From 34be4b5520dd6d5d1dc7aded5589634b45b75190 Mon Sep 17 00:00:00 2001 From: root Date: Mon, 11 Apr 2022 10:14:46 +0000 Subject: [PATCH] TVK 2.8.0 make charts output --- .../k8s-triliovault-operator-2.8.0.tgz | Bin 0 -> 16804 bytes .../2.8.0/.helmignore | 23 + .../k8s-triliovault-operator/2.8.0/Chart.yaml | 18 + .../k8s-triliovault-operator/2.8.0/LICENSE | 1 + .../k8s-triliovault-operator/2.8.0/README.md | 197 +++ ...iovault.trilio.io_triliovaultmanagers.yaml | 1200 +++++++++++++++++ .../2.8.0/questions.yaml | 120 ++ .../2.8.0/templates/NOTES.txt | 59 + .../2.8.0/templates/TVMCustomResource.yaml | 44 + .../2.8.0/templates/_helpers.tpl | 66 + .../2.8.0/templates/clusterrole.yaml | 133 ++ .../2.8.0/templates/clusterrole_binding.yaml | 17 + .../2.8.0/templates/deployment.yaml | 202 +++ .../2.8.0/templates/mutating-webhook.yaml | 31 + .../templates/ns-validating-webhook.yaml | 37 + .../preflight_job_preinstall_hook.yaml | 190 +++ .../2.8.0/templates/proxyConfig.yaml | 21 + .../2.8.0/templates/secret.yaml | 11 + .../2.8.0/templates/serviceAccount.yaml | 10 + .../2.8.0/templates/validating-webhook.yaml | 31 + .../2.8.0/templates/webhook-service.yaml | 19 + .../2.8.0/values.yaml | 92 ++ index.yaml | 22 + 23 files changed, 2544 insertions(+) create mode 100644 assets/k8s-triliovault-operator/k8s-triliovault-operator-2.8.0.tgz create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/.helmignore create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/Chart.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/LICENSE create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/README.md create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/crds/triliovault.trilio.io_triliovaultmanagers.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/questions.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/NOTES.txt create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/TVMCustomResource.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/_helpers.tpl create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole_binding.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/deployment.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/mutating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/ns-validating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/preflight_job_preinstall_hook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/proxyConfig.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/secret.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/serviceAccount.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/validating-webhook.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/webhook-service.yaml create mode 100644 charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/values.yaml diff --git a/assets/k8s-triliovault-operator/k8s-triliovault-operator-2.8.0.tgz b/assets/k8s-triliovault-operator/k8s-triliovault-operator-2.8.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..c15b19ca50d2fd24988c040011bdd4b1ec7bf761 GIT binary patch literal 16804 zcmXtf19T?A()JtMwzIKq+qP|IV>=sbW82Bb+1R#r!#B1!eE;10-G9!Rn(paSJu|1f zdaCMqnj{Vu6Y!q{L<^udl~H3cmr>+W@Zse&W7lG_Q0KJOQ|IMU*3#lq)ON5lb+Yi$ zP<0lRv2<_*T=c$qZ?!eEY!*Cf@6x^fp%g4MeN)kx`zWmivbGSU}e{)|7?O!+v2kN+2eayVaYHcn-=Ye zkBU&Vkwd`n!{|p;uc@R%@GN&dIV9srLwLU1UQz3hMR98sjV@L8>`JJ>z^`6^})=Y)CPp|xjo$t0l3em>Wi z(8iwLKa7z`g)K}C%;O1NLZM=Sv5Lkg`XP&e4S(W>BhHfVko=q1?+0O(EI^2$#Q6y0 zKdvHTRG_&hgZGkYW^9;#ET$eBH)>3Rs2(VWuPwoJC_vuQeo!xcZ)WQgpfMWde2Z{T zhCIA%bEb7W#8(>pX+vr#G{oJ4tZ5=|uz(A4YinokAdZV?-wgX)0uDnJ-%FFw2m@tY zc-pa0Igzq--(EW8=^!IoN?-8VvBCxkiM}26O9ImZ3EDn3_EH}MNBueBOVXCK z{FyXZHY)BN6xKuzaqbLdnYQ`TzUf&zbUfZ&0!8G6|2|U^&P&#`@^ScRqOwymLDh;z zKt4G;xR1AoWhv4(6}8hm?CNwxbur%GC1DuJa&03Dr-Igk$BiO# zMDFoJ3pX%soJ_a^n4-oC9V$uV^PWJ#1zob|vV5NIj~Gy}ZNSnqERaV17#hc(xR zyP5eD4!O5|*mwf^aQp@fheoECS)3*@fp8F2sVNbvE%%reUys{<&eh zZ+09X0+ZVJV7QD7Ka4_nU(9yd%qM_On3{>NJsu1|?amvMK=X62(@9=!qX$alpMT1c z`3FbcQdnZa3OfQV6-$B*s#<9D{4ND_DqcPZ1MXwMu!Hn{KuQEf+c1;dQHjpPY@Rxb zp$fHc-uBaDhTMm8A?ZVri2vLB<;sKwsnbZgW9JkQeY`5PJEzjgC{6r5ccO zLv#d4?VvCa2~jiDZl!T?%Q((A><#)L{A1FTgyl!8X94GAlj3EZ?&avmyEr^FJjJuL zed1J|35Gr&2EJ*z7NriXNHfEY#JkaQ*UlD$yHvYg367^9lU)Hyaci6hgzlM6;#6dy zY&qrKrLORpX;u_o0VWL6`Q+ha?=mg1GU*P>G(u$4ve@B!3ksPZ*)q&1dCKG=6PVJ| zvdATxQ?0-)Ax^ssJnb5Ejdm{I=s`ol_RDw%|*VcV1E39Z7bLGF> zs(g!oCCO9e?rRKO62R-eV_hW`Wxqff;=gRSDy-#v7iIFu3lYIk;GzSNX}}PCDZc53w6`H*fRSM(`jlQc zZq-T~=A#e91exi#1Qg~%q`90?d>h=t=c9I)W&nQ8&+EvF^i@Fld~bqSSpv&&ghcWz zhj~Rh-prpAJW)k$fohI)M$~Fu>o-w~)g1eV;1$hm?(I^FE$&%VzN9Dgkr;a%DQ_+O+in^UQR$ z0rQz4K@yV?aHq_iL=wi-kU%UFWHX#KzY}xiiD{w#Ol$j6No~7%+slpbX7U_)felq+ zxm(gOn-v1PahFhKYXQI7cX7|2YOit^6+Jp4PEk)#U`ht&E3wa8?Ym>wG&8c!sZ%QO zeeD<-)fW$=B)7-cbGU(>yPGTJp?9ih*^?dEBGOY5|H;HfJk7?Hq3^QRY- zveW&|my_iPAjOWCx|e*VuS1`Nzl(FTu03snd~#s=219OXIPT9YQ*=v+SP*9IX7pE* zmy`XmGfx}JD9wgV<_Pxv62Gpke`gsQ9v3tZuZv(bs2==fzIOA79m>0j(eP>0PJ$9j zSM4uVNZog2bH$|g8DQM#r^GbYMOJx0MHl%XRmot6NqbQ%|JSF3+>$;xJ6#^n4nfs3 zR|h@!q}w|OFm5wMw7mvE;$RY+q4?rFT!73xc8BN^W3ba9|M0T1bah|!cYP}A7wll8 z;FaydzX-${ist8hdz0}Qk(Tilw~vByozm zjc(kB2{RUm>uGR@z|YUcR~c>Mc8+sTfnYRzqKXJOi zH~JfC$N(%PdQD5oTG4Cm(kAW4h>I{vLKt=6U^GR)ZSW$2M(i+qy#E2Arl}a;g~m%+ zzM^*Q``9stuJ((U7*NQW9UXn^!lqOM<&BNHuTEXJXyM;KfshC8m5EyvIE+#mqe*aD zfkQI{);(ysj36@uc4d8vtj4es9&!l9_N_?Tn$Oi~j~I#JXs;M{Ua3R=1Ufs}Ch53j zEfOl&j~VEzyd1FTbZA{?lb!POt$*#+%olG!0Vd6Wzq=g9Ks<|bj$dszom?8YMVI|E@ z`80D0dRu3cb>@2t4yPe}UlQR^ykVge<8fv+N)=SV5qv}vSwb{GhrMuPP4*9dKvF&l z?c1(1lRtzw?>x#a#;axMbnAn6$S-#FC(L5V+ig$t(j+jKGi(_@d4s z0{#ne7I{)c=2&6Jn97|st@=@I{IJbd^N$k!X(;Aq8+Kww&j>7^)*{K1W!LI@ZT^0w z9G`qQK$a_?;)%Jni@lK{g?C@8-eV>$(nAo2^kC)A=6%By-v?-f1_#u~zPTlM^6=%C zCLCA@oI1e&1&bdJWqYsiqBiIQ;yHK4Y;}|h(YcmzyPesuc-*|S+~1n34*P!+O5@9v zpIe&io8Tfh4;+wL3>L8;QrOOacfdz9i?RhPy_^ad7#a=xnUrZfMC( zOFc^P^x~c<`5W253xIe#7cWJoT%1`D__mx29gX66Xv~O~Q%*dW91VJ6RSv9V`CaX0 z61`9-B9Vu{lB>DWh@9WdynI#(uK690kMEuO6EDK(wIV?!J}AHCCptAwo%*`wNZG>%$sU>#8&7$Qj)Y*X0k$(gOJie!G- zg53BY9#3{BU@3|yHtx$%S@Rc*|vhAOp<`C1gccqFl6Z5WL zF#1qz+$xWZ;b+V0niyn{0@J#s2{OtQ&Iw$5uMF(V2jUN|WC}<29e;5#XrZ~34M;{4 z&ljfmHAm*3!;iRdR3r!*wYJLbUY%cCLq6A(Kp+#K3_rh#;b&BDSXl07AOG1qC{dkj z?IUQhR>cmSLp4XXmR)-k!&<|5$QNX{Dq^37C9$#0P$<+T!S30!7+r}kb+W+@XG?Hn z8r3^ia(X?EMfW4z=}%!$<>O7pF7iQe}e zyaX?=`_F>BUMA37Nm}cB=Bg_BS>l1|j?S?4vEG5sWUfC+m|_mZYM21@$Kt&wD4%}( zs3ro*K$94ZgPWGpBY2VOF+kzy8r?CctU$+-Gq^o9dS(Il;sPXncR>^)A03cqD%!Wl z#V)11hIX~j;6AE&J33ms5X`H9AL+ng!p9v3XTf<%Ad!BmnC99k(BI5z02XW1>+$@o|lCFX?Ybj_pq*e@4n>~wc)+R2znS&A>Ak@79_ z(_p@DsGpf59p(`ZRY5=k^7~ImA*>a6ht|kRGON?8V9u%m5d)9vj0;G1R`>#8=b(33 zO8E9COHP;vQQ;WMld!phG1?^X*_Q56*FoYOLTVzTszJPzY1WtZjYZROCvWTK7K=V{ zih`ApvP4p>sW;p`CBjT2m*w(TjbYw6VAw6!aag_VUAloFVf>)rmU zfgLqJ-Jp}e|hv`8JZ`?Uryj2@clzCcd7^%ah2S} z-G0UNc4}fH2PN|xj&shg8dPH_Wn13T{lv=N#zxfr5cjv#xS^8Nvo^Z9#$!{X{C9u8 z&aU@2y;gPdYRvh)+nl8d;KSuh6!&#Kas!Ygo8pQMMa{k6sc5)rnJtILUd1=)yO-}f zK!)l~m~lQf>Uva30%~e;d8oA<6Dj~ zvT=eNb4RyGGw3UjvMh_=1craI-tF0i8psIx%+$P_-(MJwekWSMI!%$@9bg?-P$8@cmeOR)Rl>_#y7EhfSaUa_`sYI{Ygwn~sia-sHR z7}5?g>uqjIDL!zW9?E8>t4_E%Iw*ykp@2gziC>Q_o38n5Wdvb;S4D~z{)2Yi^i zxxIY0j^a8A-!JjOd8s;{KikIJqm_#Yi8$ZUEghVkXkrhVpI-^Igarl`Y#kSNaFnJ- zeB-f5EvQH&u{sNC#+P7s_Ncebc@wAtuy4%Cd#3#>u~Iw}Jv`VpcU2Q??|AyIl|3LM zDr6V=&ng*l^yQaTE`BZ&f6{v^o?xRVSN+Sf${J>Sedt}aWNqCn@ywk&HGm9pn; zeEq&$I6!+*#5B}&T|?-)PG%f45=73dG?Rr2aj(uW>ejq&u~j2}P4YWklSZN!V?FeJ zy3mpPX%_+`l#{jhI^@FNtwMj4fM66=$I#QF&IWzLvSoqPxvy9{Z%m zdh}@7sUpcg;_GEdc4A-ly!k#**(}&V{x;Px%MGBC-i5%xj~x;skCz>iGE6Vm8J#g7 z+q}5~KV#dJEZhwyMFl)gE}_pxuFL@8^y%NmwR+Lk?e2VK%z9POv*swql|bBk!PWj0+q} zY2O6>15w?>9`NmQ^f;@&Wj{sd#8tt};B)0vA5j?H_7E8{W)(I9M-cR{Ze9elx?^^? zFIZmt*1OiWG3zOIjf2qsoZ@ueo=+_&uLyM+5J9c>WI7NTqv>Bg_09evM-cpz(eUA$42tHN?JoSIuT_PC1 zO8ZqLzj-54TxtQ^CzQOX5PR`>kc+No!>G=+4}Qxq@v!=a*%PAW`WE46wz4xn<^a86Lc%HsNGnrMcVWvs$|Oj;fYN{XRv zouw$4oda(9J22aLIQm|t%HgD+Q^*wGF#42zyja%#4Av9p?bXnTgI<; zk|GJC6zDg0ltVjKMJ(Z$Hdw~Lka1Hcl&ux1-QhuG&dh%Vsn6?