls.secretName }} + defaultMode: 0400 + {{- if .Values.tls.verify }} + - name: helm-tls-ca + configMap: + name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config + defaultMode: 0600 + {{- end }} + {{- end }} + - name: webhook-certs + secret: + defaultMode: 420 + secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/mutating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/mutating-webhook.yaml new file mode 100644 index 000000000..692feec4e --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/mutating-webhook.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-mutating-webhook-configuration + app.kubernetes.io/managed-by: {{ .Release.Service }} +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-mutation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers + sideEffects: None + admissionReviewVersions: + - v1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/ns-validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/ns-validating-webhook.yaml new file mode 100644 index 000000000..f0e0618e2 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/ns-validating-webhook.yaml @@ -0,0 +1,37 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-ns-validating-webhook-configuration + app.kubernetes.io/managed-by: {{ .Release.Service }} +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-core-v1-namespace + failurePolicy: Fail + name: v1-tvm-ns-validation.trilio.io + namespaceSelector: + matchExpressions: + - key: trilio-operator-label + operator: In + values: + - {{ .Release.Namespace }} + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - DELETE + resources: + - namespaces + scope: '*' + sideEffects: None + admissionReviewVersions: + - v1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/proxyConfig.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/proxyConfig.yaml new file mode 100644 index 000000000..99725af36 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/proxyConfig.yaml @@ -0,0 +1,21 @@ +{{- if .Values.proxySettings.PROXY_ENABLED }} + {{ template "k8s-triliovault-operator.caBundleValidation" . }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-proxy + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + {{- range $key, $val := .Values.proxySettings }} + {{ $val = $val| toString | b64enc }} + {{- if $val -}} + {{ $key }}: {{ $val }} + {{- end -}} + {{- end }} +type: Opaque +{{- end }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/secret.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/secret.yaml new file mode 100644 index 000000000..782140c5a --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-certs + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/serviceAccount.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/serviceAccount.yaml new file mode 100644 index 000000000..4c51e5fa4 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/serviceAccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-service-account + app.kubernetes.io/managed-by: {{ .Release.Service }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/validating-webhook.yaml new file mode 100644 index 000000000..c66b6a429 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/validating-webhook.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration + app.kubernetes.io/managed-by: {{ .Release.Service }} +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-validation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers + sideEffects: None + admissionReviewVersions: + - v1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/webhook-service.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/webhook-service.yaml new file mode 100644 index 000000000..bed6993c7 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/templates/webhook-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-service + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/values.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/values.yaml new file mode 100644 index 000000000..0e6130004 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.600/values.yaml @@ -0,0 +1,76 @@ +## TrilioVault Operator +registry: "eu.gcr.io/amazing-chalice-243510" + +operator-webhook-init: + repository: operator-webhook-init + +k8s-triliovault-operator: + repository: k8s-triliovault-operator + +tag: "2.6.6" + +tvkHelmRepo: "" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + +image: + pullPolicy: Always +tls: + secretName: "helm-client-certs" + verify: false + enable: false + keyFile: "tls.key" + certFile: "tls.crt" + caContent: "" + hostname: "" + +nameOverride: "" + +replicaCount: 1 + +proxySettings: + PROXY_ENABLED: false + NO_PROXY: "" + HTTP_PROXY: "" + HTTPS_PROXY: "" + CA_BUNDLE_CONFIGMAP: "" + +podSpec: + hostIPC: false + hostNetwork: false + hostPID: false + securityContext: + runAsNonRoot: true + runAsUser: 1001 + +securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + +installTVK: + enabled: true + applicationScope: Cluster + ingressConfig: + host: "" + tlsSecretName: "" + annotations: {} + ingressClass: "" + ComponentConfiguration: + ingressController: + enabled: true + service: + type: LoadBalancer