andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

codefresh/cf-runtime:
    - 6.4.10
  f5/nginx-ingress:
    - 1.4.1
  new-relic/nri-bundle:
    - 5.0.100
  speedscale/speedscale-operator:
    - 2.2.650
pull/1089/head
github-actions[bot] 2024-11-07 00:38:29 +00:00
parent 16a544be8a
commit 23ebe8589b
747 changed files with 66938 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/codefresh/cf-runtime-6.4.10.tgz Normal file
View File

Binary file not shown.

BIN
assets/f5/nginx-ingress-1.4.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/new-relic/nri-bundle-5.0.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.2.650.tgz Normal file
View File

Binary file not shown.

3
charts/codefresh/cf-runtime/6.4.10/.helmignore Normal file
View File

@ -0,0 +1,3 @@
tests/
.ci/
test-values/

30
charts/codefresh/cf-runtime/6.4.10/Chart.yaml Normal file
View File

@ -0,0 +1,30 @@
annotations:
artifacthub.io/changes: |
- kind: fixed
description: "fix of variable replacement in arguments of typed steps (Engine 1.174.14)"
- kind: fixed
description: "fix of debugger timeout (Engine 1.174.15)"
artifacthub.io/containsSecurityUpdates: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: ""
apiVersion: v2
dependencies:
- name: cf-common
repository: oci://quay.io/codefresh/charts
version: 0.21.0
description: A Helm chart for Codefresh Runner
home: https://codefresh.io/
icon: file://assets/icons/cf-runtime.png
keywords:
- codefresh
- runner
kubeVersion: '>=1.18-0'
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
sources:
- https://github.com/codefresh-io/venona
version: 6.4.10

1230
charts/codefresh/cf-runtime/6.4.10/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

1007
charts/codefresh/cf-runtime/6.4.10/README.md.gotmpl Normal file
View File

File diff suppressed because it is too large Load Diff

37
charts/codefresh/cf-runtime/6.4.10/files/cleanup-runtime.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "AGENT: ${AGENT}"
echo "AGENT_SECRET_NAME: ${AGENT_SECRET_NAME}"
echo "DIND_SECRET_NAME: ${DIND_SECRET_NAME}"
echo "-----"
auth() {
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
}
remove_runtime() {
if [ "$AGENT" == "true" ]; then
codefresh delete re ${RUNTIME_NAME} || true
else
codefresh delete sys-re ${RUNTIME_NAME} || true
fi
}
remove_agent() {
codefresh delete agent ${AGENT_NAME} || true
}
remove_secrets() {
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
kubectl delete secret $AGENT_SECRET_NAME || true
kubectl delete secret $DIND_SECRET_NAME || true
}
auth
remove_runtime
remove_agent
remove_secrets

132
charts/codefresh/cf-runtime/6.4.10/files/configure-dind-certs.sh Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env bash
#
#---
fatal() {
echo "ERROR: $1"
exit 1
}
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
exit_trap () {
local lc="$BASH_COMMAND" rc=$?
if [ $rc != 0 ]; then
if [[ -n "$SLEEP_ON_ERROR" ]]; then
echo -e "\nSLEEP_ON_ERROR is set - Sleeping to fix error"
sleep $SLEEP_ON_ERROR
fi
fi
}
trap exit_trap EXIT
usage() {
echo "Usage:
$0 [-n | --namespace] [--server-cert-cn] [--server-cert-extra-sans] codefresh-api-host codefresh-api-token
Example:
$0 -n workflow https://g.codefresh.io 21341234.423141234.412431234
"
}
# Args
while [[ $1 =~ ^(-(n|h)|--(namespace|server-cert-cn|server-cert-extra-sans|help)) ]]
do
key=$1
value=$2
case $key in
-h|--help)
usage
exit
;;
-n|--namespace)
NAMESPACE="$value"
shift
;;
--server-cert-cn)
SERVER_CERT_CN="$value"
shift
;;
--server-cert-extra-sans)
SERVER_CERT_EXTRA_SANS="$value"
shift
;;
esac
shift # past argument or value
done
API_HOST=${1:-"$CF_API_HOST"}
API_TOKEN=${2:-"$CF_API_TOKEN"}
[[ -z "$API_HOST" ]] && usage && fatal "Missing API_HOST"
[[ -z "$API_TOKEN" ]] && usage && fatal "Missing token"
API_SIGN_PATH=${API_SIGN_PATH:-"api/custom_clusters/signServerCerts"}
NAMESPACE=${NAMESPACE:-default}
RELEASE=${RELEASE:-cf-runtime}
DIR=$(dirname $0)
TMPDIR=/tmp/codefresh/
TMP_CERTS_FILE_ZIP=$TMPDIR/cf-certs.zip
TMP_CERTS_HEADERS_FILE=$TMPDIR/cf-certs-response-headers.txt
CERTS_DIR=$TMPDIR/ssl
SRV_TLS_CA_CERT=${CERTS_DIR}/ca.pem
SRV_TLS_KEY=${CERTS_DIR}/server-key.pem
SRV_TLS_CSR=${CERTS_DIR}/server-cert.csr
SRV_TLS_CERT=${CERTS_DIR}/server-cert.pem
CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
mkdir -p $TMPDIR $CERTS_DIR
K8S_CERT_SECRET_NAME=codefresh-certs-server
echo -e "\n------------------\nGenerating server tls certificates ... "
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
###
openssl genrsa -out $SRV_TLS_KEY 4096 || fatal "Failed to generate openssl key "
openssl req -subj "/CN=${SERVER_CERT_CN}" -new -key $SRV_TLS_KEY -out $SRV_TLS_CSR || fatal "Failed to generate openssl csr "
GENERATE_CERTS=true
CSR=$(sed ':a;N;$!ba;s/\n/\\n/g' ${SRV_TLS_CSR})
SERVER_CERT_SANS="IP:127.0.0.1,DNS:dind,DNS:*.dind.${NAMESPACE},DNS:*.dind.${NAMESPACE}.svc${KUBE_DOMAIN},DNS:*.cf-cd.com,DNS:*.codefresh.io"
if [[ -n "${SERVER_CERT_EXTRA_SANS}" ]]; then
SERVER_CERT_SANS=${SERVER_CERT_SANS},${SERVER_CERT_EXTRA_SANS}
fi
echo "{\"reqSubjectAltName\": \"${SERVER_CERT_SANS}\", \"csr\": \"${CSR}\" }" > ${TMPDIR}/sign_req.json
rm -fv ${TMP_CERTS_HEADERS_FILE} ${TMP_CERTS_FILE_ZIP}
SIGN_STATUS=$(curl -k -sSL -d @${TMPDIR}/sign_req.json -H "Content-Type: application/json" -H "Authorization: ${API_TOKEN}" -H "Expect: " \
-o ${TMP_CERTS_FILE_ZIP} -D ${TMP_CERTS_HEADERS_FILE} -w '%{http_code}' ${API_HOST}/${API_SIGN_PATH} )
echo "Sign request completed with HTTP_STATUS_CODE=$SIGN_STATUS"
if [[ $SIGN_STATUS != 200 ]]; then
echo "ERROR: Cannot sign certificates"
if [[ -f ${TMP_CERTS_FILE_ZIP} ]]; then
mv ${TMP_CERTS_FILE_ZIP} ${TMP_CERTS_FILE_ZIP}.error
cat ${TMP_CERTS_FILE_ZIP}.error
fi
exit 1
fi
unzip -o -d ${CERTS_DIR}/ ${TMP_CERTS_FILE_ZIP} || fatal "Failed to unzip certificates to ${CERTS_DIR} "
cp -v ${CF_SRV_TLS_CA_CERT} $SRV_TLS_CA_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains ca.pem"
cp -v ${CF_SRV_TLS_CERT} $SRV_TLS_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains cf-server-cert.pem"
echo -e "\n------------------\nCreating certificate secret "
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
--from-file=$SRV_TLS_CA_CERT \
--from-file=$SRV_TLS_KEY \
--from-file=$SRV_TLS_CERT \
--dry-run=client -o yaml | kubectl apply --overwrite -f -
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'

80
charts/codefresh/cf-runtime/6.4.10/files/init-runtime.sh Normal file
View File

@ -0,0 +1,80 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "SECRET_NAME: ${SECRET_NAME}"
echo "-----"
create_agent_secret() {
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: ${SECRET_NAME}
namespace: ${KUBE_NAMESPACE}
labels:
codefresh.io/internal: "true"
finalizers:
- kubernetes
ownerReferences:
- apiVersion: apps/v1
kind: Deploy
name: ${OWNER_NAME}
uid: ${OWNER_UID}
stringData:
agent-codefresh-token: ${1}
EOF
}
OWNER_UID=$(kubectl get deploy ${OWNER_NAME} --namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.uid}')
echo "got owner uid: ${OWNER_UID}"
if [ ! -z "${AGENT_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "runtime and agent are already initialized"
echo "-----"
exit 0
fi
if [ ! -z "${EXISTING_AGENT_CODEFRESH_TOKEN}" ]; then
echo "using existing agentToken value"
create_agent_secret $EXISTING_AGENT_CODEFRESH_TOKEN
exit 0
fi
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
echo "-----"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
# AGENT_TOKEN might be empty, in which case it will be returned by the call
RES=$(codefresh install agent \
--name ${AGENT_NAME} \
--kube-context-name ${KUBE_CONTEXT} \
--kube-namespace ${KUBE_NAMESPACE} \
--agent-kube-namespace ${KUBE_NAMESPACE} \
--install-runtime \
--runtime-name ${RUNTIME_NAME} \
--skip-cluster-creation \
--platform-only)
AGENT_CODEFRESH_TOKEN=$(echo "${RES}" | tail -n 1)
echo "generated agent + runtime in platform"
create_agent_secret $AGENT_CODEFRESH_TOKEN
echo "-----"
echo "done initializing runtime and agent"
echo "-----"

38
charts/codefresh/cf-runtime/6.4.10/files/reconcile-runtime.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "CONFIGMAP_NAME: ${CONFIGMAP_NAME}"
echo "RECONCILE_INTERVAL: ${RECONCILE_INTERVAL}"
echo "-----"
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
err "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
while true; do
msg "Reconciling ${RUNTIME_NAME} runtime"
sleep $RECONCILE_INTERVAL
codefresh get re \
--name ${RUNTIME_NAME} \
-o yaml \
| yq 'del(.version, .metadata.changedBy, .metadata.creationTime)' > /tmp/runtime.yaml
kubectl get cm ${CONFIGMAP_NAME} -n ${KUBE_NAMESPACE} -o yaml \
| yq 'del(.metadata.resourceVersion, .metadata.uid)' \
| yq eval '.data["runtime.yaml"] = load_str("/tmp/runtime.yaml")' \
| kubectl apply -f -
done

70
charts/codefresh/cf-runtime/6.4.10/templates/_components/app-proxy/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "app-proxy.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "app-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "app-proxy.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "app-proxy.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: app-proxy
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "app-proxy.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 3000
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

19
charts/codefresh/cf-runtime/6.4.10/templates/_components/app-proxy/_env-vars.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "app-proxy.environment-variables.defaults" }}
PORT: 3000
{{- end }}
{{- define "app-proxy.environment-variables.calculated" }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- with .Values.ingress.pathPrefix }}
API_PATH_PREFIX: {{ . | quote }}
{{- end }}
{{- end }}
{{- define "app-proxy.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "app-proxy.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "app-proxy.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.4.10/templates/_components/app-proxy/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "app-proxy.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app-proxy.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "app-proxy.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Selector labels
*/}}
{{- define "app-proxy.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "app-proxy.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "app-proxy.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

32
charts/codefresh/cf-runtime/6.4.10/templates/_components/app-proxy/_ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- define "app-proxy.resources.ingress" -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "app-proxy.fullname" . }}
labels: {{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.class (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.class }}
{{- end }}
{{- if .Values.ingress.tlsSecret }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.tlsSecret }}
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.pathPrefix | default "/" }}
pathType: ImplementationSpecific
backend:
service:
name: {{ include "app-proxy.fullname" . }}
port:
number: 80
{{- end -}}

47
charts/codefresh/cf-runtime/6.4.10/templates/_components/app-proxy/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "app-proxy.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app-proxy.serviceAccountName" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "app-proxy.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "app-proxy.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.10/templates/_components/app-proxy/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "app-proxy.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
selector:
{{- include "app-proxy.selectorLabels" . | nindent 4 }}
{{- end -}}

62
charts/codefresh/cf-runtime/6.4.10/templates/_components/event-exporter/_deployment.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- define "event-exporter.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "event-exporter.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "event-exporter.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: event-exporter
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
args: [--running-in-cluster=true]
env:
{{- include "event-exporter.environment-variables" . | nindent 8 }}
ports:
- name: metrics
containerPort: 9102
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.4.10/templates/_components/event-exporter/_env-vars.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.environment-variables.defaults" }}
{{- end }}
{{- define "event-exporter.environment-variables.calculated" }}
{{- end }}
{{- define "event-exporter.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "event-exporter.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "event-exporter.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.4.10/templates/_components/event-exporter/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "event-exporter.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "event-exporter.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "event-exporter.labels" -}}
{{ include "cf-runtime.labels" . }}
app: event-exporter
{{- end }}
{{/*
Selector labels
*/}}
{{- define "event-exporter.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
app: event-exporter
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "event-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "event-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
charts/codefresh/cf-runtime/6.4.10/templates/_components/event-exporter/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "event-exporter.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "event-exporter.serviceAccountName" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: [events]
verbs: [get, list, watch]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "event-exporter.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "event-exporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.10/templates/_components/event-exporter/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "event-exporter.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: metrics
port: 9102
targetPort: metrics
protocol: TCP
selector:
{{- include "event-exporter.selectorLabels" . | nindent 4 }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.4.10/templates/_components/event-exporter/_serviceMontor.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.resources.serviceMonitor" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
{{- end -}}

70
charts/codefresh/cf-runtime/6.4.10/templates/_components/monitor/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "monitor.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "monitor.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "monitor.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 9020
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /api/ping
port: 9020
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

26
charts/codefresh/cf-runtime/6.4.10/templates/_components/monitor/_env-vars.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- define "monitor.environment-variables.defaults" }}
SERVICE_NAME: {{ include "monitor.fullname" . }}
PORT: 9020
HELM3: true
NODE_OPTIONS: "--max_old_space_size=4096"
{{- end }}
{{- define "monitor.environment-variables.calculated" }}
API_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
CLUSTER_ID: {{ include "runtime.runtime-environment-spec.context-name" . }}
API_URL: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}/api/k8s-monitor/events
ACCOUNT_ID: {{ .Values.global.accountId }}
NAMESPACE: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
ROLE_BINDING: true
{{- end }}
{{- end }}
{{- define "monitor.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "monitor.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "monitor.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