$RQOAJA^#`+(DZM5 z>5A8>C!MU%bNVMamZk^Q-@$GkXQHjrvixM!qj0J*KkJWltR;yee~@CMTFU&LcECw< zZ;hAyCBo1zQFkWHeo`EFQDj5#+5I9KET!iHf56zuAlx(jN%F!vUwgc z+WU+$%>+HF%59}q%!G??ILb}3RJ&BkT^{E*BaVL4R8Yx?7L#`i_ozo{S-H1wD0^WJrm0v7lV_e+U|8+CfbJb(c1B>se+03>xU>`382 z3bQ%~^8Y-}+cWY8t(Bxj{Ww`$j z{C^w^cMXx8TZnnzl?+TI`U%76xssOh!)>PbIoLLS9v@lyL73Emy!(FK$sy7LY=bZc;qih0gU4@ZDh&BHGvC_S zzA6nw_rjWwF*$FzrE?70m@5F05M5kddES9oCox>WB1Ga{NNMH|kesligKfhDP*Qne zi~Nv|qfva7`&Yo-`%6@2Jo<6Qp9lU_s0X~`rM_h3Myu>nsl9$bwhbOyJ0!# z9UzQzd<^;#=*;qw>R1EXf{A-+doTEy$h6=G!>?tef7JB`v>(B67ul0cAq*mvBvbB z?(4fx7baeSK%q??Zcr4n+h@VT=WOFWNJ!2HoXP*B80t}QxIdna6dN|z6bCHk$pjB>q-lfBe;_{-%fv{Nxui(0dM}zOpxAOZA*Q;?`#OKZ%oaBdT|Ut`=n`= z`@aC2PBp?CBiDX?Kj|F3b4Fo6EheNRA`RZ&0iK(7eIg()1QT$Rs;At}oGhOiT?eQL zEX}ndg;6b_S!a`G>6H7KV@HaF5qY*K301!4cL$k^K2V9%Ik`nkV!$#yPl9%&L%My= zyX)yN61-sY@Hgm*(B;-hp2hZx-0CqaA0mOeqTl>GEeVqi(9a~6A#gnPrXaW-GKAtQ ziMgxMH=n<{O{>ZmS7Y?kIgRv(7!z)&=$`{dz@@BZ9v+lIZ;-iC;@EG28+~6seCBQE zl=s)&YVMQAz_&~8I$zh!J(Y*jYUD4xA~@e#ea7Orr7JHgvAz8-l!aKH4fm%^=y2Oh zI0Db(g4bbPKsC{pWE0|KPW9(!`%a*G>+N@@m^?llG&Gx@aUh474|6) zG^;;&a!W)Tp5Y9JaUBeVLd;90wY^SFV;#hw#XfjCBScS1%zkZuJ0_m&1=uc0d4?7E z7W6w?0l#wQZJkPi_KJO~P&lT@4xefKiOD8tu|XPIQ;#%M%-_@&IW9K8QDl}%1cCS% zJ?kDi?Sm``jsP~@#HMW4(e4;gJ%t7wXG`BaJFC+np=HP&uFJFwMEVL|n{*Sy=f1fT zUv7v1jJiO0 z8vnc_Yq(ylus~f_Mdnmk?Rae#W(q9Ldt~fOrFmp(zEtsY`maiLu7<56)K1C-37tlx1;Wy>!H~zGEiE%>)A7L_cjgLMXanOy1MGg>|t)PhXkh2F^fb z&H${E!;d>2-PUn-a*~+1KzZ3Oz?WIcRU<2q3L^7dbqA@01UYiZM4tO?X!dh};1BZy zO#n-q`L=sV291(tn`h#(c& zS5RUEq~L8YltT%&Ue|m^c9n(a-=XWyAStnLeHGpC`{*LZO4#RG?PcC38F8D$INQKKR{y|V#)o|8o}ptzZ;+)qG?Op3|;xuI(6Aj?&3fbE9k z<@nF*!*;iKN9w$W5V?Sg-%$bQ_~Kg5%w8=2muDX+LEdDw8$5Pqk-?#q#Rcycve z0h&xWvY8i+ZLRZaO^|CX^3UsK`_1RMA6!oX7(}%>t{I7<#@r>;8pfs!(u2POMe~Uo z76mgOpChL)-e1vYo&@=y%A<1NpujdWwBVU5UJ5%Z_xyis-~~O*E!G zlrquRz|e{f>FL$E?-c2yazAvl$gSWriDdv*gvHsVRr&F$3}P=e0=14AN}Lr))vPDi zNKwu%!g-lY@uP)(?1a!0>X%fsAA#1OLnFN41(ryai;M^hkLPKuu}%sZz=`^tHKwny zC;ZWY-q$8`f1izdJgoL#O#-ENwUBwr+@qH`OM~C|LuAX z>9q7@8v}BU+{{je;atUq39fBzm|j zNlA-$YE7#A@q^fhz)L|*>eT%Z`x}8lPj8PeSCtEpBU{&!B%5lDiwz&y2=NOXgW>nP zJAMvFe=x6p-QK=>T3L|fMK8&_4jt{ucwtjqfQ$ri0#J=Qxf*~iK3YwanfZAiEc!sn430p9Nbn?=5Jf5 zSw$MhVa;&=!p5G3nxf^+)K-iUUScA%@*?M3{W2E(tYP@gD>vu@w4arTzn+CL1RHXmYThOcCJH*2na~H}Ar{1tK_ZjF8A}F+m%d70Iq(!3&HCVb>U4YeRxZ zYZ}DaO?6F(jW_Cq(4uq0CihTT2Mf{3In&3#ds*&7rR@usrRm`M^s{d5 zX7^9#2l+L6&*y;x($qSF3NQ9+mg~qTt(vKqT>V!xNBLD{XbSWWj-xB@%g#LT%;3NK zf9f#NireXQ*T2} z$x-=>12HLWi2{$)3@SPBAY^}vR_W8EPEZ7}k-ixbY#2~E)&dHi=`2Yr3Ti{B3Zwt^ zmq|P))WFs=uxOU?S|PfM;_=NH>r@vRp0z9Od4e_1pcF^V85RQcxFM0yczbvP`uHaV zp!?;)yQlui%rYW4A41Ul&M+&G{v7uO-lX zMLzeS>I`Goz$#9NmRy=A3!euj1JJ~2L|n#(Fca8dqmUnlG#M{*4+X`Wx_3`vJE;IB z*(p&e=GQ`=^^c~<;aMp4!O&y}mYQB5ZX&BcHt-aeOL(!h+B!L4$wNo%^kZlRen49K zZ;8tTo!tezN!@XDNVO#p9fwf);XR9aS#R=(vrm^0>!FMmBquVn(USHhn*kgJXGWCa zZ3F6=-%@KRv&4|4@?T@GCZYuJz-3t!tfEgv;~^SRZ^dF`o-|J{gn0`Eva3%jc)p9z zgYl?=lPDzfP8=Zh(}GE}hBa~E_r*=UkCp{!KaFj7JF z!S2!R1fv^;Dr%x)Gy@~l#anri!pYAV$r?yF1)gj+PhQNdxmGfQB{(YW*ezTx%d6Gk z+F8079 z+NF>yDqojY4`Ow^oAJ#uBvTH?p$3{9{c86mgY7%TFJoFi0YfkbjVETR!&F6fAc4hc z?Lz-~7Phiu^z)3Tyq94*lBpuPBx8Cp*kNWOg8`($Bli-ddun?wi-{(C-JG7u zaLE}pqT1E0t`BfiGOV37C{!x{kRj|3&Ex>WDp?Ch?)0yyM|I@0E%>`!TR$(>T|ugTZLvlI?f$Vw zWdX!Z%X~~sc9?)Zy_Xu1oiJ|K4gvBA8CVi)$0AHQ`gt-+zir;ONX?C^dz!8o zT~Ki7W@I{+p6GD;PZ=85Z&rw|X?lf71EWe)-I6xJMs^#>hzmSC9XybxaA_^M;m>72y(o(B7+@3FsD zILgiimK8@G1Q9fRp08WgEr8ZNqDdS6GR~)Im;2>$w-@ZCvjfmF02($XbHXf&TC&Gh zndP@;PL@lhbQqeZ1;=H1b%#+K)DX^h+XU}`{=x9aAli;nxPX0#X*9qoD&&)N}YV41E z!uo46&$%g8KiySqt>NHY|625^9gFG~&Moxy)^6E?DdH6MNMgPGF8#gzotAvVW(&&&ZS*GiYJHqWe!|jd3JVPV3&y~wNC+Fg&kp0C|5zexu5PYx7r4WVx zjYDBqws92lGOi0o(s|4wCQ*ic&pBshT@|XDbBQ?>*`u9Ox{Y>|JW)ZHipGrDVWk$Y zoUB{4zE=RkyDZ$M+QO^bB3%I|7DB07w$Q;GeQ`~Ec>A=s2Ns4^c9=xgspiVIO)1 zAr7un5;QY@;SeD8DGbr)rLAb%cA@tmN(@DFksbH%3R zBK2n5^-+AqTwO9iI&>5ZjP4h^TGN8|!*(yfljeyJ<6`Bh2CJ8^P9 zOOKG+_DU?7q+3QuAS-yzrc%!L1d)8i+s2kqf+{MqMWqTmZ8iBqyfO8KyyX;T%ZYyl z#O6txzG)(X(eVdjN}r)YRhGvX&Kh-zwqdj?5A_!B3XEhKyV`s9UCbIk`cA8b#A<3a z`0deg6y%c#cpdtwl?WPnjoZDqgIAFW=O<$zHu>E|{H&4J3ynMVY()dWq+={5@kB@5jhvVfXjrsMKSZal-R}9P>(J7`wfE82^XlT?r z^SE{BTRoo}26}%OXx6e5xg1!v*Tf&&@7$_bhd*gg&jmX|5o0}h&uAbV>_kU*rbzhk zn3cvmt<07!dYWqo3Gdu<3My(QHATy(B1P%!Y6L4-C zFo{9)A)1m~vhsA^l2}kM7D#gPMms!>EGs}?AtN#-Jr$WjxjfOnETOM*7!AdZAR#h& z?UsMMZY8eOf#1bG#oyAyKDCxP%b;EMzY2fLpNv_C>*>2$hPkgoU&C39(pc+dJ*b*{HV5xO7b5V7>o%;#=FKc5-*CClJKCMiaeGrG&)-f~M!-R4g@2h7ib9gI!&xx-8@pj$h0&!dfBGmJw2|96Mjp#=<)ZC9VowOdTiOwq_0>2yd4U3g4*BtU~MQhbF zb8O3II9I$aTc{3Jav`;#E2qD3Q&uW!R2iWrQBA8+&d^%37?(dwU_7d+3=xIBzW84$ zQ(Ni+eHUN#zmvA2Em6~^uI|^o3~tF{K~0$0KPZ~J1hBh2d>9laj+#^oY-x21=8K`t zQqGEP#SlCXHHoCp;#Tm$MS%!}ud?eEQgdt2pVPyL+<7nP;wMaZOVYnemE>Hg1{CA# zy7+3j-UWE^iy<;@KP0V*bEXK**0S_i^Cu#-45{cd`RG6FB$ZtsSGU_O{ae-vnbBl3 zZmi#ZdKXPO_N~t3RXM9749nXbI5lwWz{aX2AUOBlmb0JD8NaA|q2y|{g`qEdNkut#D}BW5|9Fx1*o2X-7cFgRdtT^zTj=2DVAQLUPtn~r*Db;NO`0@RMHno z49aM?+B&8eTCU--Z9&Q%6Dsmk&f$9QGhH%i8EtJFkOF46bk*@2^~z#6cee)Xwumkf z89J)npYwEW`tn=e*QI3~Jd*0upfm>DndpD}(XRO5C1W1sKE#+hy8Skj-i~eXx5Msy zd?YGH&jG8+=3@GnNRAXe^%fD*jRSU7)(_t5PuT}iU6WaK{LiQB#x559;hNWHmOyr;d0fW(fd#k)Z z_oBZzqn0Pl{^09cS+crt-a6WwX6S!EH``hb{Y&#yw^zL=#>JUl$7uGKn0mI(GG4#s zud7OzxDn1yId{n#xFhja#&(jCa=53f;|t>{G<&(If9{aLmvz!Gt81y7*sBuMN2Fi|{<%?VpELi$4$Zbd7d~{%66)`h5Q} zaCKNODt#L!deAQtwb-h7umI0oInJp2|FI5{vmBGShfX=LwZGHMl)BK>DE_+NK4W8y1Or( zAMChZKJeWF5r+ALoMlt$>t%H^a+z(#^7;#9btj8j9=7yn@|kUBijPc=l0{#&PsgvD z|6gNv_Z;!JXBqpy)y)4E|1178%D-g(JMJ5chqM=WnE&^L!mr*BX&E5Y?$zKFwKudd zG9xS3i>7PUJT=sKupHC;9Y$3wk8;R^|3mOkCuAJZhMIpt!-)`!n*>2@;9FCw2QTdxqSCc$F|UsJi`ErJJjYG*4np}0q%YP<5IwDc{vH{mTgx^XZ% zx6NkZd0(;Z(m)1kpMr2Mtw#e|m5#yv$BV4?Zwi!(?0^TQwf?8VU{H?IoJ+7|Opo)K zWU$4fm)6suE&<(Dt$K_Y4WyX`;^&Sv=vY{ocMkNn(GrB1cm4TNF!wnp@^O244+{L8 z`206_JXaw2Hg?V}Y;2hOjv)+sKtYFEdtIxr28nzFIluy6?m?gWaBM$S`z3hNc=7My zH?2EPPg&vd)Hd&N2`gkttfhb5M)j}FS(ioT8lD~AOh9c(=E@(wdGj5HRS>ZBmm&EX zlmrtVS8oM`3v7bg6&t!$QS{Cz1EHQnGXfjsn4o{~;Bo9(-TZRpSP!oe4QW9l@N<1~ zy)5Y-5yb@H&dYSKJLmyYV=xn0`wx_bnjeKvPSjykmFU~fo9#8Af1A#jjSC9%!7AQV z{Sl_pU5(|;zxr7GPH(&>P^IsraU?C>7t} zePq!px)EgZn_j8Y_e0vm7Gu<@@=ntdX^Oc<1v*`bwXl5Atv$efWm|EKe9@}a#ld;* z#vf@xdC3#0=8(t=+eCj2mrMiU*l!+XmFd!+BOU4x%Q|IEq;2?ttU<&H39xq$=Z1%# zLdG4evc&pDte8iCu^;_6t-+4wayA!zF33%b>Cab?$@f;{--nZwR?6nqPfuf_`j2Nf zya~Nz46IK~%fbOBH$`{BaW~kU<3}vewI7RqYooTvHW=~(@q^jwq;Dd%&kl)6l;Rg% zjcHF#Q-N7{IW#CIMR}FrBj=%%{T1XEsbl@%-Ls1Kk+<-b5GXR5>C7+3sLZ%#?{Ukw zW5%GiDn@Hqm|XBdSIFI~QN#H)b6bRwMoKbwyR5xIr6ZBTlUWBG{YnXU2g_@CmgT_- z4-60SMN&t>2OEs_x3)Cv4vh$uWKd4|h!W|hu8l-mQzEJtM|#veuQ921uXG>$a(cYd zy5?lY+Ye>)Fv4gw>>jrePQb~bWVhAaJ&l#xg+3Dr2n+WgT{I2xH^~81aS33Ot7YS+ zpd;j6A@#{YU0KG>9^Iy7NV_8)JfNFbcwK4(=RiW8xbDl9S)E405l)~qcfQn z(uVb9Z#^w>5Kd?wtwVS_+*IdJ}!J7r@jP>H+=32in- zSg`|RNkoSo(T6v6j{n(=JU=y%Ocgt?<<&0NX-zyj2;@}b*EpAxRQut_QbrGMl=jyG z?5;gjHGgSSLWSozxYD|suWGd%tHNo{*16lIU==gE6kU}n=2z~1x>qk@YgvWrcT23~ z3d|&(d%DePJTnK(a?G3^4NF?~LH?qZoI3UTp*7(n>fWW9=Ts@=h{2vHXkC$b^N}fg zDj7ygjnDhHlt^d8j!MPPAnH3jZ^UZ3gpv0;r}$|*Qes=Zysn8>c?w1C=~CslAc=XB z;DhC^DiX~>P7<71&A9SNGtnE=1gGKW-nCDYRU@g))+y(Q(s7Q$-X(mjm@c>k1<7C=;zO0Pn5MuM61yD`POzWUvXt8NC{R6bRTQVo-SXQ4ixu$Hj-Rddz1h~Pj|nxsD8`g^DKFE|u2 zMJ~>-QF}_lv${{L6YaQC@uqft899`YKC7%%%SvmTx;g!#uws_E4&!G=Q~z}eh}6WU z{wOP7kYKhE+RnC0Z=^Bt)Ndjy%5>df$ndg>gpm}(-s`7)GS<|&`WGO^M7Ogs4Ilj6 zu=MLu3%K&O_5_S2mZ*Xx0Hs9voD6B&67o>({890R-7&^vrwfpvnN=P>x~o$u6AKU!wsXn3)v75l~7Z;kA*OdZVN+ka}%(Qw6H z1^dvRKTdbvIh`+2Y}9PvHi2YddAKdWl2#|g(ARp=OVnD~k_S?ZFVIJSO!8I4|GZ7Z zs0&zIgC-}RD_qb@gG}1R+hiGz{Nrab4gNAfrMG`4*{CFF+678SusP?XMw>g=&Kwl) zl_{m9!%34x`{|3Wh_FRu#TS}b;5RWHULPkGB5;Va$l1VpJ6hOKp>raQ_Gh)R?v;*t7asaEZxa_eYACE%@bTJ(XZnL5 z|MCL45AX8w;-dHatr=+KlY3|(Zovjbz|zxhw3-%;F#a2FyR**!_>-K9_{en*On$sk zt9zO}@bUApA9!#MW?wrBPEk_*RJK^udrZiE|)t!PP zfG$kBMT3`sZx_oF@OO|j?Vm=gnkX>BmPzsC&T28btjfV`FUL(ML+U5XHDZ%o`SS+k z$)uOKR#~xnLXebrWRXaJ`sR~@V=YHX{^b4J)XK_;1l@UP*D}evRlIuKEM}94m$Bx* z&YuFQk=ktOSkWB17!UMdq1MjgL^3x$U@>5ovBFDz>C;cp3g)mMq8bsRDKPg?ENt^{c3au%(??E#>$c|BoCq9T9vRy3wy3q z*r`j0{OW#|OfUZdo+8Q6;QB}QsX~cQ@CrakjdZRcVni6PQ$Ka0G#c`w6YBY339n3f zOt~US@WY^+5*U*sC1GYVVH-xb#RS8=<`yntQ8`+|sm`+$l zz3{Sy5-S&*ri(n8I#x@`Cru&Epk(IlJJ4RHR>s}w!$BqE>{OzU87{W-SdmQ>?0qMW zgWjDDo(T;GNf?n-H6xQV%roSy9B?LP+}6bT{{rg(6#v?JF&GYpgVEM#IM~_!ZZI0{ z42Ih~L-l)4z8Y?i_MYk<6i1=NGiL|lT&Qgu#y6*ZPm-WcYLx@ z&nJz#&L61nlLnoy?fB8*ho9b^AD^9kIC^{j>h$L~hZijf0Kw5AI7+GW(};LJGI^5% z7y=UtQN7UVL}x(|5e*?pftiy}E$2oKv7aN`-I)`vqy3&=dJaGB{0{{U3 M|0kN=@&FzJ04*uBtpET3 literal 0 HcmV?d00001 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/.helmignore b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/.helmignore new file mode 100644 index 000000000..be86b789d --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# Helm files +OWNERS diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/Chart.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/Chart.yaml new file mode 100644 index 000000000..a6b1d082b --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/Chart.yaml @@ -0,0 +1,18 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator + catalog.cattle.io/release-name: k8s-triliovault-operator +apiVersion: v1 +appVersion: 2.8.0 +description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. +home: https://github.com/trilioData/k8s-triliovault-operator +icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png +kubeVersion: '>=1.18.0-0' +maintainers: +- email: prafull.ladha@trilio.io + name: prafull11 +name: k8s-triliovault-operator +sources: +- https://github.com/trilioData/k8s-triliovault-operator +version: 2.8.0 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/LICENSE b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/LICENSE new file mode 100644 index 000000000..76b559d3b --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/LICENSE @@ -0,0 +1 @@ +# Placeholder for the License if we decide to provide one diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/README.md b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/README.md new file mode 100644 index 000000000..326adc826 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/README.md @@ -0,0 +1,197 @@ +# K8s-TrilioVault-Operator +This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application. + +## Introduction + +## Prerequisites + +- Kubernetes 1.19+ +- PV provisioner support +- CSI driver should be installed + +### One Click Installation + +In one click install for upstream operator, a cluster scope TVM custom resource `triliovault-manager` is created. + +```shell script +helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator +helm install tvm trilio-vault-operator/k8s-triliovault-operator +``` + +#### One click install with preflight Configuration + +The following table lists the configuration parameter of the upstream operator one click install feature as well as preflight check flags, their default values and usage. + +| Parameter | Description | Default | Example | +|--------------------------------------------------------------------|---------------------------------------------------------------------------------------------------|------------|-------------------------| +| `installTVK.enabled` | 1 click install feature is enabled | true | | +| `installTVK.applicationScope` | scope of TVK application created | Cluster | | +| `installTVK.ingressConfig.host` | host of the ingress resource created | "" | | +| `installTVK.ingressConfig.tlsSecretName` | tls secret name which contains ingress certs | "" | | +| `installTVK.ingressConfig.annotations` | annotations to be added on ingress resource | "" | | +| `installTVK.ingressConfig.ingressClass` | ingress class name for the ingress resource | "" | | +| `installTVK.ComponentConfiguration.ingressController.enabled` | TVK ingress controller should be deployed | true | | +| `installTVK.ComponentConfiguration.ingressController.service.type` | TVK ingress controller service type | "NodePort" | | +| `preflight.enabled` | enables preflight check for tvk | false | | +| `preflight.storageClass` | Name of storage class to use for preflight checks (Required) | "" | | +| `preflight.cleanupOnFailure` | Cleanup the resources on cluster if preflight checks fail (Optional) | false | | +| `preflight.imagePullSecret` | Name of the secret for authentication while pulling the images from the local registry (Optional) | "" | | +| `preflight.limits` | Pod memory and cpu resource limits for DNS and volume snapshot preflight check (Optional) | "" | "cpu=600m,memory=256Mi" | +| `preflight.localRegistry` | Name of the local registry from where the images will be pulled (Optional) | "" | | +| `preflight.nodeSelector` | Node selector labels for pods to schedule on a specific nodes of cluster (Optional) | "" | "key=value" | +| `preflight.pvcStorageRequest` | PVC storage request for volume snapshot preflight check (Optional) | "" | "2Gi" | +| `preflight.requests` | Pod memory and cpu resource requests for DNS and volume snapshot preflight check (Optional) | "" | "cpu=300m,memory=128Mi" | +| `preflight.volumeSnapshotClass` | Name of volume snapshot class to use for preflight checks (Optional) | "" | | + +Check the TVM CR configuration by running following command: + +``` +kubectl get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml +``` + +Once the operator pod is in running state, the TVK pods getting spawned. Confirm the [TVK pods are up](#Check-TVK-Install). + +#### Note: + +If preflight check is enabled and helm install fails, check pre-install helm hook pod logs for any failure in preflight check. Do the following steps: + +First, run this command: +``` +kubectl get pods -n +``` + +The pod name should start with `-preflight-job-preinstall-hook`. Check the logs of the pod by the following command: +``` +kubectl logs -f -n +``` + +#### The failed preflight job is not cleaned up automatically right after failure. If the user cluster version is 1.21 and above, the job will be cleaned up after 1 hour so user should collect any failure logs within 1 hr of job failure. For cluster version below 1.21, user has to clean up failed preflight job manually. + +To delete the job manually, run the following command: +``` +kubectl delete job -f -n +``` + +where job name should also start with `-preflight-job-preinstall-hook` + +Also, due to a bug at helm side where auto deletion of resources upon failure doesn't work, user needs to clean the following resources left behind to be able to run preflight again, until the bug is fixed from their side, after which this step will be handled automatically. Run the following command to clean up the temporary resources: + +1. Cleanup Service Account: + ``` + kubectl delete sa -preflight-service-account -n + ``` +2. Cleanup Cluster Role Binding: + ``` + kubectl delete clusterrolebinding --preflight-rolebinding + ``` +3. Cleanup Cluster Role: + ``` + kubectl delete clusterrole --preflight-role + ``` + +## Manual Installation + +To install the operator on local setup just run the latest helm charts inside this repo + +```shell script +helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator +helm install tvm trilio-vault-operator/k8s-triliovault-operator +``` + +Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows: + +``` +apiVersion: triliovault.trilio.io/v1 +kind: TrilioVaultManager +metadata: + labels: + triliovault: k8s + name: tvk +spec: + trilioVaultAppVersion: latest + applicationScope: Cluster + # User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section + ingressConfig: + host: "trilio.co.in" + tlsSecretName: "secret-name" + # TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook. + # User can configure resources for all componentes and can configure service type and host for the ingress-controller + componentConfiguration: + web-backend: + resources: + requests: + memory: "400Mi" + cpu: "200m" + limits: + memory: "2584Mi" + cpu: "1000m" + ingress-controller: + enabled: true + service: + type: LoadBalancer +``` + +### Apply the Custom Resource + +Apply `TVM.yaml`: + +```shell +kubectl create -f TVM.yaml +``` + +### Check TVK Install + +Check that the pods were created: + +``` +kubectl get pods +``` + +``` +NAME READY STATUS RESTARTS AGE +k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc 1/1 Running 0 81s +k8s-triliovault-backend-6f66b6b8d5-gxtmz 1/1 Running 0 81s +k8s-triliovault-control-plane-6c464c5d78-ftk6g 1/1 Running 0 81s +k8s-triliovault-exporter-59566f97dd-gs4xc 1/1 Running 0 81s +k8s-triliovault-ingress-nginx-controller-867c764cd5-qhpx6 1/1 Running 0 18s +k8s-triliovault-web-967c8475-m7pc6 1/1 Running 0 81s +tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb 1/1 Running 0 6m48s +``` + +Check that ingress controller service is of type LoadBalancer: +``` +NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE +k8s-triliovault-admission-webhook ClusterIP 10.7.243.24 443/TCP 129m +k8s-triliovault-ingress-nginx-controller LoadBalancer 10.7.246.193 35.203.155.148 80:30362/TCP,443:32327/TCP 129m +k8s-triliovault-ingress-nginx-controller-admission ClusterIP 10.7.250.31 443/TCP 129m +k8s-triliovault-web ClusterIP 10.7.254.41 80/TCP 129m +k8s-triliovault-web-backend ClusterIP 10.7.252.146 80/TCP 129m +tvm-k8s-triliovault-operator-webhook-service ClusterIP 10.7.248.163 443/TCP 130m 123m +``` + +Check that ingress resources has the host defined by the user: +``` +NAME CLASS HOSTS ADDRESS PORTS AGE +k8s-triliovault k8s-triliovault-default-nginx * 35.203.155.148 80 129m +``` + +You can access the TVK UI by hitting this address in your browser: https://35.203.155.148 + +## Delete + +```shell +kubectl delete -f TVM.yaml +``` + +## Uninstall + +To uninstall/delete the operator helm chart : + +```bash +helm uninstall tvm +``` + +## TrilioVaultManager compatibility + +We maintain the version parity between the TrilioVaultManager(upstream operator) and TrilioVault for Kubernetes. Whenever +user wants to upgrade to the new version, should use the same version for upstream operator and Triliovault for Kubernetes. diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/crds/triliovault.trilio.io_triliovaultmanagers.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/crds/triliovault.trilio.io_triliovaultmanagers.yaml new file mode 100644 index 000000000..76dbdff53 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/crds/triliovault.trilio.io_triliovaultmanagers.yaml @@ -0,0 +1,1200 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: triliovaultmanagers.triliovault.trilio.io +spec: + group: triliovault.trilio.io + names: + kind: TrilioVaultManager + listKind: TrilioVaultManagerList + plural: triliovaultmanagers + shortNames: + - tvm + singular: triliovaultmanager + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.trilioVaultAppVersion + name: TrilioVault-Version + type: string + - jsonPath: .spec.applicationScope + name: Scope + type: string + - jsonPath: .status.conditions.type + name: Status + type: string + - jsonPath: .spec.restoreNamespaces + name: Restore-Namespaces + type: string + name: v1 + schema: + openAPIV3Schema: + description: TrilioVaultManager is the Schema for the triliovaultmanagers + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager + properties: + affinity: + description: The scheduling constraints on application pods. + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements + by node's fields. + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied + to the union of the namespaces selected by this + field and the ones listed in the namespaces field. + null selector and null or empty namespaces list + means "this pod's namespace". An empty selector + ({}) matches all namespaces. This field is beta-level + and is only honored when PodAffinityNamespaceSelector + feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. + items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list + of namespace names that the term applies to. The + term is applied to the union of the namespaces + listed in this field and the ones selected by + namespaceSelector. null or empty namespaces list + and null namespaceSelector means "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaceSelector: + description: A label query over the set of namespaces + that the term applies to. The term is applied to the + union of the namespaces selected by this field and + the ones listed in the namespaces field. null selector + and null or empty namespaces list means "this pod's + namespace". An empty selector ({}) matches all namespaces. + This field is beta-level and is only honored when + PodAffinityNamespaceSelector feature is enabled. + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + type: object + namespaces: + description: namespaces specifies a static list of namespace + names that the term applies to. The term is applied + to the union of the namespaces listed in this field + and the ones selected by namespaceSelector. null or + empty namespaces list and null namespaceSelector means + "this pod's namespace" + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + applicationScope: + description: Scope for the application which will be installed in + the cluster NamespaceScope or ClusterScope + enum: + - Cluster + - Namespaced + type: string + componentConfiguration: + description: ComponentConfiguration holds all the field related to + components. + properties: + admission-webhook: + description: AdmissionWebhook holds all configuration keys related + to admission-webhook + type: object + x-kubernetes-preserve-unknown-fields: true + control-plane: + description: ControlPlane holds all configuration keys related + to control-plane + type: object + x-kubernetes-preserve-unknown-fields: true + exporter: + description: Exporter holds all configuration keys related to + exporter + type: object + x-kubernetes-preserve-unknown-fields: true + ingress-controller: + description: IngressController holds all configuration keys related + to ingress-controller + type: object + x-kubernetes-preserve-unknown-fields: true + web: + description: Web holds all configuration keys related to web + type: object + x-kubernetes-preserve-unknown-fields: true + web-backend: + description: WebBackend holds all configuration keys related to + web-backend + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + dataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Deprecated: DataJobLimits are the resource limits for + all the data processing jobs.' + type: object + dataJobResources: + description: DataJobResources is the resource limits & requests for + all the data processing jobs. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + deploymentLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: DeploymentLimits are the resource limits for all the + deployments. + type: object + helmValues: + description: HelmValues holds all the additional fields in the values.yaml + of TVK helm chart. + type: object + x-kubernetes-preserve-unknown-fields: true + helmVersion: + description: 'Deprecated: Helm Version' + properties: + tillerNamespace: + type: string + version: + enum: + - v3 + type: string + required: + - version + type: object + ingressConfig: + description: IngressConfig holds field related to ingress + properties: + annotations: + additionalProperties: + type: string + type: object + host: + type: string + ingressClass: + type: string + tlsSecretName: + type: string + type: object + logLevel: + description: LogLevel is a level used in TVK logging. + enum: + - Panic + - Fatal + - Error + - Warn + - Info + - Debug + - Trace + type: string + metadataJobLimits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Deprecated: MetadataJobLimits are the resource limits + for all the meta processing jobs.' + type: object + metadataJobResources: + description: MetadataJobResources is the resource limits & requests + for all the meta processing jobs. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + nodeSelector: + additionalProperties: + type: string + description: NodeSelector specifies a map of key-value pairs. For + the pod to be eligible to run on a node, the node must have each + of the indicated key-value pairs as labels. + type: object + resources: + description: 'Deprecated: Resources are the resource requirements + for the containers.' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + restoreNamespaces: + description: 'Deprecated: RestoreNamespaces are the namespace where + you want to restore your applications. Restore Namespaces depends + on your k8s RBAC' + items: + type: string + type: array + tolerations: + description: The toleration of application against the specific taints + on the nodes + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + trilioVaultAppVersion: + description: Helm Chart version + type: string + tvkInstanceName: + description: TVKInstanceName is a TVK installation name to be displayed + on UI. + type: string + required: + - applicationScope + type: object + status: + description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager + properties: + conditions: + properties: + lastTransitionTime: + format: date-time + nullable: true + type: string + message: + minLength: 0 + type: string + reason: + enum: + - InstallSuccessful + - UpdateSuccessful + - UninstallSuccessful + - InstallError + - UpdateError + - ReconcileError + - UninstallError + type: string + status: + enum: + - "True" + - "False" + - Unknown + type: string + type: + enum: + - Initialized + - Deployed + - Updated + - ReleaseFailed + - Irreconcilable + type: string + type: object + deployedRelease: + properties: + manifest: + type: string + name: + type: string + type: object + helmRevision: + type: integer + releaseVersion: + type: string + required: + - conditions + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/questions.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/questions.yaml new file mode 100644 index 000000000..ce9c928b3 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/questions.yaml @@ -0,0 +1,120 @@ +questions: +- variable: installTVK.enabled + default: true + description: "TriloVault Manager is an instance of TrilioVault for Kubernetes. Selecting this checkbox automatically creates a TrilioVault Manager instance" + required: true + type: boolean + label: "Install TrilioVault Manager Automatically" + group: "TrilioVault Manager Install Configuration" + +- variable: installTVK.tvkInstanceName + show_if: "installTVK.enabled=true" + default: "triliovault-manager" + description: "TrilioVault Manager Instance Name. This will be used to manage the Kubernetes cluster in TVK Management Console and backups performed by the TrilioVault for Kubernetes" + required: true + type: string + label: "TrilioVault Manager Instance Name" + group: "TrilioVault Manager Install Configuration" + +- variable: installTVK.applicationScope + default: Cluster + description: "TrilioVault Manager installation scope: Cluster or Namespaced" + required: true + type: enum + label: "TrilioVault Manager Installation Scope" + group: "TrilioVault Manager Install Configuration" + options: + - "Cluster" + - "Namespaced" + +- variable: installTVK.ingressConfig.host + default: "rancher.k8s-tvk.com" + description: "Hostname URL to access the TVK Management Console - For example: rancher.k8s-tvk.com" + required: true + type: hostname + label: "TVK Management Console Hostname URL" + group: "Ingress Configuration" + +- variable: installTVK.ingressConfig.tlsSecretName + default: "" + description: "TLS Secret containing an appropriate certificate to access the TVK Management Console over HTTPS protocol. Secret should of type kubernetes.io/tls" + required: false + type: secret + label: "TLS Secret of type kubernetes.io/tls (Optional)" + group: "Ingress Configuration" + +- variable: installTVK.ComponentConfiguration.ingressController.enabled + default: true + description: "Select if Trilio provided Ingress Controller (nginx) should be leveraged or if an existing Ingress Controller within the cluster should be used" + required: true + type: boolean + label: "Use Trilio Provided Ingress Controller" + group: "Ingress Configuration" + +- variable: installTVK.ComponentConfiguration.ingressController.service.type + show_if: "installTVK.ComponentConfiguration.ingressController.enabled=true" + default: "NodePort" + description: "Ingress Controller Service Type to access the TVK Management Console" + required: true + type: enum + label: "Ingress Controller Service Type" + group: "Ingress Configuration" + options: + - "NodePort" + - "LoadBalancer" + +- variable: installTVK.ingressConfig.ingressClass + show_if: "installTVK.ComponentConfiguration.ingressController.enabled=false" + default: "" + description: "Name of an existing Ingress Class to use to access the TVK Management Console. Ingress class must exist on the Kubernetes cluster" + required: true + type: string + label: "Ingress Class Name" + group: "Ingress Configuration" + +- variable: installTVK.ingressConfig.annotations + show_if: "installTVK.ComponentConfiguration.ingressController.enabled=false" + default: "" + description: "Annotations to add for the TrilioVault Manager ingress resource - For example: {'foo':'bar'}" + required: false + type: string + label: "Annotations for Ingress Resource (Optional)" + group: "Ingress Configuration" + +- variable: proxySettings.PROXY_ENABLED + default: false + description: "Select this checkbox to deploy the TrilioVault Manager via a proxy server" + required: false + type: boolean + label: "Proxy Settings (Optional)" + group: "Proxy Settings" + show_subquestion_if: true + subquestions: + - variable: proxySettings.NO_PROXY + default: "" + description: "Provide the user defined IPs/hosts and subnets to exempt from proxy. User can provide comma separated values. For example: 'localhost,127.0.0.1,10.239.112.0/20,10.240.0.0/14'" + required: false + type: string + label: "No Proxy (Optional)" + group: "Proxy Settings" + - variable: proxySettings.HTTP_PROXY + default: "" + description: "Provide HTTP proxy information. For example: http://:@:" + required: true + type: string + label: "HTTP Proxy" + group: "Proxy Settings" + - variable: proxySettings.HTTPS_PROXY + default: "" + description: "Provide HTTPS proxy information. For example: https://:@:" + required: true + type: string + label: "HTTPS Proxy" + group: "Proxy Settings" + - variable: proxySettings.CA_BUNDLE_CONFIGMAP + default: "" + description: "Provide a CA Certificate bundle configmap present on the Kubernetes cluster to communicate with the proxy server" + required: false + type: string + label: "CA Certificate Bundle Configmap Name (Optional)" + group: "Proxy Settings" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/NOTES.txt b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/NOTES.txt new file mode 100644 index 000000000..a8956fdfd --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/NOTES.txt @@ -0,0 +1,59 @@ +TrilioVault Operator is a helm based operator which install/upgrade/delete the helm Chart of the TrilioVault For Kubernetes. +This operator watches over the entire helm application of TrilioVault for Kubernetes and has self-healing capabilities. + +To verify that TrilioVault Operator has started, run: + + kubectl --namespace={{ .Release.Namespace }} wait --for=condition=ready pod -l "release={{ .Release.Name }}" + +{{ if .Values.installTVK.enabled }} +In one click install, a cluster scope TVM custom resource triliovault-manager is created, you can check its +configuration by running following command: + + kubectl --namespace {{ .Release.Namespace }} get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml + +{{- else }} + +Once the Triliovault operator is in running state, you can create the TrilioVault for Kubernetes(TVK) with the +following custom resource: + + apiVersion: triliovault.trilio.io/v1 + kind: TrilioVaultManager + metadata: + labels: + app: triliovault + name: triliovault-manager + namespace: {{ .Release.Namespace }} + spec: + trilioVaultAppVersion: latest + applicationScope: Cluster + ingressConfig: + host: "" + componentConfiguration: + ingress-controller: + enabled: true + service: + type: LoadBalancer + +Once the above CR has been created, you have to wait for the TVK pods to come up. +{{- end }} + +To check all the TVK pods come into running state, run: + + kubectl --namespace {{ .Release.Namespace }} wait --for=condition=ready pod -l "release=triliovault-manager-{{ .Release.Namespace }}" + +Once all the pods are in running state, you can access the TVK UI from your browser using following steps: + +{{- if .Values.installTVK.enabled }} +{{- if eq .Values.installTVK.ComponentConfiguration.ingressController.service.type "LoadBalancer" }} + 1. Find the external IP of the service `k8s-triliovault-ingress-nginx-controller` + 2. Hit the URL in browser: https:// +{{- else }} + 1. Find the NodePort from the service `k8s-triliovault-ingress-nginx-controller` + 2. Hit the URL in browser with NodePort: https://:/ +{{- end }} +{{- end }} + +For more details on how to access the TVK UI, follow this guide: https://docs.trilio.io/kubernetes/management-console-ui/accessing-the-ui + +You can start backup and restore of your application using TVK. For more details on how to do that, please follow our +getting started guide: https://docs.trilio.io/kubernetes/getting-started-3/getting-started/getting-started-1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/TVMCustomResource.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/TVMCustomResource.yaml new file mode 100644 index 000000000..9717b8235 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/TVMCustomResource.yaml @@ -0,0 +1,44 @@ +{{- if .Values.installTVK.enabled }} +{{- if not (lookup "triliovault.trilio.io/v1" "TrilioVaultManager" "" "").items }} + {{template "k8s-triliovault-operator.tlsSecretValidation" .}} +apiVersion: triliovault.trilio.io/v1 +kind: TrilioVaultManager +metadata: + name: "triliovault-manager" + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install +spec: + {{- if eq .Chart.Version "0.1.0" }} + trilioVaultAppVersion: latest + {{- else}} + trilioVaultAppVersion: {{ .Chart.AppVersion }} + {{- end }} + applicationScope: {{ .Values.installTVK.applicationScope }} + {{- if .Values.installTVK.tvkInstanceName }} + tvkInstanceName: {{ .Values.installTVK.tvkInstanceName }} + {{- end }} + # User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section + ingressConfig: + {{- if and (gt (len .Values.installTVK.ingressConfig.annotations) 0) (not .Values.installTVK.ComponentConfiguration.ingressController.enabled) }} + annotations: + {{- range $key, $value := .Values.installTVK.ingressConfig.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end -}} + {{- end }} + host: {{ .Values.installTVK.ingressConfig.host | quote }} + {{- if not .Values.installTVK.ComponentConfiguration.ingressController.enabled }} + ingressClass: {{ .Values.installTVK.ingressConfig.ingressClass | quote }} + {{- end }} + {{- if .Values.installTVK.ingressConfig.tlsSecretName }} + tlsSecretName: {{ .Values.installTVK.ingressConfig.tlsSecretName | quote }} + {{- end }} + # TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook. + # User can configure resources for all componentes and can configure service type and host for the ingress-controller + componentConfiguration: + ingress-controller: + enabled: {{ .Values.installTVK.ComponentConfiguration.ingressController.enabled }} + service: + type: {{ .Values.installTVK.ComponentConfiguration.ingressController.service.type }} +{{- end -}} +{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/_helpers.tpl b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/_helpers.tpl new file mode 100644 index 000000000..46d123feb --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/_helpers.tpl @@ -0,0 +1,66 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "k8s-triliovault-operator.name" -}} +{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "k8s-triliovault-operator.appName" -}} +{{- printf "%s" .Chart.Name -}} +{{- end -}} + + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "k8s-triliovault-operator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper TrilioVault Operator image name +*/}} +{{- define "k8s-triliovault-operator.image" -}} +{{- $registryName := .Values.image.registry -}} +{{- $repositoryName := .Values.image.repository -}} +{{- $tag := .Values.image.tag | toString -}} +{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} +{{- end -}} + +{{/* +Validation of the secret of CA bundle if provided +*/}} +{{- define "k8s-triliovault-operator.caBundleValidation" -}} +{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} +{{- if not (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP) }} + {{ fail "Proxy CA bundle proxy is not present in the release namespace" }} +{{- else }} + {{- $caMap := (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP).data }} + {{- if not (get $caMap "ca-bundle.crt") }} + {{ fail "Proxy CA certificate file key should be ca-bundle.crt" }} + {{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Validation for the ingress tlsSecret, should exists if provided +*/}} + +{{- define "k8s-triliovault-operator.tlsSecretValidation" }} +{{- if .Values.installTVK.ingressConfig.tlsSecretName -}} +{{- if not (lookup "v1" "Secret" .Release.Namespace .Values.installTVK.ingressConfig.tlsSecretName ) -}} + {{ fail "Ingress tls secret is not present in the release namespace" }} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole.yaml new file mode 100644 index 000000000..a6208e049 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole.yaml @@ -0,0 +1,133 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - watch + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + - services + - services/finalizers + - secrets + - events + - pods + - endpoints + - configmaps + verbs: + - create + - update + - delete + - patch + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + - mutatingwebhookconfigurations + verbs: + - create + - update + - delete + - patch + - apiGroups: + - apps + resources: + - deployments + verbs: + - create + - update + - delete + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + - roles + - rolebindings + verbs: + - create + - update + - delete + - patch + - bind + - escalate + - apiGroups: + - triliovault.trilio.io + resources: + - '*' + verbs: + - '*' + - apiGroups: + - "" + resources: + - namespaces + verbs: + - update + - apiGroups: + - batch + resources: + - cronjobs + verbs: + - delete + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - create + - update + - patch + - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses + - ingressclasses + verbs: + - create + - patch + - update + - delete + - apiGroups: + - networking.k8s.io + resources: + - ingresses/status + verbs: + - update + - apiGroups: + - networking.k8s.io + resources: + - ingressclasses + verbs: + - delete diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole_binding.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole_binding.yaml new file mode 100644 index 000000000..49d5655f6 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/clusterrole_binding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-manager-rolebinding + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role +subjects: +- kind: ServiceAccount + name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account + namespace: {{ .Release.Namespace }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/deployment.