42
charts/codefresh/cf-runtime/6.4.10/templates/_components/monitor/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "monitor.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Selector labels
*/}}
{{- define "monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "monitor.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "monitor.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

56
charts/codefresh/cf-runtime/6.4.10/templates/_components/monitor/_rbac.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- define "monitor.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "monitor.serviceAccountName" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "monitor.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
name: {{ include "monitor.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.10/templates/_components/monitor/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "monitor.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9020
selector:
{{- include "monitor.selectorLabels" . | nindent 4 }}
{{- end -}}

103
charts/codefresh/cf-runtime/6.4.10/templates/_components/runner/_deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- define "runner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "runner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "runner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "runner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
- name: init
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.init.image "context" .) }}
imagePullPolicy: {{ .Values.init.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/init-runtime.sh" | nindent 10 }}
env:
{{- include "runner-init.environment-variables" . | nindent 8 }}
{{- with .Values.init.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
containers:
- name: runner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
env:
{{- include "runner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.sidecar.enabled }}
- name: reconcile-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.sidecar.image "context" .) }}
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/reconcile-runtime.sh" | nindent 10 }}
env:
{{- include "runner-sidecar.environment-variables" . | nindent 8 }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

42
charts/codefresh/cf-runtime/6.4.10/templates/_components/runner/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "runner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "runner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

53
charts/codefresh/cf-runtime/6.4.10/templates/_components/runner/_rbac.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- define "runner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runner.serviceAccountName" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "pods", "persistentvolumeclaims" ]
verbs: [ "get", "create", "delete", patch ]
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets" ]
verbs: [ "get", "create", "update", patch ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "runner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "runner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

30
charts/codefresh/cf-runtime/6.4.10/templates/_components/runner/environment-variables/_init-container.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- define "runner-init.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-init.environment-variables.calculated" }}
AGENT_NAME: {{ include "runtime.runtime-environment-spec.agent-name" . }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
AGENT_CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
optional: true
EXISTING_AGENT_CODEFRESH_TOKEN: {{ include "runtime.agent-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
SECRET_NAME: {{ include "runner.fullname" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
{{- end }}
{{- define "runner-init.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-init.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-init.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

28
charts/codefresh/cf-runtime/6.4.10/templates/_components/runner/environment-variables/_main-container.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- define "runner.environment-variables.defaults" }}
AGENT_MODE: InCluster
SELF_DEPLOYMENT_NAME:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- end }}
{{- define "runner.environment-variables.calculated" }}
AGENT_ID: {{ include "runtime.runtime-environment-spec.agent-name" . }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
CODEFRESH_IN_CLUSTER_RUNTIME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
{{- end }}
{{- define "runner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

22
charts/codefresh/cf-runtime/6.4.10/templates/_components/runner/environment-variables/_sidecar-container.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "runner-sidecar.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-sidecar.environment-variables.calculated" }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CONFIGMAP_NAME: {{ printf "%s-%s" (include "runtime.fullname" .) "spec" }}
{{- end }}
{{- define "runner-sidecar.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-sidecar.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-sidecar.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.sidecar.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

58
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_cronjob.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- define "dind-volume-provisioner.resources.cronjob" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- if not (eq .Values.storage.backend "local") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "dind-volume-cleanup.fullname" . }}
labels:
{{- include "dind-volume-cleanup.labels" . | nindent 4 }}
spec:
concurrencyPolicy: {{ .Values.concurrencyPolicy }}
schedule: {{ .Values.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.successfulJobsHistory }}
failedJobsHistoryLimit: {{ .Values.failedJobsHistory }}
{{- with .Values.suspend }}
suspend: {{ . }}
{{- end }}
jobTemplate:
spec:
template:
metadata:
labels:
{{- include "dind-volume-cleanup.selectorLabels" . | nindent 12 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 10 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
restartPolicy: {{ .Values.restartPolicy | default "Never" }}
containers:
- name: dind-volume-cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 12 }}
- name: PROVISIONED_BY
value: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
resources:
{{- toYaml .Values.resources | nindent 14 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end -}}

98
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_daemonset.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- define "dind-volume-provisioner.resources.daemonset" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $localVolumeParentDir := .Values.storage.local.volumeParentDir }}
{{- if eq .Values.storage.backend "local" }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "dind-lv-monitor.fullname" . }}
labels:
{{- include "dind-lv-monitor.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.volumePermissions.image "context" .) }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $localVolumeParentDir }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
name: dind-volume-dir
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 10 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.volumePermissions.resources | nindent 10 }}
{{- end }}
containers:
- name: dind-lv-monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- /home/dind-volume-utils/bin/local-volumes-agent
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 10 }}
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VOLUME_PARENT_DIR
value: {{ $localVolumeParentDir }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
readOnly: false
name: dind-volume-dir
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- name: dind-volume-dir
hostPath:
path: {{ $localVolumeParentDir }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end -}}

67
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_deployment.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- define "dind-volume-provisioner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: dind-volume-provisioner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
command:
- /usr/local/bin/dind-volume-provisioner
- -v=4
- --resync-period=50s
env:
{{- include "dind-volume-provisioner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- include "dind-volume-provisioner.volumeMounts.calculated" . | nindent 8 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- include "dind-volume-provisioner.volumes.calculated" . | nindent 6 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

88
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_env-vars.yaml Normal file
View File

@ -0,0 +1,88 @@
{{- define "dind-volume-provisioner.environment-variables.defaults" }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables.calculated" }}
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
PROVISIONER_NAME: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.accessKeyIdSecretKeyRef }}
AWS_ACCESS_KEY_ID:
{{- if .Values.storage.ebs.accessKeyId }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_access_key_id
{{- else if .Values.storage.ebs.accessKeyIdSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.accessKeyIdSecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.ebs.secretAccessKey .Values.storage.ebs.secretAccessKeySecretKeyRef }}
AWS_SECRET_ACCESS_KEY:
{{- if .Values.storage.ebs.secretAccessKey }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_secret_access_key
{{- else if .Values.storage.ebs.secretAccessKeySecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.secretAccessKeySecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }}
{{- end }}
{{- if and .Values.storage.mountAzureJson }}
AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json
CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "dind-volume-provisioner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "dind-volume-provisioner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}
{{- define "dind-volume-provisioner.volumes.calculated" }}
{{- if .Values.storage.gcedisk.serviceAccountJson }}
- name: credentials
secret:
secretName: {{ include "dind-volume-provisioner.fullname" . }}
optional: true
{{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
secret:
secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }}
optional: true
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.volumeMounts.calculated" }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
readOnly: true
mountPath: "/etc/dind-volume-provisioner/credentials"
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
readOnly: true
mountPath: "/etc/kubernetes/azure.json"
{{- end }}
{{- end }}

93
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_helpers.tpl Normal file
View File

@ -0,0 +1,93 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dind-volume-provisioner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dind-volume-provisioner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "dind-volume-cleanup.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-cleanup" | trunc 52 | trimSuffix "-" }}
{{- end }}
{{- define "dind-lv-monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Provisioner name for storage class
*/}}
{{- define "dind-volume-provisioner.volumeProvisionerName" }}
{{- printf "codefresh.io/dind-volume-provisioner-runner-%s" .Release.Namespace }}
{{- end }}
{{/*
Common labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Selector labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Common labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Selector labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dind-volume-provisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dind-volume-provisioner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.storageClassName" }}
{{- printf "dind-local-volumes-runner-%s" .Release.Namespace }}
{{- end }}

71
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_rbac.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- define "dind-volume-provisioner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get", "list" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "create", "update" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "dind-volume-provisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

22
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_secret.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "dind-volume-provisioner.resources.secret" -}}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.secretAccessKey .Values.storage.gcedisk.serviceAccountJson }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
stringData:
{{- with .Values.storage.gcedisk.serviceAccountJson }}
google-service-account.json: |
{{- . | nindent 4 }}
{{- end }}
{{- with .Values.storage.ebs.accessKeyId }}
aws_access_key_id: {{ . }}
{{- end }}
{{- with .Values.storage.ebs.secretAccessKey }}
aws_secret_access_key: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

47
charts/codefresh/cf-runtime/6.4.10/templates/_components/volume-provisioner/_storageclass.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "dind-volume-provisioner.resources.storageclass" -}}
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
{{/* has to be exactly that */}}
name: {{ include "dind-volume-provisioner.storageClassName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
provisioner: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}
volumeBackend: local
volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
{{- else if eq .Values.storage.backend "gcedisk" }}
volumeBackend: {{ .Values.storage.backend }}
type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
zone: {{ required ".Values.storage.gcedisk.availabilityZone is required" .Values.storage.gcedisk.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
{{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
volumeBackend: {{ .Values.storage.backend }}
VolumeType: {{ .Values.storage.ebs.volumeType | default "gp3" }}
AvailabilityZone: {{ required ".Values.storage.ebs.availabilityZone is required" .Values.storage.ebs.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
encrypted: {{ .Values.storage.ebs.encrypted | default "false" | quote }}
{{- with .Values.storage.ebs.kmsKeyId }}
kmsKeyId: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.iops }}
iops: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.throughput }}
throughput: {{ . | quote }}
{{- end }}
{{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
volumeBackend: {{ .Values.storage.backend }}
kind: managed
skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
{{- with .Values.storage.azuredisk.availabilityZone }}
availabilityZone: {{ . | quote }}
{{- end }}
{{- with .Values.storage.azuredisk.resourceGroup }}
resourceGroup: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/codefresh/cf-runtime/6.4.10/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cf-runtime.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cf-runtime.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cf-runtime.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cf-runtime.labels" -}}
helm.sh/chart: {{ include "cf-runtime.chart" . }}
{{ include "cf-runtime.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cf-runtime.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/app-proxy/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.deployment" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/app-proxy/ingress.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.ingress" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/app-proxy/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.rbac" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/app-proxy/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.service" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/event-exporter/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.deployment" $eventExporterContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/event-exporter/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.rbac" $eventExporterContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.10/templates/event-exporter/service.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.service" $eventExporterContext }}
---
{{- include "event-exporter.resources.serviceMonitor" $eventExporterContext }}
{{- end }}

6
charts/codefresh/cf-runtime/6.4.10/templates/extra/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- range .Values.extraResources }}
---
{{ include (printf "%s.tplrender" $cfCommonTplSemver) (dict "Values" . "context" $) }}
{{- end }}

19
charts/codefresh/cf-runtime/6.4.10/templates/extra/runtime-images-cm.yaml Normal file
View File

@ -0,0 +1,19 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.engine.runtimeImages }}
---
kind: ConfigMap
apiVersion: v1
metadata:
{{- /* dummy template just to list runtime images */}}
name: {{ include "runtime.fullname" . }}-images
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
images: |
{{- range $key, $val := $values }}
image: {{ $val }}
{{- end }}

18
charts/codefresh/cf-runtime/6.4.10/templates/hooks/post-install/cm-update-runtime.yaml Normal file
View File

@ -0,0 +1,18 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "runtime.fullname" . }}-spec
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
runtime.yaml: |
{{ include "runtime.runtime-environment-spec.template" . | nindent 4 | trim }}
{{- end }}

68
charts/codefresh/cf-runtime/6.4.10/templates/hooks/post-install/job-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,68 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "3"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-gencerts-dind
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: gencerts-dind
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/configure-dind-certs.sh" | nindent 10 }}
env:
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: RELEASE
value: {{ .Release.Name }}
- name: CF_API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: CF_API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

77
charts/codefresh/cf-runtime/6.4.10/templates/hooks/post-install/job-update-runtime.yaml Normal file
View File

@ -0,0 +1,77 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "5"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: patch-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- |
codefresh auth create-context --api-key $API_KEY --url $API_HOST
cat /usr/share/extras/runtime.yaml
codefresh get re
{{- if .Values.runtime.agent }}
codefresh patch re -f /usr/share/extras/runtime.yaml
{{- else }}
codefresh patch sys-re -f /usr/share/extras/runtime.yaml
{{- end }}
env:
- name: API_KEY
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
volumeMounts:
- name: config
mountPath: /usr/share/extras/runtime.yaml
subPath: runtime.yaml
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
volumes:
- name: config
configMap:
name: {{ include "runtime.fullname" . }}-spec
{{- end }}

37
charts/codefresh/cf-runtime/6.4.10/templates/hooks/post-install/rbac-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,37 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-gencerts-dind
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
{{ end }}

73
charts/codefresh/cf-runtime/6.4.10/templates/hooks/pre-delete/job-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,73 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-cleanup
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/cleanup-runtime.sh" | nindent 10 }}
env:
- name: AGENT_NAME
value: {{ include "runtime.runtime-environment-spec.agent-name" . }}
- name: RUNTIME_NAME
value: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: AGENT
value: {{ .Values.runtime.agent | quote }}
- name: AGENT_SECRET_NAME
value: {{ include "runner.fullname" . }}
- name: DIND_SECRET_NAME
value: codefresh-certs-server
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

46
charts/codefresh/cf-runtime/6.4.10/templates/hooks/pre-delete/rbac-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,46 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-cleanup
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
{{ end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/monitor/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.deployment" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/monitor/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.rbac" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/monitor/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.service" $monitorContext }}
{{- end }}

2
charts/codefresh/cf-runtime/6.4.10/templates/other/external-secrets.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.external-secrets" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.4.10/templates/other/podMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.podMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.4.10/templates/other/serviceMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.serviceMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

9
charts/codefresh/cf-runtime/6.4.10/templates/runner/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.deployment" $runnerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/runner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.rbac" $runnerContext }}
{{- end }}

123
charts/codefresh/cf-runtime/6.4.10/templates/runtime/_helpers.tpl Normal file
View File

@ -0,0 +1,123 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runtime.name" -}}
{{- printf "%s" (include "cf-runtime.name" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runtime.fullname" -}}
{{- printf "%s" (include "cf-runtime.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runtime.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runtime.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Return runtime image (classic runtime) with private registry prefix
*/}}
{{- define "runtime.runtimeImageName" -}}
{{- if .registry -}}
{{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
{{- printf "%s/%s" .registry $imageName -}}
{{- else -}}
{{- printf "%s" .imageFullName -}}
{{- end -}}
{{- end -}}
{{/*
Environment variable value of Codefresh installation token
*/}}
{{- define "runtime.installation-token-env-var-value" -}}
{{- if .Values.global.codefreshToken }}
valueFrom:
secretKeyRef:
name: {{ include "runtime.installation-token-secret-name" . }}
key: codefresh-api-token
{{- else if .Values.global.codefreshTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Environment variable value of Codefresh agent token
*/}}
{{- define "runtime.agent-token-env-var-value" -}}
{{- if .Values.global.agentToken }}
{{- printf "%s" .Values.global.agentToken | toYaml }}
{{- else if .Values.global.agentTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.agentTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Print Codefresh API token secret name
*/}}
{{- define "runtime.installation-token-secret-name" }}
{{- print "codefresh-user-token" }}
{{- end }}
{{/*
Print Codefresh host
*/}}
{{- define "runtime.runtime-environment-spec.codefresh-host" }}
{{- if and (not .Values.global.codefreshHost) }}
{{- fail "ERROR: .global.codefreshHost is required" }}
{{- else }}
{{- printf "%s" (trimSuffix "/" .Values.global.codefreshHost) }}
{{- end }}
{{- end }}
{{/*
Print runtime-environment name
*/}}
{{- define "runtime.runtime-environment-spec.runtime-name" }}
{{- if and (not .Values.global.runtimeName) }}
{{- printf "%s/%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.runtimeName }}
{{- end }}
{{- end }}
{{/*
Print agent name
*/}}
{{- define "runtime.runtime-environment-spec.agent-name" }}
{{- if and (not .Values.global.agentName) }}
{{- printf "%s_%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.agentName }}
{{- end }}
{{- end }}
{{/*
Print context
*/}}
{{- define "runtime.runtime-environment-spec.context-name" }}
{{- if and (not .Values.global.context) }}
{{- fail "ERROR: .global.context is required" }}
{{- else }}
{{- printf "%s" .Values.global.context }}
{{- end }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.10/templates/runtime/cm-dind-daemon.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- /* has to be a constant */}}
name: codefresh-dind-config
labels:
{{- include "runtime.labels" . | nindent 4 }}
data:
daemon.json: |
{{ coalesce .Values.re.dindDaemon .Values.runtime.dindDaemon | toPrettyJson | indent 4 }}

48
charts/codefresh/cf-runtime/6.4.10/templates/runtime/rbac.yaml Normal file
View File

@ -0,0 +1,48 @@
{{ $values := .Values.runtime }}
---
{{- if or $values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- /* has to be a constant */}}
name: codefresh-engine
labels:
{{- include "runtime.labels" . | nindent 4 }}
{{- with $values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if $values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with $values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and $values.serviceAccount.create $values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: codefresh-engine
roleRef:
kind: Role
name: codefresh-engine
apiGroup: rbac.authorization.k8s.io
{{- end }}

206
charts/codefresh/cf-runtime/6.4.10/templates/runtime/runtime-env-spec-tmpl.yaml Normal file
View File

@ -0,0 +1,206 @@
{{- define "runtime.runtime-environment-spec.template" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version -}}
{{- $kubeconfigFilePath := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $name := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $engineContext := .Values.runtime.engine -}}
{{- $dindContext := .Values.runtime.dind -}}
{{- $imageRegistry := .Values.global.imageRegistry -}}
metadata:
name: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
agent: {{ .Values.runtime.agent }}
runtimeScheduler:
type: KubernetesPod
{{- if $engineContext.image }}
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $engineContext.image.pullPolicy }}
{{- with $engineContext.command }}
command: {{- toYaml . | nindent 4 }}
{{- end }}
envVars:
{{- with $engineContext.env }}
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
COMPOSE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COMPOSE_IMAGE) | squote }}
CONTAINER_LOGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CONTAINER_LOGGER_IMAGE) | squote }}
DOCKER_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_BUILDER_IMAGE) | squote }}
DOCKER_PULLER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PULLER_IMAGE) | squote }}
DOCKER_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PUSHER_IMAGE) | squote }}
DOCKER_TAG_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) | squote }}
FS_OPS_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.FS_OPS_IMAGE) | squote }}
GIT_CLONE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GIT_CLONE_IMAGE) | squote }}
KUBE_DEPLOY: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.KUBE_DEPLOY) | squote }}
PIPELINE_DEBUGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.PIPELINE_DEBUGGER_IMAGE) | squote }}
TEMPLATE_ENGINE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.TEMPLATE_ENGINE) | squote }}
CR_6177_FIXER: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CR_6177_FIXER) | squote }}
GC_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GC_BUILDER_IMAGE) | squote }}
COSIGN_IMAGE_SIGNER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COSIGN_IMAGE_SIGNER_IMAGE) | squote }}
{{- with $engineContext.userEnvVars }}
userEnvVars: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.workflowLimits }}
workflowLimits: {{- toYaml . | nindent 4 }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $engineContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $engineContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $engineContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $engineContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $engineContext.schedulerName }}
schedulerName: {{ $engineContext.schedulerName }}
{{- end }}
resources:
{{- if $engineContext.resources}}
{{- toYaml $engineContext.resources | nindent 4 }}
{{- end }}
{{- with $engineContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
dockerDaemonScheduler:
type: DindKubernetesPod
{{- if $dindContext.image }}
dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $dindContext.image.pullPolicy }}
{{- with $dindContext.userAccess }}
userAccess: {{ . }}
{{- end }}
{{- with $dindContext.env }}
envVars:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $dindContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $dindContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $dindContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $dindContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.schedulerName }}
schedulerName: {{ $dindContext.schedulerName }}
{{- end }}
{{- if $dindContext.pvcs }}
pvcs:
{{- range $index, $pvc := $dindContext.pvcs }}
- name: {{ $pvc.name }}
reuseVolumeSelector: {{ $pvc.reuseVolumeSelector | squote }}
reuseVolumeSortOrder: {{ $pvc.reuseVolumeSortOrder }}
storageClassName: {{ include (printf "%v.tplrender" $cfCommonTplSemver) (dict "Values" $pvc.storageClassName "context" $) }}
volumeSize: {{ $pvc.volumeSize }}
{{- with $pvc.annotations }}
annotations: {{ . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
defaultDindResources:
{{- with $dindContext.resources }}
{{- if not .requests }}
limits: {{- toYaml .limits | nindent 6 }}
requests: null
{{- else }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- with $dindContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with $dindContext.userVolumeMounts }}
userVolumeMounts: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.userVolumes }}
userVolumes: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .Values.runtime.agent) }}
clientCertPath: /etc/ssl/cf/
volumeMounts:
codefresh-certs-server:
name: codefresh-certs-server
mountPath: /etc/ssl/cf
readOnly: false
volumes:
codefresh-certs-server:
name: codefresh-certs-server
secret:
secretName: codefresh-certs-server
{{- end }}
extends: {{- toYaml .Values.runtime.runtimeExtends | nindent 2 }}
{{- if .Values.runtime.description }}
description: {{ .Values.runtime.description }}
{{- else }}
description: null
{{- end }}
{{- if .Values.global.accountId }}
accountId: {{ .Values.global.accountId }}
{{- end }}
{{- if not .Values.runtime.agent }}
accounts: {{- toYaml .Values.runtime.accounts | nindent 2 }}
{{- end }}
{{- if .Values.appProxy.enabled }}
appProxy:
externalIP: >-
{{ printf "https://%s%s" .Values.appProxy.ingress.host (.Values.appProxy.ingress.pathPrefix | default "/") }}
{{- end }}
{{- if not .Values.runtime.agent }}
systemHybrid: true
{{- end }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.10/templates/runtime/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.global.codefreshToken }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "runtime.installation-token-secret-name" . }}
labels:
{{- include "runtime.labels" . | nindent 4 }}
stringData:
codefresh-api-token: {{ .Values.global.codefreshToken }}
{{- end }}

16
charts/codefresh/cf-runtime/6.4.10/templates/runtime/svc-dind.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "runtime.labels" . | nindent 4 }}
app: dind
{{/* has to be a constant */}}
name: dind
spec:
ports:
- name: "dind-port"
port: 1300
protocol: TCP
clusterIP: None
selector:
app: dind

11
charts/codefresh/cf-runtime/6.4.10/templates/volume-provisioner/cronjob.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-volume-cleanup") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.cronjob" $volumeProvisionerContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.10/templates/volume-provisioner/daemonset.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-lv-monitor") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.daemonset" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.10/templates/volume-provisioner/deployment.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.10/templates/volume-provisioner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.rbac" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.10/templates/volume-provisioner/secret.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.secret" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.10/templates/volume-provisioner/storageclass.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.storageclass" $volumeProvisionerContext }}
{{- end }}

898
charts/codefresh/cf-runtime/6.4.10/values.yaml Normal file
View File

@ -0,0 +1,898 @@
# -- String to partially override cf-runtime.fullname template (will maintain the release name)
nameOverride: ""
# -- String to fully override cf-runtime.fullname template
fullnameOverride: ""
# -- Global parameters
# @default -- See below
global:
# -- Global Docker image registry
imageRegistry: ""
# -- Global Docker registry secret names as array
imagePullSecrets: []
# -- URL of Codefresh Platform (required!)
codefreshHost: "https://g.codefresh.io"
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
# Ref: https://g.codefresh.io/user/settings (see API Keys)
# Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write)
codefreshToken: ""
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
codefreshTokenSecretKeyRef: {}
# E.g.
# codefreshTokenSecretKeyRef:
# name: my-codefresh-api-token
# key: codefresh-api-token
# -- Account ID (required!)
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
accountId: ""
# -- K8s context name (required!)
context: ""
# E.g.
# context: prod-ue1-runtime-1
# -- Agent Name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}`
agentName: ""
# E.g.
# agentName: prod-ue1-runtime-1
# -- Runtime name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}`
runtimeName: ""
# E.g.
# runtimeName: prod-ue1-runtime-1/namespace
# -- DEPRECATED Agent token in plain text.
# !!! MUST BE provided if migrating from < 6.x chart version
agentToken: ""
# -- DEPRECATED Agent token that references an existing secret containing API key.
# !!! MUST BE provided if migrating from < 6.x chart version
agentTokenSecretKeyRef: {}
# E.g.
# agentTokenSecretKeyRef:
# name: my-codefresh-agent-secret
# key: codefresh-agent-token
# DEPRECATED -- Use `.Values.global.imageRegistry` instead
dockerRegistry: ""
# DEPRECATED -- Use `.Values.runtime` instead
re: {}
# -- Runner parameters
# @default -- See below
runner:
# -- Enable the runner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/venona
tag: 1.10.2
digest: sha256:f7768390d3368aff0843519368c10a0a97cf98a98f2753a89509cf8f6c9798e1
# -- Init container
init:
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
digest: sha256:27281df44814d837fbcc41ba53ee8010ce5496eb758c29f775958d713c79c41a
resources:
limits:
memory: 512Mi
cpu: '1'
requests:
memory: 256Mi
cpu: '0.2'
# -- Sidecar container
# Reconciles runtime spec from Codefresh API for drift detection
sidecar:
enabled: false
image:
registry: quay.io
repository: codefresh/codefresh-shell
tag: 0.0.2
digest: sha256:1f2d1f9effa751601a004e69bc9059a848b7428df379d2ef0c3e7858dc5989d0
env:
RECONCILE_INTERVAL: 300
resources: {}
# -- Add additional env vars
env: {}
# E.g.
# env:
# WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Volume Provisioner parameters
# @default -- See below
volumeProvisioner:
# -- Enable volume-provisioner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/dind-volume-provisioner
tag: 1.35.0
digest: sha256:c036ad717391debdf43f8da337b81b5df0e79de274d2d9af1425c675b0296dda
# -- Add additional env vars
env: {}
# E.g.
# env:
# THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 3000
runAsGroup: 3000
fsGroup: 3000
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- `dind-lv-monitor` DaemonSet parameters
# (local volumes cleaner)
# @default -- See below
dind-lv-monitor:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-utils
tag: 1.29.4
digest: sha256:42e5b032b743e191a1ee1077b8096d6ee298859d4593d3f4fa06fe7fa60061eb
podAnnotations: {}
podSecurityContext:
enabled: true
runAsUser: 1000
fsGroup: 1000
containerSecurityContext: {}
env: {}
resources: {}
nodeSelector: {}
tolerations:
- key: 'codefresh/dind'
operator: 'Exists'
effect: 'NoSchedule'
volumePermissions:
enabled: true
image:
registry: docker.io
repository: alpine
tag: 3.18
digest: sha256:3ddf7bf1d408188f9849efbf4f902720ae08f5131bb39013518b918aa056d0de
resources: {}
securityContext:
runAsUser: 0 # auto
# `dind-volume-cleanup` CronJob parameters
# (external volumes cleaner)
# @default -- See below
dind-volume-cleanup:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-cleanup
tag: 1.2.0
digest: sha256:1af3e3ecc87bf2e26ba07ecef68f54ad100d7e3b5fcf074099f627fd5d917369
env: {}
concurrencyPolicy: Forbid
schedule: "*/10 * * * *"
successfulJobsHistory: 3
failedJobsHistory: 1
suspend: false
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroup: 3000
runAsGroup: 3000
runAsUser: 3000
nodeSelector: {}
affinity: {}
tolerations: []
# Storage parameters for volume-provisioner
# @default -- See below
storage:
# -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`)
backend: local
# -- Set filesystem type (`ext4`/`xfs`)
fsType: "ext4"
# Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`)
# https://kubernetes.io/docs/concepts/storage/volumes/#local
# @default -- See below
local:
# -- Set volume path on the host filesystem
volumeParentDir: /var/lib/codefresh/dind-volumes
# Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`)
# https://aws.amazon.com/ebs/
# https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration
# @default -- See below
ebs:
# -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required)
volumeType: "gp2"
# -- Set EBS volumes availability zone (required)
availabilityZone: "us-east-1a"
# -- Enable encryption (optional)
encrypted: "false"
# -- Set KMS encryption key ID (optional)
kmsKeyId: ""
# -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
accessKeyId: ""
# -- Existing secret containing AWS_ACCESS_KEY_ID.
accessKeyIdSecretKeyRef: {}
# E.g.
# accessKeyIdSecretKeyRef:
# name:
# key:
# -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
secretAccessKey: ""
# -- Existing secret containing AWS_SECRET_ACCESS_KEY
secretAccessKeySecretKeyRef: {}
# E.g.
# secretAccessKeySecretKeyRef:
# name:
# key:
# E.g.
# ebs:
# volumeType: gp3
# availabilityZone: us-east-1c
# encrypted: false
# iops: "5000"
# # I/O operations per second. Only effetive when gp3 volume type is specified.
# # Default value - 3000.
# # Max - 16,000
# throughput: "500"
# # Throughput in MiB/s. Only effective when gp3 volume type is specified.
# # Default value - 125.
# # Max - 1000.
# ebs:
# volumeType: gp2
# availabilityZone: us-east-1c
# encrypted: true
# kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
# accessKeyId: "MYKEYID"
# secretAccessKey: "MYACCESSKEY"
# Storage parameters example for gce disks
# https://cloud.google.com/compute/docs/disks#pdspecs
# https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration
# @default -- See below
gcedisk:
# -- Set GCP volume backend type (`pd-ssd`/`pd-standard`)
volumeType: "pd-ssd"
# -- Set GCP volume availability zone
availabilityZone: "us-west1-a"
# -- Set Google SA JSON key for volume-provisioner (optional)
serviceAccountJson: ""
# -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional)
serviceAccountJsonSecretKeyRef: {}
# E.g.
# gcedisk:
# volumeType: pd-ssd
# availabilityZone: us-central1-c
# serviceAccountJson: |-
# {
# "type": "service_account",
# "project_id": "...",
# "private_key_id": "...",
# "private_key": "...",
# "client_email": "...",
# "client_id": "...",
# "auth_uri": "...",
# "token_uri": "...",
# "auth_provider_x509_cert_url": "...",
# "client_x509_cert_url": "..."
# }
# Storage parameters example for Azure Disks
# https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks
# @default -- See below
azuredisk:
# -- Set storage type (`Premium_LRS`)
skuName: Premium_LRS
cachingMode: None
# availabilityZone: northeurope-1
# resourceGroup:
# DiskIOPSReadWrite: 500
# DiskMBpsReadWrite: 100
mountAzureJson: false
# -- Set runtime parameters
# @default -- See below
runtime:
# -- Set annotation on engine Service Account
# Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
serviceAccount:
create: true
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- Set parent runtime to inherit.
# Should not be changes. Parent runtime is controlled from Codefresh side.
runtimeExtends:
- system/default/hybrid/k8s_low_limits
# -- Runtime description
description: ""
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the engine role
rules: []
# -- (for On-Premise only) Enable agent
agent: true
# -- (for On-Premise only) Set inCluster runtime
inCluster: true
# -- (for On-Premise only) Assign accounts to runtime (list of account ids)
accounts: []
# -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod).
dind:
# -- Set dind image.
image:
registry: quay.io
repository: codefresh/dind
tag: 26.1.4-1.28.7 # use `latest-rootless/rootless/26.1.4-1.28.7-rootless` tags for rootless-dind
pullPolicy: IfNotPresent
digest: sha256:ccaf26ab24db0e00760beba79ce1810a12aef5be296f538ceab416af9ec481f7
# -- Set dind resources.
resources:
requests: null
limits:
cpu: 400m
memory: 800Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 30
# -- PV claim spec parametes.
pvcs:
# -- Default dind PVC parameters
dind:
# -- PVC name prefix.
# Keep `dind` as default! Don't change!
name: dind
# -- PVC storage class name.
# Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner
storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}'
# -- PVC size.
volumeSize: 16Gi
# -- PV reuse selector.
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy
reuseVolumeSelector: codefresh-app,io.codefresh.accountName
reuseVolumeSortOrder: pipeline_id
# -- PV annotations.
annotations: {}
# E.g.:
# annotations:
# codefresh.io/volume-retention: 7d
# -- Set additional env vars.
env:
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Keep `true` as default!
userAccess: true
# -- Add extra volumes
userVolumes: {}
# E.g.:
# userVolumes:
# regctl-docker-registry:
# name: regctl-docker-registry
# secret:
# items:
# - key: .dockerconfigjson
# path: config.json
# secretName: regctl-docker-registry
# optional: true
# -- Add extra volume mounts
userVolumeMounts: {}
# E.g.:
# userVolumeMounts:
# regctl-docker-registry:
# name: regctl-docker-registry
# mountPath: /home/appuser/.docker/
# readOnly: true
# -- Parameters for Engine pod (aka "pipeline" orchestrator).
engine:
# -- Set image.
image:
registry: quay.io
repository: codefresh/engine
tag: 1.174.15
pullPolicy: IfNotPresent
digest: sha256:d547c2044c1488e911ff726462cc417adf2dda731cafd736493c4de4eb9e357b
# -- Set container command.
command:
- npm
- run
- start
# -- Set resources.
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 2048Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 180
# -- Set system(base) runtime images.
# @default -- See below.
runtimeImages:
COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0@sha256:362977564c096b7c2c007b8478ec87cac13d781839adc271d858290213bd89f2
CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.7@sha256:1e7bcee65203f9fdfc7ee5231cb4d29b179479d70dd42ec9855d20c57ab43c48
DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.14@sha256:e61f0694fb7477244014be971a0bad724242e4fdefe810f38e58990d7db6bdc5
DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18@sha256:1a15c3ae0952d3986de7866a3def8ac7e3e39f668fe87fd46c63d886ca06c6d7
DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16@sha256:05efc1af8b1196f1b9b3f0781b4dcc1aa2cdd0ffc1347ee5fa81b16d029ec5c2
DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.14@sha256:801caf9100218c9ed638fb5ca205fcc133f54d00468ed81093b22a4f0a0ffae9
FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3@sha256:57374ccd5275325fc36b237fb38c77dd1f65c84d5aebfe88c9ea0e434ea20fc9
GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0@sha256:a3ec854823f17d0fd817d978219122e644b1abd6db778fd835688fcb6d88c515
KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11@sha256:b6b3fc6cc5fad3ba9e36055278ce99a74a86876be116574503c6fbb4c1b4aa76
PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.6@sha256:4892d72afc0e27718134eff2cb3c1276f731f3d2a41fd76cd73b500310326e47
TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1@sha256:fb7173cfed7536f7de68e75996106e2ce3a0a204e6c5609cba0d7eb62c9db9e1
CR_6177_FIXER: alpine:edge@sha256:b93f4f6834d5c6849d859a4c07cc88f5a7d8ce5fb8d2e72940d8edd8be343c04
GC_BUILDER_IMAGE: quay.io/codefresh/cf-gc-builder:0.5.3@sha256:33ac914e6b844909f188a208cf90e569358cafa5aaa60f49848f49d99bcaf875
COSIGN_IMAGE_SIGNER_IMAGE: quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2@sha256:5e0993207aa809c25ed70cf89af444d9720892fb4a29deb82db45618b0cae4a9
# -- Set additional env vars.
env:
# -- Interval to check the exec status in the container-logger
CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000
# -- Timeout while doing requests to the Docker daemon
DOCKER_REQUEST_TIMEOUT_MS: 30000
# -- If "true", composition images will be pulled sequentially
FORCE_COMPOSE_SERIAL_PULL: false
# -- Level of logging for engine
LOGGER_LEVEL: debug
# -- Enable debug-level logging of outgoing HTTP/HTTPS requests
LOG_OUTGOING_HTTP_REQUESTS: false
# -- Enable emitting metrics from engine
METRICS_PROMETHEUS_ENABLED: true
# -- Enable legacy metrics
METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false
# -- Enable collecting process metrics
METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false
# -- Host for Prometheus metrics server
METRICS_PROMETHEUS_HOST: '0.0.0.0'
# -- Port for Prometheus metrics server
METRICS_PROMETHEUS_PORT: 9100
# -- Set workflow limits.
workflowLimits:
# -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds.
MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600
# -- Maximum time for workflow execution; seconds.
MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400
# -- Maximum time allowed to workflow to spend in "elected" state; seconds.
MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900
# -- Maximum retry attempts allowed for workflow.
MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20
# -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900
# -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300
# -- Time since the last health check report after which workflow is terminated; seconds.
TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300
# -- Time since the last health check report after which the engine is considered unhealthy; seconds.
TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60
# -- Time since the last workflow logs activity after which workflow is terminated; seconds.
TIME_INACTIVE_UNTIL_TERMINATION: 2700
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Set extra env vars
userEnvVars: []
# E.g.
# userEnvVars:
# - name: GITHUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: github-token
# key: token
# -- Parameters for `runtime-patch` post-upgrade/install hook
# @default -- See below
patch:
enabled: true
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
digest: sha256:27281df44814d837fbcc41ba53ee8010ce5496eb758c29f775958d713c79c41a
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
env:
HOME: /tmp
# -- Parameters for `gencerts-dind` post-upgrade/install hook
# @default -- See below
gencerts:
enabled: true
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.28.4
digest: sha256:753e434a8e51c58d3f5daca2dff88073bc7b3bde3a45e0f00d74181176302e37
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
# -- DinD pod daemon config
# @default -- See below
dindDaemon:
hosts:
- unix:///var/run/docker.sock
- tcp://0.0.0.0:1300
tlsverify: true
tls: true
tlscacert: /etc/ssl/cf-client/ca.pem
tlscert: /etc/ssl/cf/server-cert.pem
tlskey: /etc/ssl/cf/server-key.pem
insecure-registries:
- 192.168.99.100:5000
metrics-addr: 0.0.0.0:9323
experimental: true
# App-Proxy parameters
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation
# @default -- See below
appProxy:
# -- Enable app-proxy
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-app-proxy
tag: 0.0.47
digest: sha256:324a9b89924152cce195c7239ddd8501c8aa5f901d19bc4d9f3936cbe5dac14f
# -- Add additional env vars
env: {}
# Set app-proxy ingress parameters
# @default -- See below
ingress:
# -- Set path prefix for ingress (keep empty for default `/` path)
pathPrefix: ""
# -- Set ingress class
class: ""
# -- Set DNS hostname the ingress will use
host: ""
# -- Set k8s tls secret for the ingress object
tlsSecret: ""
# -- Set extra annotations for ingress object
annotations: {}
# E.g.
# ingress:
# pathPrefix: "/cf-app-proxy"
# class: "nginx"
# host: "mydomain.com"
# tlsSecret: "tls-cert-app-proxy"
# annotations:
# nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
podSecurityContext: {}
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# Monitor parameters
# @default -- See below
monitor:
# -- Enable monitor
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-k8s-agent
tag: 1.3.18
digest: sha256:4e010ef4a0792b0953f97959a4ebfdc71d05446b8b19d5007a51ab57a011e19b
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
podSecurityContext: {}
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Add serviceMonitor
# @default -- See below
serviceMonitor:
main:
# -- Enable service monitor for dind pods
enabled: false
nameOverride: dind
selector:
matchLabels:
app: dind
endpoints:
- path: /metrics
targetPort: 9100
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
# -- Add podMonitor (for engine pods)
# @default -- See below
podMonitor:
main:
# -- Enable pod monitor for engine pods
enabled: false
nameOverride: engine
selector:
matchLabels:
app: runtime
podMetricsEndpoints:
- path: /metrics
targetPort: 9100
runner:
# -- Enable pod monitor for runner pod
enabled: false
nameOverride: runner
selector:
matchLabels:
codefresh.io/application: runner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
volume-provisioner:
# -- Enable pod monitor for volumeProvisioner pod
enabled: false
nameOverride: volume-provisioner
selector:
matchLabels:
codefresh.io/application: volume-provisioner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
# -- Event exporter parameters
# @default -- See below
event-exporter:
# -- Enable event-exporter
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: docker.io
repository: codefresh/k8s-event-exporter
tag: latest
digest: sha256:cf52048f1378fb6659dffd1394d68fdf23a7ea709585dc14b5007f3e5a1b7584
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: false
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Array of extra objects to deploy with the release
extraResources: []
# E.g.
# extraResources:
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
# metadata:
# name: codefresh-role
# rules:
# - apiGroups: [ "*"]
# resources: ["*"]
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# - apiVersion: v1
# kind: ServiceAccount
# metadata:
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRoleBinding
# metadata:
# name: codefresh-user
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: codefresh-role
# subjects:
# - kind: ServiceAccount
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: v1
# kind: Secret
# type: kubernetes.io/service-account-token
# metadata:
# name: codefresh-user-token
# namespace: "{{ .Release.Namespace }}"
# annotations:
# kubernetes.io/service-account.name: "codefresh-user"

2
charts/f5/nginx-ingress/1.4.1/.helmignore Normal file
View File

@ -0,0 +1,2 @@
# Patterns to ignore when building packages.
*.png

22
charts/f5/nginx-ingress/1.4.1/Chart.yaml Normal file
View File

@ -0,0 +1,22 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: NGINX Ingress Controller
catalog.cattle.io/kube-version: '>= 1.23.0-0'
catalog.cattle.io/release-name: nginx-ingress
apiVersion: v2
appVersion: 3.7.1
description: NGINX Ingress Controller
home: https://github.com/nginxinc/kubernetes-ingress
icon: file://assets/icons/nginx-ingress.png
keywords:
- ingress
- nginx
kubeVersion: '>= 1.23.0-0'
maintainers:
- email: kubernetes@nginx.com
name: nginxinc
name: nginx-ingress
sources:
- https://github.com/nginxinc/kubernetes-ingress/tree/v3.7.1/charts/nginx-ingress
type: application
version: 1.4.1

3
charts/f5/nginx-ingress/1.4.1/README.md Normal file
View File

@ -0,0 +1,3 @@
# Helm Documentation
Please refer to the [Installation with Helm](https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/installation-with-helm/) guide in the NGINX Ingress Controller documentation site.

15
charts/f5/nginx-ingress/1.4.1/app-readme.md Normal file
View File

@ -0,0 +1,15 @@
# NGINX Ingress Controller
The [NGINX Ingress Controller](https://github.com/nginxinc/kubernetes-ingress) for Kubernetes provides an enterprisegrade implementation of an Ingress controller for NGINX and NGINX Plus for Kubernetes applications.
The Ingress controller is an application that runs in a cluster and configures an HTTP load balancer according to Ingress resources. The load balancer can be a software load balancer running in the cluster or a hardware or cloud load balancer running externally. Different load balancers require different Ingress controller implementations.
In the case of NGINX, the Ingress controller is deployed in a pod along with the load balancer.
NGINX Ingress controller works with both NGINX and NGINX Plus and supports the standard Ingress features - content-based routing and TLS/SSL termination.
Additionally, several NGINX and NGINX Plus features are available as extensions to the Ingress resource via annotations and the ConfigMap resource. In addition to HTTP, NGINX Ingress controller supports load balancing Websocket, gRPC, TCP and UDP applications. See ConfigMap and Annotations docs to learn more about the supported features and customization options.
As an alternative to the Ingress, NGINX Ingress controller supports the VirtualServer and VirtualServerRoute resources. They enable use cases not supported with the Ingress resource, such as traffic splitting and advanced content-based routing.
TCP, UDP and TLS Passthrough load balancing is also supported.

83
charts/f5/nginx-ingress/1.4.1/crds/appprotect.f5.com_aplogconfs.yaml Normal file
View File

@ -0,0 +1,83 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
name: aplogconfs.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APLogConf
listKind: APLogConfList
plural: aplogconfs
singular: aplogconf
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APLogConf is the Schema for the APLogConfs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APLogConfSpec defines the desired state of APLogConf
properties:
content:
properties:
escaping_characters:
items:
properties:
from:
type: string
to:
type: string
type: object
type: array
format:
enum:
- splunk
- arcsight
- default
- user-defined
- grpc
type: string
format_string:
type: string
list_delimiter:
type: string
list_prefix:
type: string
list_suffix:
type: string
max_message_size:
pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
type: string
max_request_size:
pattern: ^([1-9]|[1-9][0-9]|[1-9][0-9]{2}|[1-9][0-9]{3}|10[0-2][0-9][0-9]|[1-9]k|10k|any)$
type: string
type: object
filter:
properties:
request_type:
enum:
- all
- illegal
- blocked
type: string
type: object
type: object
type: object
served: true
storage: true

2172
charts/f5/nginx-ingress/1.4.1/crds/appprotect.f5.com_appolicies.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

98
charts/f5/nginx-ingress/1.4.1/crds/appprotect.f5.com_apusersigs.yaml Normal file
View File

@ -0,0 +1,98 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.13.0
name: apusersigs.appprotect.f5.com
spec:
group: appprotect.f5.com
names:
kind: APUserSig
listKind: APUserSigList
plural: apusersigs
singular: apusersig
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APUserSig is the Schema for the apusersigs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APUserSigSpec defines the desired state of APUserSig
properties:
properties:
type: string
signatures:
items:
properties:
accuracy:
enum:
- high
- medium
- low
type: string
attackType:
properties:
name:
type: string
type: object
description:
type: string
name:
type: string
references:
properties:
type:
enum:
- bugtraq
- cve
- nessus
- url
type: string
value:
type: string
type: object
risk:
enum:
- high
- medium
- low
type: string
rule:
type: string
signatureType:
enum:
- request
- response
type: string
systems:
items:
properties:
name:
type: string
type: object
type: array
type: object
type: array
softwareVersion:
type: string
tag:
type: string
type: object
type: object
served: true
storage: true

68
charts/f5/nginx-ingress/1.4.1/crds/appprotectdos.f5.com_apdoslogconfs.yaml Normal file
View File

@ -0,0 +1,68 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: apdoslogconfs.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
names:
kind: APDosLogConf
listKind: APDosLogConfList
plural: apdoslogconfs
singular: apdoslogconf
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: APDosLogConf is the Schema for the APDosLogConfs API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: APDosLogConfSpec defines the desired state of APDosLogConf
properties:
content:
properties:
format:
enum:
- splunk
- arcsight
- user-defined
type: string
format_string:
type: string
max_message_size:
pattern: ^([1-9]|[1-5][0-9]|6[0-4])k$
type: string
type: object
filter:
properties:
traffic-mitigation-stats:
enum:
- none
- all
default: all
type: string
bad-actors:
pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$
default: top 10
type: string
attack-signatures:
pattern: ^(none|all|top ([1-9]|[1-9][0-9]|[1-9][0-9]{2,4}|100000))$
default: top 10
type: string
type: object
type: object
type: object
served: true
storage: true

68
charts/f5/nginx-ingress/1.4.1/crds/appprotectdos.f5.com_apdospolicy.yaml Normal file
View File

@ -0,0 +1,68 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.9.2
creationTimestamp: null
name: apdospolicies.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
names:
kind: APDosPolicy
listKind: APDosPoliciesList
plural: apdospolicies
singular: apdospolicy
preserveUnknownFields: false
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
type: object
description: APDosPolicy is the Schema for the APDosPolicy API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
type: object
description: APDosPolicySpec defines the desired state of APDosPolicy
properties:
mitigation_mode:
enum:
- "standard"
- "conservative"
- "none"
default: "standard"
type: string
signatures:
enum:
- "on"
- "off"
default: "on"
type: string
bad_actors:
enum:
- "on"
- "off"
default: "on"
type: string
automation_tools_detection:
enum:
- "on"
- "off"
default: "on"
type: string
tls_fingerprint:
enum:
- "on"
- "off"
default: "on"
type: string
served: true
storage: true

113
charts/f5/nginx-ingress/1.4.1/crds/appprotectdos.f5.com_dosprotectedresources.yaml Normal file
View File

@ -0,0 +1,113 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: dosprotectedresources.appprotectdos.f5.com
spec:
group: appprotectdos.f5.com
names:
kind: DosProtectedResource
listKind: DosProtectedResourceList
plural: dosprotectedresources
shortNames:
- pr
singular: dosprotectedresource
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: DosProtectedResource defines a Dos protected resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DosProtectedResourceSpec defines the properties and values
a DosProtectedResource can have.
properties:
allowList:
description: AllowList is a list of allowed IPs and subnet masks
items:
description: AllowListEntry represents an IP address and a subnet
mask.
properties:
ipWithMask:
type: string
type: object
type: array
apDosMonitor:
description: 'ApDosMonitor is how NGINX App Protect DoS monitors the
stress level of the protected object. The monitor requests are sent
from localhost (127.0.0.1). Default value: URI - None, protocol
- http1, timeout - NGINX App Protect DoS default.'
properties:
protocol:
description: Protocol determines if the server listens on http1
/ http2 / grpc / websocket. The default is http1.
enum:
- http1
- http2
- grpc
- websocket
type: string
timeout:
description: Timeout determines how long (in seconds) should NGINX
App Protect DoS wait for a response. Default is 10 seconds for
http1/http2 and 5 seconds for grpc.
format: int64
type: integer
uri:
description: 'URI is the destination to the desired protected
object in the nginx.conf:'
type: string
type: object
apDosPolicy:
description: ApDosPolicy is the namespace/name of a ApDosPolicy resource
type: string
dosAccessLogDest:
description: DosAccessLogDest is the network address for the access
logs
type: string
dosSecurityLog:
description: DosSecurityLog defines the security log of the DosProtectedResource.
properties:
apDosLogConf:
description: ApDosLogConf is the namespace/name of a APDosLogConf
resource
type: string
dosLogDest:
description: DosLogDest is the network address of a logging service,
can be either IP or DNS name.
type: string
enable:
description: Enable enables the security logging feature if set
to true
type: boolean
type: object
enable:
description: Enable enables the DOS feature if set to true
type: boolean
name:
description: Name is the name of protected object, max of 63 characters.
type: string
type: object
type: object
served: true
storage: true

97
charts/f5/nginx-ingress/1.4.1/crds/externaldns.nginx.org_dnsendpoints.yaml Normal file
View File

@ -0,0 +1,97 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: dnsendpoints.externaldns.nginx.org
spec:
group: externaldns.nginx.org
names:
kind: DNSEndpoint
listKind: DNSEndpointList
plural: dnsendpoints
singular: dnsendpoint
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: DNSEndpoint is the CRD wrapper for Endpoint
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DNSEndpointSpec holds information about endpoints.
properties:
endpoints:
items:
description: Endpoint describes DNS Endpoint.
properties:
dnsName:
description: The hostname for the DNS record
type: string
labels:
additionalProperties:
type: string
description: Labels stores labels defined for the Endpoint
type: object
providerSpecific:
description: ProviderSpecific stores provider specific config
items:
description: ProviderSpecificProperty represents provider
specific config property.
properties:
name:
description: Name of the property
type: string
value:
description: Value of the property
type: string
type: object
type: array
recordTTL:
description: TTL for the record
format: int64
type: integer
recordType:
description: RecordType type of record, e.g. CNAME, A, SRV,
TXT, MX
type: string
targets:
description: The targets the DNS service points to
items:
type: string
type: array
type: object
type: array
type: object
status:
description: DNSEndpointStatus represents generation observed by the external
dns controller.
properties:
observedGeneration:
description: The generation observed by by the external-dns controller.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}

110
charts/f5/nginx-ingress/1.4.1/crds/k8s.nginx.org_globalconfigurations.yaml Normal file
View File

@ -0,0 +1,110 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: globalconfigurations.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: GlobalConfiguration
listKind: GlobalConfigurationList
plural: globalconfigurations
shortNames:
- gc
singular: globalconfiguration
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: GlobalConfiguration defines the GlobalConfiguration resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GlobalConfigurationSpec is the spec of the GlobalConfiguration
resource.
properties:
listeners:
items:
description: Listener defines a listener.
properties:
ipv4:
type: string
ipv6:
type: string
name:
type: string
port:
type: integer
protocol:
type: string
ssl:
type: boolean
type: object
type: array
type: object
type: object
served: true
storage: true
- name: v1alpha1
schema:
openAPIV3Schema:
description: GlobalConfiguration defines the GlobalConfiguration resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GlobalConfigurationSpec is the spec of the GlobalConfiguration
resource.
properties:
listeners:
items:
description: Listener defines a listener.
properties:
name:
type: string
port:
type: integer
protocol:
type: string
ssl:
type: boolean
type: object
type: array
type: object
type: object
served: true
storage: false

362
charts/f5/nginx-ingress/1.4.1/crds/k8s.nginx.org_policies.yaml Normal file
View File

@ -0,0 +1,362 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: policies.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: Policy
listKind: PolicyList
plural: policies
shortNames:
- pol
singular: policy
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the Policy. If the resource has a valid status,
it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: Policy defines a Policy for VirtualServer and VirtualServerRoute
resources.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
PolicySpec is the spec of the Policy resource.
The spec includes multiple fields, where each field represents a different policy.
Only one policy (field) is allowed.
properties:
accessControl:
description: AccessControl defines an access policy based on the source
IP of a request.
properties:
allow:
items:
type: string
type: array
deny:
items:
type: string
type: array
type: object
apiKey:
description: APIKey defines an API Key policy.
properties:
clientSecret:
type: string
suppliedIn:
description: SuppliedIn defines the locations API Key should be
supplied in.
properties:
header:
items:
type: string
type: array
query:
items:
type: string
type: array
type: object
type: object
basicAuth:
description: BasicAuth holds HTTP Basic authentication configuration
properties:
realm:
type: string
secret:
type: string
type: object
egressMTLS:
description: EgressMTLS defines an Egress MTLS policy.
properties:
ciphers:
type: string
protocols:
type: string
serverName:
type: boolean
sessionReuse:
type: boolean
sslName:
type: string
tlsSecret:
type: string
trustedCertSecret:
type: string
verifyDepth:
type: integer
verifyServer:
type: boolean
type: object
ingressClassName:
type: string
ingressMTLS:
description: IngressMTLS defines an Ingress MTLS policy.
properties:
clientCertSecret:
type: string
crlFileName:
type: string
verifyClient:
type: string
verifyDepth:
type: integer
type: object
jwt:
description: JWTAuth holds JWT authentication configuration.
properties:
jwksURI:
type: string
keyCache:
type: string
realm:
type: string
secret:
type: string
token:
type: string
type: object
oidc:
description: OIDC defines an Open ID Connect policy.
properties:
accessTokenEnable:
type: boolean
authEndpoint:
type: string
authExtraArgs:
items:
type: string
type: array
clientID:
type: string
clientSecret:
type: string
endSessionEndpoint:
type: string
jwksURI:
type: string
postLogoutRedirectURI:
type: string
redirectURI:
type: string
scope:
type: string
tokenEndpoint:
type: string
zoneSyncLeeway:
type: integer
type: object
rateLimit:
description: RateLimit defines a rate limit policy.
properties:
burst:
type: integer
delay:
type: integer
dryRun:
type: boolean
key:
type: string
logLevel:
type: string
noDelay:
type: boolean
rate:
type: string
rejectCode:
type: integer
scale:
type: boolean
zoneSize:
type: string
type: object
waf:
description: WAF defines an WAF policy.
properties:
apBundle:
type: string
apPolicy:
type: string
enable:
type: boolean
securityLog:
description: SecurityLog defines the security log of a WAF policy.
properties:
apLogBundle:
type: string
apLogConf:
type: string
enable:
type: boolean
logDest:
type: string
type: object
securityLogs:
items:
description: SecurityLog defines the security log of a WAF policy.
properties:
apLogBundle:
type: string
apLogConf:
type: string
enable:
type: boolean
logDest:
type: string
type: object
type: array
type: object
type: object
status:
description: PolicyStatus is the status of the policy resource
properties:
message:
type: string
reason:
type: string
state:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
- name: v1alpha1
schema:
openAPIV3Schema:
description: Policy defines a Policy for VirtualServer and VirtualServerRoute
resources.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: |-
PolicySpec is the spec of the Policy resource.
The spec includes multiple fields, where each field represents a different policy.
Only one policy (field) is allowed.
properties:
accessControl:
description: AccessControl defines an access policy based on the source
IP of a request.
properties:
allow:
items:
type: string
type: array
deny:
items:
type: string
type: array
type: object
egressMTLS:
description: EgressMTLS defines an Egress MTLS policy.
properties:
ciphers:
type: string
protocols:
type: string
serverName:
type: boolean
sessionReuse:
type: boolean
sslName:
type: string
tlsSecret:
type: string
trustedCertSecret:
type: string
verifyDepth:
type: integer
verifyServer:
type: boolean
type: object
ingressMTLS:
description: IngressMTLS defines an Ingress MTLS policy.
properties:
clientCertSecret:
type: string
verifyClient:
type: string
verifyDepth:
type: integer
type: object
jwt:
description: JWTAuth holds JWT authentication configuration.
properties:
realm:
type: string
secret:
type: string
token:
type: string
type: object
rateLimit:
description: RateLimit defines a rate limit policy.
properties:
burst:
type: integer
delay:
type: integer
dryRun:
type: boolean
key:
type: string
logLevel:
type: string
noDelay:
type: boolean
rate:
type: string
rejectCode:
type: integer
zoneSize:
type: string
type: object
type: object
type: object
served: true
storage: false

332
charts/f5/nginx-ingress/1.4.1/crds/k8s.nginx.org_transportservers.yaml Normal file
View File

@ -0,0 +1,332 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: transportservers.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: TransportServer
listKind: TransportServerList
plural: transportservers
shortNames:
- ts
singular: transportserver
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the TransportServer. If the resource has a valid
status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .status.reason
name: Reason
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: TransportServer defines the TransportServer resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TransportServerSpec is the spec of the TransportServer resource.
properties:
action:
description: TransportServerAction defines an action.
properties:
pass:
type: string
type: object
host:
type: string
ingressClassName:
type: string
listener:
description: TransportServerListener defines a listener for a TransportServer.
properties:
name:
type: string
protocol:
type: string
type: object
serverSnippets:
type: string
sessionParameters:
description: SessionParameters defines session parameters.
properties:
timeout:
type: string
type: object
streamSnippets:
type: string
tls:
description: TransportServerTLS defines TransportServerTLS configuration
for a TransportServer.
properties:
secret:
type: string
type: object
upstreamParameters:
description: UpstreamParameters defines parameters for an upstream.
properties:
connectTimeout:
type: string
nextUpstream:
type: boolean
nextUpstreamTimeout:
type: string
nextUpstreamTries:
type: integer
udpRequests:
type: integer
udpResponses:
type: integer
type: object
upstreams:
items:
description: TransportServerUpstream defines an upstream.
properties:
backup:
type: string
backupPort:
type: integer
failTimeout:
type: string
healthCheck:
description: TransportServerHealthCheck defines the parameters
for active Upstream HealthChecks.
properties:
enable:
type: boolean
fails:
type: integer
interval:
type: string
jitter:
type: string
match:
description: TransportServerMatch defines the parameters
of a custom health check.
properties:
expect:
type: string
send:
type: string
type: object
passes:
type: integer
port:
type: integer
timeout:
type: string
type: object
loadBalancingMethod:
type: string
maxConns:
type: integer
maxFails:
type: integer
name:
type: string
port:
type: integer
service:
type: string
type: object
type: array
type: object
status:
description: TransportServerStatus defines the status for the TransportServer
resource.
properties:
message:
type: string
reason:
type: string
state:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}
- additionalPrinterColumns:
- description: Current state of the TransportServer. If the resource has a valid
status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .status.reason
name: Reason
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: TransportServer defines the TransportServer resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: TransportServerSpec is the spec of the TransportServer resource.
properties:
action:
description: TransportServerAction defines an action.
properties:
pass:
type: string
type: object
host:
type: string
ingressClassName:
type: string
listener:
description: TransportServerListener defines a listener for a TransportServer.
properties:
name:
type: string
protocol:
type: string
type: object
serverSnippets:
type: string
sessionParameters:
description: SessionParameters defines session parameters.
properties:
timeout:
type: string
type: object
streamSnippets:
type: string
tls:
description: TransportServerTLS defines TransportServerTLS configuration
for a TransportServer.
properties:
secret:
type: string
type: object
upstreamParameters:
description: UpstreamParameters defines parameters for an upstream.
properties:
connectTimeout:
type: string
nextUpstream:
type: boolean
nextUpstreamTimeout:
type: string
nextUpstreamTries:
type: integer
udpRequests:
type: integer
udpResponses:
type: integer
type: object
upstreams:
items:
description: TransportServerUpstream defines an upstream.
properties:
backup:
type: string
backupPort:
type: integer
failTimeout:
type: string
healthCheck:
description: TransportServerHealthCheck defines the parameters
for active Upstream HealthChecks.
properties:
enable:
type: boolean
fails:
type: integer
interval:
type: string
jitter:
type: string
match:
description: TransportServerMatch defines the parameters
of a custom health check.
properties:
expect:
type: string
send:
type: string
type: object
passes:
type: integer
port:
type: integer
timeout:
type: string
type: object
loadBalancingMethod:
type: string
maxConns:
type: integer
maxFails:
type: integer
name:
type: string
port:
type: integer
service:
type: string
type: object
type: array
type: object
status:
description: TransportServerStatus defines the status for the TransportServer
resource.
properties:
message:
type: string
reason:
type: string
state:
type: string
type: object
type: object
served: true
storage: false
subresources:
status: {}

729
charts/f5/nginx-ingress/1.4.1/crds/k8s.nginx.org_virtualserverroutes.yaml Normal file
View File

@ -0,0 +1,729 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: virtualserverroutes.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: VirtualServerRoute
listKind: VirtualServerRouteList
plural: virtualserverroutes
shortNames:
- vsr
singular: virtualserverroute
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the VirtualServerRoute. If the resource has a
valid status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .spec.host
name: Host
type: string
- jsonPath: .status.externalEndpoints[*].ip
name: IP
type: string
- jsonPath: .status.externalEndpoints[*].hostname
name: ExternalHostname
priority: 1
type: string
- jsonPath: .status.externalEndpoints[*].ports
name: Ports
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: VirtualServerRoute defines the VirtualServerRoute resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: VirtualServerRouteSpec is the spec of the VirtualServerRoute
resource.
properties:
host:
type: string
ingressClassName:
type: string
subroutes:
items:
description: Route defines a route.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request
headers manipulation in an ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines the response
headers manipulation in an ActionProxy.
properties:
add:
items:
description: AddHeader defines an HTTP Header
with an optional Always field to use with the
add_header NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect in an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
dos:
type: string
errorPages:
items:
description: ErrorPage defines an ErrorPage in a Route.
properties:
codes:
items:
type: integer
type: array
redirect:
description: ErrorPageRedirect defines a redirect for
an ErrorPage.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ErrorPageReturn defines a return for an ErrorPage.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
type: array
location-snippets:
type: string
matches:
items:
description: Match defines a match.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request
headers manipulation in an ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines the
response headers manipulation in an ActionProxy.
properties:
add:
items:
description: AddHeader defines an HTTP Header
with an optional Always field to use with
the add_header NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect in
an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
conditions:
items:
description: Condition defines a condition in a MatchRule.
properties:
argument:
type: string
cookie:
type: string
header:
type: string
value:
type: string
variable:
type: string
type: object
type: array
splits:
items:
description: Split defines a split.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in
an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines
the request headers manipulation in an
ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP
Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines
the response headers manipulation in an
ActionProxy.
properties:
add:
items:
description: AddHeader defines an
HTTP Header with an optional Always
field to use with the add_header
NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect
in an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in
an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
weight:
type: integer
type: object
type: array
type: object
type: array
path:
type: string
policies:
items:
description: PolicyReference references a policy by name and
an optional namespace.
properties:
name:
type: string
namespace:
type: string
type: object
type: array
route:
type: string
splits:
items:
description: Split defines a split.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request
headers manipulation in an ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines the
response headers manipulation in an ActionProxy.
properties:
add:
items:
description: AddHeader defines an HTTP Header
with an optional Always field to use with
the add_header NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect in
an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
weight:
type: integer
type: object
type: array
type: object
type: array
upstreams:
items:
description: Upstream defines an upstream.
properties:
backup:
type: string
backupPort:
type: integer
buffer-size:
type: string
buffering:
type: boolean
buffers:
description: UpstreamBuffers defines Buffer Configuration for
an Upstream.
properties:
number:
type: integer
size:
type: string
type: object
client-max-body-size:
type: string
connect-timeout:
type: string
fail-timeout:
type: string
healthCheck:
description: HealthCheck defines the parameters for active Upstream
HealthChecks.
properties:
connect-timeout:
type: string
enable:
type: boolean
fails:
type: integer
grpcService:
type: string
grpcStatus:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
interval:
type: string
jitter:
type: string
keepalive-time:
type: string
mandatory:
type: boolean
passes:
type: integer
path:
type: string
persistent:
type: boolean
port:
type: integer
read-timeout:
type: string
send-timeout:
type: string
statusMatch:
type: string
tls:
description: UpstreamTLS defines a TLS configuration for
an Upstream.
properties:
enable:
type: boolean
type: object
type: object
keepalive:
type: integer
lb-method:
type: string
max-conns:
type: integer
max-fails:
type: integer
name:
type: string
next-upstream:
type: string
next-upstream-timeout:
type: string
next-upstream-tries:
type: integer
ntlm:
type: boolean
port:
type: integer
queue:
description: UpstreamQueue defines Queue Configuration for an
Upstream.
properties:
size:
type: integer
timeout:
type: string
type: object
read-timeout:
type: string
send-timeout:
type: string
service:
type: string
sessionCookie:
description: SessionCookie defines the parameters for session
persistence.
properties:
domain:
type: string
enable:
type: boolean
expires:
type: string
httpOnly:
type: boolean
name:
type: string
path:
type: string
samesite:
type: string
secure:
type: boolean
type: object
slow-start:
type: string
subselector:
additionalProperties:
type: string
type: object
tls:
description: UpstreamTLS defines a TLS configuration for an
Upstream.
properties:
enable:
type: boolean
type: object
type:
type: string
use-cluster-ip:
type: boolean
type: object
type: array
type: object
status:
description: VirtualServerRouteStatus defines the status for the VirtualServerRoute
resource.
properties:
externalEndpoints:
items:
description: ExternalEndpoint defines the IP/ Hostname and ports
used to connect to this resource.
properties:
hostname:
type: string
ip:
type: string
ports:
type: string
type: object
type: array
message:
type: string
reason:
type: string
referencedBy:
type: string
state:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

829
charts/f5/nginx-ingress/1.4.1/crds/k8s.nginx.org_virtualservers.yaml Normal file
View File

@ -0,0 +1,829 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.5
name: virtualservers.k8s.nginx.org
spec:
group: k8s.nginx.org
names:
kind: VirtualServer
listKind: VirtualServerList
plural: virtualservers
shortNames:
- vs
singular: virtualserver
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: Current state of the VirtualServer. If the resource has a valid
status, it means it has been validated and accepted by the Ingress Controller.
jsonPath: .status.state
name: State
type: string
- jsonPath: .spec.host
name: Host
type: string
- jsonPath: .status.externalEndpoints[*].ip
name: IP
type: string
- jsonPath: .status.externalEndpoints[*].hostname
name: ExternalHostname
priority: 1
type: string
- jsonPath: .status.externalEndpoints[*].ports
name: Ports
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: VirtualServer defines the VirtualServer resource.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: VirtualServerSpec is the spec of the VirtualServer resource.
properties:
dos:
type: string
externalDNS:
description: ExternalDNS defines externaldns sub-resource of a virtual
server.
properties:
enable:
type: boolean
labels:
additionalProperties:
type: string
description: Labels stores labels defined for the Endpoint
type: object
providerSpecific:
description: ProviderSpecific stores provider specific config
items:
description: |-
ProviderSpecificProperty defines specific property
for using with ExternalDNS sub-resource.
properties:
name:
description: Name of the property
type: string
value:
description: Value of the property
type: string
type: object
type: array
recordTTL:
description: TTL for the record
format: int64
type: integer
recordType:
type: string
type: object
gunzip:
type: boolean
host:
type: string
http-snippets:
type: string
ingressClassName:
type: string
internalRoute:
description: InternalRoute allows for the configuration of internal
routing.
type: boolean
listener:
description: VirtualServerListener references a custom http and/or
https listener defined in GlobalConfiguration.
properties:
http:
type: string
https:
type: string
type: object
policies:
items:
description: PolicyReference references a policy by name and an
optional namespace.
properties:
name:
type: string
namespace:
type: string
type: object
type: array
routes:
items:
description: Route defines a route.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request
headers manipulation in an ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines the response
headers manipulation in an ActionProxy.
properties:
add:
items:
description: AddHeader defines an HTTP Header
with an optional Always field to use with the
add_header NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect in an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
dos:
type: string
errorPages:
items:
description: ErrorPage defines an ErrorPage in a Route.
properties:
codes:
items:
type: integer
type: array
redirect:
description: ErrorPageRedirect defines a redirect for
an ErrorPage.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ErrorPageReturn defines a return for an ErrorPage.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
type: array
location-snippets:
type: string
matches:
items:
description: Match defines a match.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request
headers manipulation in an ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines the
response headers manipulation in an ActionProxy.
properties:
add:
items:
description: AddHeader defines an HTTP Header
with an optional Always field to use with
the add_header NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect in
an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
conditions:
items:
description: Condition defines a condition in a MatchRule.
properties:
argument:
type: string
cookie:
type: string
header:
type: string
value:
type: string
variable:
type: string
type: object
type: array
splits:
items:
description: Split defines a split.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in
an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines
the request headers manipulation in an
ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP
Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines
the response headers manipulation in an
ActionProxy.
properties:
add:
items:
description: AddHeader defines an
HTTP Header with an optional Always
field to use with the add_header
NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect
in an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in
an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
weight:
type: integer
type: object
type: array
type: object
type: array
path:
type: string
policies:
items:
description: PolicyReference references a policy by name and
an optional namespace.
properties:
name:
type: string
namespace:
type: string
type: object
type: array
route:
type: string
splits:
items:
description: Split defines a split.
properties:
action:
description: Action defines an action.
properties:
pass:
type: string
proxy:
description: ActionProxy defines a proxy in an Action.
properties:
requestHeaders:
description: ProxyRequestHeaders defines the request
headers manipulation in an ActionProxy.
properties:
pass:
type: boolean
set:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type: object
responseHeaders:
description: ProxyResponseHeaders defines the
response headers manipulation in an ActionProxy.
properties:
add:
items:
description: AddHeader defines an HTTP Header
with an optional Always field to use with
the add_header NGINX directive.
properties:
always:
type: boolean
name:
type: string
value:
type: string
type: object
type: array
hide:
items:
type: string
type: array
ignore:
items:
type: string
type: array
pass:
items:
type: string
type: array
type: object
rewritePath:
type: string
upstream:
type: string
type: object
redirect:
description: ActionRedirect defines a redirect in
an Action.
properties:
code:
type: integer
url:
type: string
type: object
return:
description: ActionReturn defines a return in an Action.
properties:
body:
type: string
code:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
type:
type: string
type: object
type: object
weight:
type: integer
type: object
type: array
type: object
type: array
server-snippets:
type: string
tls:
description: TLS defines TLS configuration for a VirtualServer.
properties:
cert-manager:
description: CertManager defines a cert manager config for a TLS.
properties:
cluster-issuer:
type: string
common-name:
type: string
duration:
type: string
issue-temp-cert:
type: boolean
issuer:
type: string
issuer-group:
type: string
issuer-kind:
type: string
renew-before:
type: string
usages:
type: string
type: object
redirect:
description: TLSRedirect defines a redirect for a TLS.
properties:
basedOn:
type: string
code:
type: integer
enable:
type: boolean
type: object
secret:
type: string
type: object
upstreams:
items:
description: Upstream defines an upstream.
properties:
backup:
type: string
backupPort:
type: integer
buffer-size:
type: string
buffering:
type: boolean
buffers:
description: UpstreamBuffers defines Buffer Configuration for
an Upstream.
properties:
number:
type: integer
size:
type: string
type: object
client-max-body-size:
type: string
connect-timeout:
type: string
fail-timeout:
type: string
healthCheck:
description: HealthCheck defines the parameters for active Upstream
HealthChecks.
properties:
connect-timeout:
type: string
enable:
type: boolean
fails:
type: integer
grpcService:
type: string
grpcStatus:
type: integer
headers:
items:
description: Header defines an HTTP Header.
properties:
name:
type: string
value:
type: string
type: object
type: array
interval:
type: string
jitter:
type: string
keepalive-time:
type: string
mandatory:
type: boolean
passes:
type: integer
path:
type: string
persistent:
type: boolean
port:
type: integer
read-timeout:
type: string
send-timeout:
type: string
statusMatch:
type: string
tls:
description: UpstreamTLS defines a TLS configuration for
an Upstream.
properties:
enable:
type: boolean
type: object
type: object
keepalive:
type: integer
lb-method:
type: string
max-conns:
type: integer
max-fails:
type: integer
name:
type: string
next-upstream:
type: string
next-upstream-timeout:
type: string
next-upstream-tries:
type: integer
ntlm:
type: boolean
port:
type: integer
queue:
description: UpstreamQueue defines Queue Configuration for an
Upstream.
properties:
size:
type: integer
timeout:
type: string
type: object
read-timeout:
type: string
send-timeout:
type: string
service:
type: string
sessionCookie:
description: SessionCookie defines the parameters for session
persistence.
properties:
domain:
type: string
enable:
type: boolean
expires:
type: string
httpOnly:
type: boolean
name:
type: string
path:
type: string
samesite:
type: string
secure:
type: boolean
type: object
slow-start:
type: string
subselector:
additionalProperties:
type: string
type: object
tls:
description: UpstreamTLS defines a TLS configuration for an
Upstream.
properties:
enable:
type: boolean
type: object
type:
type: string
use-cluster-ip:
type: boolean
type: object
type: array
type: object
status:
description: VirtualServerStatus defines the status for the VirtualServer
resource.
properties:
externalEndpoints:
items:
description: ExternalEndpoint defines the IP/ Hostname and ports
used to connect to this resource.
properties:
hostname:
type: string
ip:
type: string
ports:
type: string
type: object
type: array
message:
type: string
reason:
type: string
state:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

185
charts/f5/nginx-ingress/1.4.1/questions.yaml Normal file
View File

@ -0,0 +1,185 @@
questions:
- variable: controller.kind
type: enum
options:
- deployment
- daemonset
default: deployment
description: "The kind of the Ingress controller installation - deployment or daemonset."
label: Installation Kind
group: "Settings"
- variable: imageDefault
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
group: "Settings"
show_subquestion_if: false
subquestions:
- variable: controller.nginxplus
default: false
description: "Deploys the Ingress controller for NGINX Plus."
label: Deploy NGINX Plus
type: boolean
group: "NGINX Plus"
- variable: controller.appprotect.enable
default: false
description: "Enable the App Protect module in the Ingress Controller."
label: Enable the App Protect module.
type: boolean
- variable: controller.appprotectdos.enable
default: false
description: "Enable the App Protect DoS module in the Ingress Controller."
label: Enable the App Protect DoS module.
type: boolean
- variable: controller.image.repository
default: nginx/nginx-ingress
description: "The image repository of the Ingress controller."
type: string
label: NGINX Ingress Controller Image Repository
required: true
- variable: controller.image.tag
description: "The tag of the Ingress controller image."
type: string
label: NGINX Ingress Controller Image Tag
required: true
- variable: controller.image.pullPolicy
type: enum
options:
- IfNotPresent
- Always
- Never
default: IfNotPresent
description: "The pull policy for the Ingress controller image."
label: NGINX Ingress Controller Image Pull Policy
- variable: controller.serviceAccount.imagePullSecretName
default: ""
description: "The name of the secret containing docker registry credentials. Secret must exist in the same namespace as the helm release."
type: string
label: Image Pull Secret Name
- variable: controller.defaultTLS.secret
default: ""
description: "The secret with a TLS certificate and key for the default HTTPS server. The value must follow the following format: `<namespace>/<name>`."
label: TLS Secret
type: string
group: "Settings"
- variable: controller.ingressClass
default: nginx
description: "A class of the Ingress controller. The Ingress controller only processes Ingress resources that belong to its class - i.e. have the annotation `[kubernetes.io/ingress.class]` equal to the class. Additionally, the Ingress controller processes Ingress resources that do not have that annotation which can be disabled by setting the [-use-ingress-class-only] flag."
label: Ingress Class
type: string
group: "Settings"
required: true
subquestions:
- variable: controller.useIngressClassOnly
default: false
description: "Ignore Ingress resources without the `[kubernetes.io/ingress.class]` annotation."
label: Use Ingress Class Only
type: boolean
group: "Settings"
- variable: controller.enableCustomResources
default: true
label: Enable Custom Resources
type: boolean
group: "Settings"
show_subquestion_if: true
subquestions:
- variable: controller.globalConfiguration.create
default: true
description: "Creates the GlobalConfiguration custom resource."
label: Create GlobalConfiguration Custom Resource
type: boolean
group: "Settings"
- variable: controller.enableOIDC
default: false
description: "Enables OIDC policies."
label: Enable OIDC policies
type: boolean
group: "Settings"
- variable: controller.enableCertManager
default: false
description: "Enables cert manager for Virtual Server resources."
label: Enable cert manager for Virtual Server resources
type: boolean
group: "Settings"
- variable: controller.enableExternalDNS
default: false
description: "Enables external-dns for Virtual Server resources."
label: Enable external-dns for Virtual Server resources
type: boolean
group: "Settings"
- variable: controller.watchNamespace
default: ""
description: "Comma-separated list of namespaces to watch for Ingress resources. By default the Ingress controller watches all namespaces."
label: Watch Namespace
type: string
group: "Settings"
- variable: controller.service.create
default: true
description: "Creates a service to expose the Ingress controller pods."
label: Create a Service
type: boolean
group: "Service"
show_subquestion_if: true
subquestions:
- variable: controller.service.type
type: enum
options:
- LoadBalancer
- NodePort
default: LoadBalancer
description: "The type of service to create for the Ingress controller."
label: Type of Service
- variable: controller.service.httpPort.enable
default: true
description: "Enables the HTTP port for the Ingress controller service."
label: Enable HTTP Port
type: boolean
group: "Service"
show_subquestion_if: true
subquestions:
- variable: controller.service.httpPort.port
default: 80
description: "The HTTP port of the Ingress controller service."
label: HTTP Port
type: int
required: true
- variable: controller.service.httpsPort.enable
default: true
description: "Enables the HTTPS port for the Ingress controller service."
label: Enable HTTPS Port
type: boolean
group: "Service"
show_subquestion_if: true
subquestions:
- variable: controller.service.httpsPort.port
default: 443
description: "The HTTPS port of the Ingress controller service."
label: HTTPS Port
type: int
required: true
- variable: prometheus.create
default: false
description: "Expose NGINX or NGINX Plus metrics in the Prometheus format."
label: Enable Exposing Prometheus Metrics
type: boolean
group: "Prometheus"
show_subquestion_if: true
subquestions:
- variable: prometheus.port
default: 9113
description: "Configures the port to scrape the metrics."
label: Prometheus Port
type: int
required: true
- variable: prometheus.scheme
default: http
description: "Configures the HTTP scheme to use for connections to the Prometheus endpoint."
label: Prometheus Scheme
type: string
required: true
- variable: prometheus.secret
default: ""
description: "The namespace / name of a Kubernetes TLS Secret. If specified, this secret is used to secure the Prometheus endpoint with TLS connections."
label: Prometheus Secret
type: string

13
charts/f5/nginx-ingress/1.4.1/templates/NOTES.txt Normal file
View File

@ -0,0 +1,13 @@
NGINX Ingress Controller {{ .Chart.AppVersion }} has been installed.
For release notes for this version please see: https://docs.nginx.com/nginx-ingress-controller/releases/
Installation and upgrade instructions: https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/installation-with-helm/
{{ if .Release.IsUpgrade -}}
If you are upgrading from a version of the chart that uses older Custom Resource Definitions (CRD) it is necessary to manually upgrade the CRDs as this is not managed by Helm.
To update to the latest version of the CRDs:
$ kubectl apply -f https://raw.githubusercontent.com/nginxinc/kubernetes-ingress/v{{ .Chart.AppVersion }}/deploy/crds.yaml
More details on upgrading the CRDs: https://docs.nginx.com/nginx-ingress-controller/installation/installing-nic/installation-with-helm/#upgrading-the-crds
{{- end -}}

485
charts/f5/nginx-ingress/1.4.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,485 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "nginx-ingress.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "nginx-ingress.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create a default fully qualified controller name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "nginx-ingress.controller.fullname" -}}
{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified controller service name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "nginx-ingress.controller.service.name" -}}
{{- default (include "nginx-ingress.controller.fullname" .) .Values.serviceNameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "nginx-ingress.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "nginx-ingress.labels" -}}
helm.sh/chart: {{ include "nginx-ingress.chart" . }}
{{ include "nginx-ingress.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Pod labels
*/}}
{{- define "nginx-ingress.podLabels" -}}
{{- include "nginx-ingress.selectorLabels" . }}
{{- if .Values.nginxServiceMesh.enable }}
nsm.nginx.com/enable-ingress: "true"
nsm.nginx.com/enable-egress: "{{ .Values.nginxServiceMesh.enableEgress }}"
nsm.nginx.com/{{ .Values.controller.kind }}: {{ include "nginx-ingress.controller.fullname" . }}
{{- end }}
{{- if and .Values.nginxAgent.enable (eq (.Values.nginxAgent.customConfigMap | default "") "") }}
agent-configuration-revision-hash: {{ include "nginx-ingress.agentConfiguration" . | sha1sum | trunc 8 | quote }}
{{- end }}
{{- if .Values.controller.pod.extraLabels }}
{{ toYaml .Values.controller.pod.extraLabels }}
{{- end }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "nginx-ingress.selectorLabels" -}}
{{- if .Values.controller.selectorLabels -}}
{{ toYaml .Values.controller.selectorLabels }}
{{- else -}}
app.kubernetes.io/name: {{ include "nginx-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the configmap.
*/}}
{{- define "nginx-ingress.configName" -}}
{{- if .Values.controller.customConfigMap -}}
{{ .Values.controller.customConfigMap }}
{{- else -}}
{{- default (include "nginx-ingress.fullname" .) .Values.controller.config.name -}}
{{- end -}}
{{- end -}}
{{/*
Expand the name of the configmap used for NGINX Agent.
*/}}
{{- define "nginx-ingress.agentConfigName" -}}
{{- if ne (.Values.nginxAgent.customConfigMap | default "") "" -}}
{{ .Values.nginxAgent.customConfigMap }}
{{- else -}}
{{- printf "%s-agent-config" (include "nginx-ingress.fullname" . | trunc 49 | trimSuffix "-") -}}
{{- end -}}
{{- end -}}
{{/*
Expand leader election lock name.
*/}}
{{- define "nginx-ingress.leaderElectionName" -}}
{{- if .Values.controller.reportIngressStatus.leaderElectionLockName -}}
{{ .Values.controller.reportIngressStatus.leaderElectionLockName }}
{{- else -}}
{{- printf "%s-%s" (include "nginx-ingress.fullname" .) "leader-election" -}}
{{- end -}}
{{- end -}}
{{/*
Expand service account name.
*/}}
{{- define "nginx-ingress.serviceAccountName" -}}
{{- default (include "nginx-ingress.fullname" .) .Values.controller.serviceAccount.name -}}
{{- end -}}
{{/*
Expand default TLS name.
*/}}
{{- define "nginx-ingress.defaultTLSName" -}}
{{- printf "%s-%s" (include "nginx-ingress.fullname" .) "default-server-tls" -}}
{{- end -}}
{{/*
Expand wildcard TLS name.
*/}}
{{- define "nginx-ingress.wildcardTLSName" -}}
{{- printf "%s-%s" (include "nginx-ingress.fullname" .) "wildcard-tls" -}}
{{- end -}}
{{- define "nginx-ingress.tag" -}}
{{- default .Chart.AppVersion .Values.controller.image.tag -}}
{{- end -}}
{{/*
Expand image name.
*/}}
{{- define "nginx-ingress.image" -}}
{{ include "nginx-ingress.image-digest-or-tag" (dict "image" .Values.controller.image "default" .Chart.AppVersion ) }}
{{- end -}}
{{- define "nap-enforcer.image" -}}
{{ include "nginx-ingress.image-digest-or-tag" (dict "image" .Values.controller.appprotect.enforcer.image "default" .Chart.AppVersion ) }}
{{- end -}}
{{- define "nap-config-manager.image" -}}
{{ include "nginx-ingress.image-digest-or-tag" (dict "image" .Values.controller.appprotect.configManager.image "default" .Chart.AppVersion ) }}
{{- end -}}
{{/*
Accepts an image struct like .Values.controller.image along with a default value to use
if the digest or tag is not set. Can be called like:
include "nginx-ingress.image-digest-or-tag" (dict "image" .Values.controller.image "default" .Chart.AppVersion
*/}}
{{- define "nginx-ingress.image-digest-or-tag" -}}
{{- if .image.digest -}}
{{- printf "%s@%s" .image.repository .image.digest -}}
{{- else -}}
{{- printf "%s:%s" .image.repository (default .default .image.tag) -}}
{{- end -}}
{{- end -}}
{{- define "nginx-ingress.prometheus.serviceName" -}}
{{- printf "%s-%s" (include "nginx-ingress.fullname" .) "prometheus-service" -}}
{{- end -}}
{{/*
return if readOnlyRootFilesystem is enabled or not.
*/}}
{{- define "nginx-ingress.readOnlyRootFilesystem" -}}
{{- if or .Values.controller.readOnlyRootFilesystem (and .Values.controller.securityContext .Values.controller.securityContext.readOnlyRootFilesystem) -}}
true
{{- else -}}
false
{{- end -}}
{{- end -}}
{{/*
Build the args for the service binary.
*/}}
{{- define "nginx-ingress.args" -}}
{{- if and .Values.controller.debug .Values.controller.debug.enable }}
- --listen=:2345
- --headless=true
- --log=true
- --log-output=debugger,debuglineerr,gdbwire,lldbout,rpc,dap,fncall,minidump,stack
- --accept-multiclient
- --api-version=2
- exec
- ./nginx-ingress
{{- if .Values.controller.debug.continue }}
- --continue
{{- end }}
- --
{{- end -}}
- -nginx-plus={{ .Values.controller.nginxplus }}
- -nginx-reload-timeout={{ .Values.controller.nginxReloadTimeout }}
- -enable-app-protect={{ .Values.controller.appprotect.enable }}
{{- if and .Values.controller.appprotect.enable .Values.controller.appprotect.logLevel }}
- -app-protect-log-level={{ .Values.controller.appprotect.logLevel }}
{{ end }}
{{- if and .Values.controller.appprotect.enable .Values.controller.appprotect.v5 }}
- -app-protect-enforcer-address="{{ .Values.controller.appprotect.enforcer.host | default "127.0.0.1" }}:{{ .Values.controller.appprotect.enforcer.port | default 50000 }}"
{{- end }}
- -enable-app-protect-dos={{ .Values.controller.appprotectdos.enable }}
{{- if .Values.controller.appprotectdos.enable }}
- -app-protect-dos-debug={{ .Values.controller.appprotectdos.debug }}
- -app-protect-dos-max-daemons={{ .Values.controller.appprotectdos.maxDaemons }}
- -app-protect-dos-max-workers={{ .Values.controller.appprotectdos.maxWorkers }}
- -app-protect-dos-memory={{ .Values.controller.appprotectdos.memory }}
{{ end }}
- -nginx-configmaps=$(POD_NAMESPACE)/{{ include "nginx-ingress.configName" . }}
{{- if .Values.controller.defaultTLS.secret }}
- -default-server-tls-secret={{ .Values.controller.defaultTLS.secret }}
{{ else if and (.Values.controller.defaultTLS.cert) (.Values.controller.defaultTLS.key) }}
- -default-server-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.defaultTLSName" . }}
{{- end }}
- -ingress-class={{ .Values.controller.ingressClass.name }}
{{- if .Values.controller.watchNamespace }}
- -watch-namespace={{ .Values.controller.watchNamespace }}
{{- end }}
{{- if .Values.controller.watchNamespaceLabel }}
- -watch-namespace-label={{ .Values.controller.watchNamespaceLabel }}
{{- end }}
{{- if .Values.controller.watchSecretNamespace }}
- -watch-secret-namespace={{ .Values.controller.watchSecretNamespace }}
{{- end }}
- -health-status={{ .Values.controller.healthStatus }}
- -health-status-uri={{ .Values.controller.healthStatusURI }}
- -nginx-debug={{ .Values.controller.nginxDebug }}
- -v={{ .Values.controller.logLevel }}
- -nginx-status={{ .Values.controller.nginxStatus.enable }}
{{- if .Values.controller.nginxStatus.enable }}
- -nginx-status-port={{ .Values.controller.nginxStatus.port }}
- -nginx-status-allow-cidrs={{ .Values.controller.nginxStatus.allowCidrs }}
{{- end }}
{{- if .Values.controller.reportIngressStatus.enable }}
- -report-ingress-status
{{- if .Values.controller.reportIngressStatus.ingressLink }}
- -ingresslink={{ .Values.controller.reportIngressStatus.ingressLink }}
{{- else if .Values.controller.reportIngressStatus.externalService }}
- -external-service={{ .Values.controller.reportIngressStatus.externalService }}
{{- else if and (.Values.controller.service.create) (eq .Values.controller.service.type "LoadBalancer") }}
- -external-service={{ include "nginx-ingress.controller.service.name" . }}
{{- end }}
{{- end }}
- -enable-leader-election={{ .Values.controller.reportIngressStatus.enableLeaderElection }}
{{- if .Values.controller.reportIngressStatus.enableLeaderElection }}
- -leader-election-lock-name={{ include "nginx-ingress.leaderElectionName" . }}
{{- end }}
{{- if .Values.controller.wildcardTLS.secret }}
- -wildcard-tls-secret={{ .Values.controller.wildcardTLS.secret }}
{{- else if and .Values.controller.wildcardTLS.cert .Values.controller.wildcardTLS.key }}
- -wildcard-tls-secret=$(POD_NAMESPACE)/{{ include "nginx-ingress.wildcardTLSName" . }}
{{- end }}
- -enable-prometheus-metrics={{ .Values.prometheus.create }}
- -prometheus-metrics-listen-port={{ .Values.prometheus.port }}
- -prometheus-tls-secret={{ .Values.prometheus.secret }}
- -enable-service-insight={{ .Values.serviceInsight.create }}
- -service-insight-listen-port={{ .Values.serviceInsight.port }}
- -service-insight-tls-secret={{ .Values.serviceInsight.secret }}
- -enable-custom-resources={{ .Values.controller.enableCustomResources }}
- -enable-snippets={{ .Values.controller.enableSnippets }}
- -disable-ipv6={{ .Values.controller.disableIPV6 }}
{{- if .Values.controller.enableCustomResources }}
- -enable-tls-passthrough={{ .Values.controller.enableTLSPassthrough }}
{{- if .Values.controller.enableTLSPassthrough }}
- -tls-passthrough-port={{ .Values.controller.tlsPassthroughPort }}
{{- end }}
- -enable-cert-manager={{ .Values.controller.enableCertManager }}
- -enable-oidc={{ .Values.controller.enableOIDC }}
- -enable-external-dns={{ .Values.controller.enableExternalDNS }}
- -default-http-listener-port={{ .Values.controller.defaultHTTPListenerPort}}
- -default-https-listener-port={{ .Values.controller.defaultHTTPSListenerPort}}
{{- if .Values.controller.globalConfiguration.create }}
- -global-configuration=$(POD_NAMESPACE)/{{ include "nginx-ingress.controller.fullname" . }}
{{- end }}
{{- end }}
- -ready-status={{ .Values.controller.readyStatus.enable }}
- -ready-status-port={{ .Values.controller.readyStatus.port }}
- -enable-latency-metrics={{ .Values.controller.enableLatencyMetrics }}
- -ssl-dynamic-reload={{ .Values.controller.enableSSLDynamicReload }}
- -enable-telemetry-reporting={{ .Values.controller.telemetryReporting.enable}}
- -weight-changes-dynamic-reload={{ .Values.controller.enableWeightChangesDynamicReload}}
{{- if .Values.nginxAgent.enable }}
- -agent=true
- -agent-instance-group={{ default (include "nginx-ingress.controller.fullname" .) .Values.nginxAgent.instanceGroup }}
{{- end }}
{{- end -}}
{{/*
Volumes for controller.
*/}}
{{- define "nginx-ingress.volumes" -}}
{{- $volumesSet := "false" }}
volumes:
{{- if eq (include "nginx-ingress.volumeEntries" .) "" -}}
{{ toYaml list | printf " %s" }}
{{- else }}
{{ include "nginx-ingress.volumeEntries" . }}
{{- end -}}
{{- end -}}
{{/*
List of volumes for controller.
*/}}
{{- define "nginx-ingress.volumeEntries" -}}
{{- if eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" }}
- name: nginx-etc
emptyDir: {}
- name: nginx-cache
emptyDir: {}
- name: nginx-lib
emptyDir: {}
- name: nginx-log
emptyDir: {}
{{- end }}
{{- if .Values.controller.appprotect.v5 }}
{{- toYaml .Values.controller.appprotect.volumes }}
{{- end }}
{{- if .Values.controller.volumes }}
{{ toYaml .Values.controller.volumes }}
{{- end }}
{{- if .Values.nginxAgent.enable }}
- name: agent-conf
configMap:
name: {{ include "nginx-ingress.agentConfigName" . }}
- name: agent-dynamic
emptyDir: {}
{{- if and .Values.nginxAgent.instanceManager.tls (or (ne (.Values.nginxAgent.instanceManager.tls.secret | default "") "") (ne (.Values.nginxAgent.instanceManager.tls.caSecret | default "") "")) }}
- name: nginx-agent-tls
projected:
sources:
{{- if ne .Values.nginxAgent.instanceManager.tls.secret "" }}
- secret:
name: {{ .Values.nginxAgent.instanceManager.tls.secret }}
{{- end }}
{{- if ne .Values.nginxAgent.instanceManager.tls.caSecret "" }}
- secret:
name: {{ .Values.nginxAgent.instanceManager.tls.caSecret }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}
{{/*
Volume mounts for controller.
*/}}
{{- define "nginx-ingress.volumeMounts" -}}
{{- $volumesSet := "false" }}
volumeMounts:
{{- if eq (include "nginx-ingress.volumeMountEntries" .) "" -}}
{{ toYaml list | printf " %s" }}
{{- else }}
{{ include "nginx-ingress.volumeMountEntries" . }}
{{- end -}}
{{- end -}}
{{- define "nginx-ingress.volumeMountEntries" -}}
{{- if eq (include "nginx-ingress.readOnlyRootFilesystem" .) "true" }}
- mountPath: /etc/nginx
name: nginx-etc
- mountPath: /var/cache/nginx
name: nginx-cache
- mountPath: /var/lib/nginx
name: nginx-lib
- mountPath: /var/log/nginx
name: nginx-log
{{- end }}
{{- if .Values.controller.appprotect.v5 }}
- name: app-protect-bd-config
mountPath: /opt/app_protect/bd_config
- name: app-protect-config
mountPath: /opt/app_protect/config
# app-protect-bundles is mounted so that Ingress Controller
# can verify that referenced bundles are present
- name: app-protect-bundles
mountPath: /etc/app_protect/bundles
{{- end }}
{{- if .Values.controller.volumeMounts }}
{{ toYaml .Values.controller.volumeMounts }}
{{- end }}
{{- if .Values.nginxAgent.enable }}
- name: agent-conf
mountPath: /etc/nginx-agent/nginx-agent.conf
subPath: nginx-agent.conf
- name: agent-dynamic
mountPath: /var/lib/nginx-agent
{{- if and .Values.nginxAgent.instanceManager.tls (or (ne (.Values.nginxAgent.instanceManager.tls.secret | default "") "") (ne (.Values.nginxAgent.instanceManager.tls.caSecret | default "") "")) }}
- name: nginx-agent-tls
mountPath: /etc/ssl/nms
readOnly: true
{{- end }}
{{- end -}}
{{- end -}}
{{- define "nginx-ingress.appprotect.v5" -}}
{{- if .Values.controller.appprotect.v5}}
- name: waf-enforcer
image: {{ include "nap-enforcer.image" . }}
imagePullPolicy: "{{ .Values.controller.appprotect.enforcer.image.pullPolicy }}"
{{- if .Values.controller.appprotect.enforcer.securityContext }}
securityContext:
{{ toYaml .Values.controller.appprotect.enforcer.securityContext | nindent 6 }}
{{- end }}
env:
- name: ENFORCER_PORT
value: "{{ .Values.controller.appprotect.enforcer.port | default 50000 }}"
volumeMounts:
- name: app-protect-bd-config
mountPath: /opt/app_protect/bd_config
- name: waf-config-mgr
image: {{ include "nap-config-manager.image" . }}
imagePullPolicy: "{{ .Values.controller.appprotect.configManager.image.pullPolicy }}"
{{- if .Values.controller.appprotect.configManager.securityContext }}
securityContext:
{{ toYaml .Values.controller.appprotect.configManager.securityContext | nindent 6 }}
{{- end }}
volumeMounts:
- name: app-protect-bd-config
mountPath: /opt/app_protect/bd_config
- name: app-protect-config
mountPath: /opt/app_protect/config
- name: app-protect-bundles
mountPath: /etc/app_protect/bundles
{{- end}}
{{- end -}}
{{- define "nginx-ingress.agentConfiguration" -}}
log:
level: {{ .Values.nginxAgent.logLevel }}
path: ""
server:
host: {{ required ".Values.nginxAgent.instanceManager.host is required when setting .Values.nginxAgent.enable to true" .Values.nginxAgent.instanceManager.host }}
grpcPort: {{ .Values.nginxAgent.instanceManager.grpcPort }}
{{- if ne (.Values.nginxAgent.instanceManager.sni | default "") "" }}
metrics: {{ .Values.nginxAgent.instanceManager.sni }}
command: {{ .Values.nginxAgent.instanceManager.sni }}
{{- end }}
{{- if .Values.nginxAgent.instanceManager.tls }}
tls:
enable: {{ .Values.nginxAgent.instanceManager.tls.enable | default true }}
skip_verify: {{ .Values.nginxAgent.instanceManager.tls.skipVerify | default false }}
{{- if ne .Values.nginxAgent.instanceManager.tls.caSecret "" }}
ca: "/etc/ssl/nms/ca.crt"
{{- end }}
{{- if ne .Values.nginxAgent.instanceManager.tls.secret "" }}
cert: "/etc/ssl/nms/tls.crt"
key: "/etc/ssl/nms/tls.key"
{{- end }}
{{- end }}
features:
- registration
- nginx-counting
- metrics-sender
- dataplane-status
extensions:
- nginx-app-protect
- nap-monitoring
nginx_app_protect:
report_interval: 15s
precompiled_publication: true
nap_monitoring:
collector_buffer_size: {{ .Values.nginxAgent.napMonitoring.collectorBufferSize }}
processor_buffer_size: {{ .Values.nginxAgent.napMonitoring.processorBufferSize }}
syslog_ip: {{ .Values.nginxAgent.syslog.host }}
syslog_port: {{ .Values.nginxAgent.syslog.port }}
{{ end -}}

169
charts/f5/nginx-ingress/1.4.1/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,169 @@
{{- if and .Values.rbac.create .Values.rbac.clusterrole.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "nginx-ingress.fullname" . }}
labels:
{{- include "nginx-ingress.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- namespaces
- pods
- secrets
- services
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- list
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- list
- watch
- apiGroups:
- discovery.k8s.io
resources:
- endpointslices
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- apiGroups:
- "apps"
resources:
- replicasets
- daemonsets
verbs:
- get
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- get
- list
{{- if .Values.controller.reportIngressStatus.enable }}
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
{{- end }}
{{- if .Values.controller.appprotect.enable }}
- apiGroups:
- appprotect.f5.com
resources:
- appolicies
- aplogconfs
- apusersigs
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.controller.appprotectdos.enable }}
- apiGroups:
- appprotectdos.f5.com
resources:
- apdospolicies
- apdoslogconfs
- dosprotectedresources
verbs:
- get
- watch
- list
{{- end }}
{{- if .Values.controller.enableCustomResources }}
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers
- virtualserverroutes
- globalconfigurations
- transportservers
- policies
verbs:
- list
- watch
- get
- apiGroups:
- k8s.nginx.org
resources:
- virtualservers/status
- virtualserverroutes/status
- policies/status
- transportservers/status
verbs:
- update
{{- end }}
{{- if .Values.controller.reportIngressStatus.ingressLink }}
- apiGroups:
- cis.f5.com
resources:
- ingresslinks
verbs:
- list
- watch
- get
{{- end }}
{{- if .Values.controller.enableCertManager }}
- apiGroups:
- cert-manager.io
resources:
- certificates
verbs:
- list
- watch
- get
- update
- create
- delete
{{- end }}
{{- if .Values.controller.enableExternalDNS }}
- apiGroups:
- externaldns.nginx.org
resources:
- dnsendpoints
verbs:
- list
- watch
- get
- update
- create
- delete
- apiGroups:
- externaldns.nginx.org
resources:
- dnsendpoints/status
verbs:
- update
{{- end }}
{{- end}}

Some files were not shown because too many files have changed in this diff Show More