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/deployment.yaml new file mode 100644 index 000000000..ffb823c80 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/deployment.yaml @@ -0,0 +1,202 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + selector: + matchLabels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + replicas: {{ .Values.replicaCount }} + template: + metadata: + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + spec: + hostNetwork: {{ .Values.podSpec.hostNetwork }} + hostIPC: {{ .Values.podSpec.hostIPC }} + hostPID: {{ .Values.podSpec.hostPID }} + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.podSpec.securityContext | nindent 8 }} + {{- end }} + containers: + - name: k8s-triliovault-operator + image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.proxySettings.PROXY_ENABLED }} + envFrom: + - secretRef: + name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- end }} + env: + {{- if .Values.proxySettings.PROXY_ENABLED }} + - name: PROXY_SETTINGS_SECRET + value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: PROXY_CA_CONFIGMAP + value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + {{- end }} + {{- end }} + {{- if .Values.tvkEnv }} + - name: TVK_ENV + value: {{ .Values.tvkEnv }} + {{- end}} + {{- if .Values.tvkHelmRepo }} + - name: TVK_HELM_REPO + value: {{ .Values.tvkHelmRepo }} + {{- end }} + - name: INSTALL_NAMESPACE + value: {{ .Release.Namespace }} + - name: REGISTRY + value: {{ .Values.registry }} + - name: ADMISSION_MUTATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + - name: ADMISSION_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + - name: NAMESPACE_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + livenessProbe: + httpGet: + path: /healthz + port: 8081 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 30 + timeoutSeconds: 2 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: proxy-ca-cert + mountPath: /proxy-certs + readOnly: true + {{- end }} + {{- if .Values.tls.enable }} + - name: helm-tls-certs + mountPath: /root/.helm + readOnly: true + {{- if .Values.tls.verify }} + - name: helm-tls-ca + mountPath: /root/.helm/ca.crt + readOnly: true + {{- end }} + {{- end }} + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: webhook-certs + readOnly: true + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + resources: + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 10m + memory: 10Mi + initContainers: + - name: webhook-init + image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + {{- end }} + {{- if .Values.proxySettings.PROXY_ENABLED }} + envFrom: + - secretRef: + name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- end }} + env: + {{- if .Values.proxySettings.PROXY_ENABLED }} + - name: PROXY_SETTINGS_SECRET + value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + {{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: PROXY_CA_CONFIGMAP + value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + {{- end }} + {{- end }} + - name: TVK_ENV + value: {{ .Values.tvkEnv }} + - name: TVK_HELM_REPO + value: {{ .Values.tvkHelmRepo }} + - name: RELEASE_VERSION + value: {{ .Chart.AppVersion }} + - name: ADMISSION_MUTATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + - name: ADMISSION_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + - name: NAMESPACE_VALIDATION_CONFIG + value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + - name: WEBHOOK_SERVICE + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + - name: WEBHOOK_NAMESPACE + value: {{ .Release.Namespace }} + - name: SECRET_NAME + value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + volumeMounts: + - name: proxy-ca-cert + mountPath: /proxy-certs + readOnly: true + {{- end }} + serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account + {{- if .Values.nodeSelector }} + nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + {{- end }} + volumes: + {{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + - name: proxy-ca-cert + configMap: + name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }} + {{- end }} + {{- if .Values.tls.enable }} + - name: helm-tls-certs + secret: + secretName: {{ .Values.tls.secretName }} + defaultMode: 0400 + {{- if .Values.tls.verify }} + - name: helm-tls-ca + configMap: + name: {{ template "k8s-triliovault-operator.fullname" . }}-helm-tls-ca-config + defaultMode: 0600 + {{- end }} + {{- end }} + - name: webhook-certs + secret: + defaultMode: 420 + secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/mutating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/mutating-webhook.yaml new file mode 100644 index 000000000..692feec4e --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/mutating-webhook.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-mutating-webhook-configuration + app.kubernetes.io/managed-by: {{ .Release.Service }} +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /mutate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-mutation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers + sideEffects: None + admissionReviewVersions: + - v1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/ns-validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/ns-validating-webhook.yaml new file mode 100644 index 000000000..f0e0618e2 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/ns-validating-webhook.yaml @@ -0,0 +1,37 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-ns-validating-webhook-configuration + app.kubernetes.io/managed-by: {{ .Release.Service }} +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-core-v1-namespace + failurePolicy: Fail + name: v1-tvm-ns-validation.trilio.io + namespaceSelector: + matchExpressions: + - key: trilio-operator-label + operator: In + values: + - {{ .Release.Namespace }} + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - DELETE + resources: + - namespaces + scope: '*' + sideEffects: None + admissionReviewVersions: + - v1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/preflight_job_preinstall_hook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/preflight_job_preinstall_hook.yaml new file mode 100644 index 000000000..82fb5a05e --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/preflight_job_preinstall_hook.yaml @@ -0,0 +1,190 @@ +{{- if .Values.preflight.enabled -}} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-preflight-role + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-preflight-role + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": hook-failed, hook-succeeded + "helm.sh/hook-weight": "1" +rules: + - apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - list + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - serviceaccounts + - pods + - persistentvolumeclaims + - pods/exec + verbs: + - create + - update + - delete + - patch + - apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - clusterrolebindings + verbs: + - create + - update + - delete + - patch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - apiGroups: + - storage.k8s.io + resources: + - storageclasses + verbs: + - get + - list + - apiGroups: + - snapshot.storage.k8s.io + resources: + - volumesnapshots + - volumesnapshotclasses + verbs: + - get + - list + - create + - update + - delete + +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-preflight-service-account + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-preflight-service-account + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": hook-failed, hook-succeeded + "helm.sh/hook-weight": "2" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-preflight-rolebinding + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-preflight-rolebinding + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": hook-failed, hook-succeeded + "helm.sh/hook-weight": "3" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-preflight-role +subjects: + - kind: ServiceAccount + name: {{ template "k8s-triliovault-operator.name" . }}-preflight-service-account + namespace: {{ .Release.Namespace }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-preflight-job-preinstall-hook-{{ randAlphaNum 4 | lower }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-preflight-job-preinstall-hook + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-weight": "4" +spec: + backoffLimit: 0 + ttlSecondsAfterFinished: 3600 + template: + spec: + containers: + - name: preflight + image: {{ index .Values "registry" }}/{{ index .Values "preflight" "repository" }}:latest + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: + - /bin/sh + - -c + - >- + /opt/tvk-plugins/preflight run --in-cluster + --log-level={{ .Values.preflight.logLevel }} + --namespace={{ .Release.Namespace }} + {{- if .Values.preflight.cleanupOnFailure }} + --cleanup-on-failure + {{- end }} + {{- if .Values.preflight.imagePullSecret }} + --image-pull-secret={{ .Values.preflight.imagePullSecret }} + {{- end }} + {{- if .Values.preflight.limits }} + --limits={{ .Values.preflight.limits }} + {{- end }} + {{- if .Values.preflight.localRegistry }} + --local-registry={{ .Values.preflight.localRegistry }} + {{- end }} + {{- if .Values.preflight.nodeSelector }} + --node-selector={{ .Values.preflight.nodeSelector }} + {{- end }} + {{- if .Values.preflight.pvcStorageRequest }} + --pvc-storage-request={{ .Values.preflight.pvcStorageRequest }} + {{- end }} + {{- if .Values.preflight.requests }} + --requests={{ .Values.preflight.requests }} + {{- end }} + {{- if .Values.preflight.storageClass }} + --storage-class={{ .Values.preflight.storageClass }} + {{- end }} + {{- if .Values.preflight.volumeSnapshotClass }} + --volume-snapshot-class={{ .Values.preflight.volumeSnapshotClass }} + {{- end }} + restartPolicy: Never + terminationGracePeriodSeconds: 0 + serviceAccountName: {{ template "k8s-triliovault-operator.name" . }}-preflight-service-account +{{- end }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/proxyConfig.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/proxyConfig.yaml new file mode 100644 index 000000000..99725af36 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/proxyConfig.yaml @@ -0,0 +1,21 @@ +{{- if .Values.proxySettings.PROXY_ENABLED }} + {{ template "k8s-triliovault-operator.caBundleValidation" . }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-proxy + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + {{- range $key, $val := .Values.proxySettings }} + {{ $val = $val| toString | b64enc }} + {{- if $val -}} + {{ $key }}: {{ $val }} + {{- end -}} + {{- end }} +type: Opaque +{{- end }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/secret.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/secret.yaml new file mode 100644 index 000000000..782140c5a --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-certs + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/serviceAccount.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/serviceAccount.yaml new file mode 100644 index 000000000..4c51e5fa4 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/serviceAccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-service-account + app.kubernetes.io/managed-by: {{ .Release.Service }} diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/validating-webhook.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/validating-webhook.yaml new file mode 100644 index 000000000..c66b6a429 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/validating-webhook.yaml @@ -0,0 +1,31 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration + labels: + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration + app.kubernetes.io/managed-by: {{ .Release.Service }} +webhooks: +- clientConfig: + caBundle: Cg== + service: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + path: /validate-triliovault-trilio-io-v1-triliovaultmanager + failurePolicy: Fail + name: v1-tvm-validation.trilio.io + rules: + - apiGroups: + - triliovault.trilio.io + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - triliovaultmanagers + sideEffects: None + admissionReviewVersions: + - v1 diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/webhook-service.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/webhook-service.yaml new file mode 100644 index 000000000..bed6993c7 --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/templates/webhook-service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" + app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }} + app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-service + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + ports: + - port: 443 + targetPort: 9443 + selector: + app: {{ template "k8s-triliovault-operator.fullname" . }} + release: "{{ .Release.Name }}" diff --git a/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/values.yaml b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/values.yaml new file mode 100644 index 000000000..74fb0431c --- /dev/null +++ b/charts/k8s-triliovault-operator/k8s-triliovault-operator/2.8.0/values.yaml @@ -0,0 +1,92 @@ +## TrilioVault Operator +registry: "eu.gcr.io/amazing-chalice-243510" + +operator-webhook-init: + repository: operator-webhook-init + +k8s-triliovault-operator: + repository: k8s-triliovault-operator + +tag: "2.8.0" + +tvkHelmRepo: "" + +preflight: + enabled: false + repository: preflight + logLevel: "INFO" + cleanupOnFailure: false + imagePullSecret: "" + limits: "" + localRegistry: "" + nodeSelector: "" + pvcStorageRequest: "" + requests: "" + storageClass: "" + volumeSnapshotClass: "" + +affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + +image: + pullPolicy: Always +tls: + secretName: "helm-client-certs" + verify: false + enable: false + keyFile: "tls.key" + certFile: "tls.crt" + caContent: "" + hostname: "" + +nameOverride: "" + +replicaCount: 1 + +proxySettings: + PROXY_ENABLED: false + NO_PROXY: "" + HTTP_PROXY: "" + HTTPS_PROXY: "" + CA_BUNDLE_CONFIGMAP: "" + +podSpec: + hostIPC: false + hostNetwork: false + hostPID: false + securityContext: + runAsNonRoot: true + runAsUser: 1001 + +securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: true + runAsUser: 1001 + capabilities: + drop: + - ALL + +installTVK: + enabled: true + applicationScope: Cluster + tvkInstanceName: "" + ingressConfig: + host: "" + tlsSecretName: "" + annotations: {} + ingressClass: "" + ComponentConfiguration: + ingressController: + enabled: true + service: + type: NodePort + diff --git a/index.yaml b/index.yaml index dd3ee378c..d250c3de8 100755 --- a/index.yaml +++ b/index.yaml @@ -2130,6 +2130,28 @@ entries: - assets/instana-agent/instana-agent-1.0.2900.tgz version: 1.0.2900 k8s-triliovault-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator + catalog.cattle.io/release-name: k8s-triliovault-operator + apiVersion: v1 + appVersion: 2.8.0 + created: "2022-04-11T10:14:21.437221724Z" + description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault + Application Lifecycle. + digest: 4f722478e86aa4106036c799f3fa9c4c483d4f28d4fd3d661f4d6490330dde09 + home: https://github.com/trilioData/k8s-triliovault-operator + icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png + kubeVersion: '>=1.18.0-0' + maintainers: + - email: prafull.ladha@trilio.io + name: prafull11 + name: k8s-triliovault-operator + sources: + - https://github.com/trilioData/k8s-triliovault-operator + urls: + - assets/k8s-triliovault-operator/k8s-triliovault-operator-2.8.0.tgz + version: 2.8.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator