diff --git a/README.md b/README.md index 2336a1f4b..256c0faf0 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,25 @@ bin/partner-charts-ci auto ```bash bin/partner-charts-ci validate ``` +#### Testing new chart on Rancher Apps UI +1. If you haven't done so yet, pull down your new chart files into your local `partner-charts` repository: +```bash +a) Get scripts: scripts/pull-ci-scripts +b) List and find your company name/chart: bin/partner-charts-ci list | grep +c) set PACKAGE variable to your company/chart: export PACKAGE=/ or export PACKAGE= +d) Run bin/partner-charts-ci stage or auto # the new charts should be downloaded +``` +2. In your local `partner-charts` directory start a python3 http server: +```bash +#python3 -m http.server 8000 +``` +3. From a second terminal expose your local http server via ngrok ( https://ngrok.com/download ) +```bash +#./ngrok http 8000 +``` +4. In Rancher UI create a test repository that points to your local `partner-charts` repo by selecting an appropriate cluster and going to Apps > Repositories and clicking "Create". Enter a Name, copy ngrok forwarding url and paste it into Target http(s) "Index URL" and click "Create" again. + +5. Once the new repository is "Active" go to Apps > Charts , find your new chart, review Readme is correct, etc. and install it. It should be successfully deployed. ## Overlay diff --git a/assets/aquarist-labs/s3gw-0.11.0.tgz b/assets/aquarist-labs/s3gw-0.11.0.tgz new file mode 100644 index 000000000..8b74f8714 Binary files /dev/null and b/assets/aquarist-labs/s3gw-0.11.0.tgz differ diff --git a/assets/argo/argo-cd-5.19.12.tgz b/assets/argo/argo-cd-5.19.12.tgz new file mode 100644 index 000000000..262e81df4 Binary files /dev/null and b/assets/argo/argo-cd-5.19.12.tgz differ diff --git a/assets/argo/argo-cd-5.19.15.tgz b/assets/argo/argo-cd-5.19.15.tgz new file mode 100644 index 000000000..25e9bc1d1 Binary files /dev/null and b/assets/argo/argo-cd-5.19.15.tgz differ diff --git a/assets/argo/argo-cd-5.20.0.tgz b/assets/argo/argo-cd-5.20.0.tgz new file mode 100644 index 000000000..4e3f68e55 Binary files /dev/null and b/assets/argo/argo-cd-5.20.0.tgz differ diff --git a/assets/avesha/kubeslice-controller-0.5.0.tgz b/assets/avesha/kubeslice-controller-0.5.0.tgz new file mode 100644 index 000000000..323df25b8 Binary files /dev/null and b/assets/avesha/kubeslice-controller-0.5.0.tgz differ diff --git a/assets/avesha/kubeslice-worker-0.5.0.tgz b/assets/avesha/kubeslice-worker-0.5.0.tgz new file mode 100644 index 000000000..d1938cf27 Binary files /dev/null and b/assets/avesha/kubeslice-worker-0.5.0.tgz differ diff --git a/assets/bitnami/airflow-14.0.10.tgz b/assets/bitnami/airflow-14.0.10.tgz new file mode 100644 index 000000000..692db6718 Binary files /dev/null and b/assets/bitnami/airflow-14.0.10.tgz differ diff --git a/assets/bitnami/airflow-14.0.11.tgz b/assets/bitnami/airflow-14.0.11.tgz new file mode 100644 index 000000000..bd5a38d9a Binary files /dev/null and b/assets/bitnami/airflow-14.0.11.tgz differ diff --git a/assets/bitnami/cassandra-10.0.2.tgz b/assets/bitnami/cassandra-10.0.2.tgz new file mode 100644 index 000000000..f47ec97f6 Binary files /dev/null and b/assets/bitnami/cassandra-10.0.2.tgz differ diff --git a/assets/bitnami/kafka-20.0.6.tgz b/assets/bitnami/kafka-20.0.6.tgz new file mode 100644 index 000000000..a77fa6d7c Binary files /dev/null and b/assets/bitnami/kafka-20.0.6.tgz differ diff --git a/assets/bitnami/mariadb-11.4.5.tgz b/assets/bitnami/mariadb-11.4.5.tgz new file mode 100644 index 000000000..a5a98443b Binary files /dev/null and b/assets/bitnami/mariadb-11.4.5.tgz differ diff --git a/assets/bitnami/mariadb-11.4.6.tgz b/assets/bitnami/mariadb-11.4.6.tgz new file mode 100644 index 000000000..aa5ba73e9 Binary files /dev/null and b/assets/bitnami/mariadb-11.4.6.tgz differ diff --git a/assets/bitnami/postgresql-12.1.13.tgz b/assets/bitnami/postgresql-12.1.13.tgz new file mode 100644 index 000000000..92d0fce02 Binary files /dev/null and b/assets/bitnami/postgresql-12.1.13.tgz differ diff --git a/assets/bitnami/postgresql-12.1.14.tgz b/assets/bitnami/postgresql-12.1.14.tgz new file mode 100644 index 000000000..66b2da64b Binary files /dev/null and b/assets/bitnami/postgresql-12.1.14.tgz differ diff --git a/assets/bitnami/redis-17.7.2.tgz b/assets/bitnami/redis-17.7.2.tgz new file mode 100644 index 000000000..be8e13233 Binary files /dev/null and b/assets/bitnami/redis-17.7.2.tgz differ diff --git a/assets/bitnami/spark-6.3.16.tgz b/assets/bitnami/spark-6.3.16.tgz new file mode 100644 index 000000000..71d7b3cd1 Binary files /dev/null and b/assets/bitnami/spark-6.3.16.tgz differ diff --git a/assets/bitnami/tomcat-10.5.10.tgz b/assets/bitnami/tomcat-10.5.10.tgz new file mode 100644 index 000000000..96e6de582 Binary files /dev/null and b/assets/bitnami/tomcat-10.5.10.tgz differ diff --git a/assets/bitnami/tomcat-10.5.13.tgz b/assets/bitnami/tomcat-10.5.13.tgz new file mode 100644 index 000000000..4880de734 Binary files /dev/null and b/assets/bitnami/tomcat-10.5.13.tgz differ diff --git a/assets/bitnami/tomcat-10.5.14.tgz b/assets/bitnami/tomcat-10.5.14.tgz new file mode 100644 index 000000000..1cadbb3c1 Binary files /dev/null and b/assets/bitnami/tomcat-10.5.14.tgz differ diff --git a/assets/bitnami/wordpress-15.2.36.tgz b/assets/bitnami/wordpress-15.2.36.tgz new file mode 100644 index 000000000..6ecb64719 Binary files /dev/null and b/assets/bitnami/wordpress-15.2.36.tgz differ diff --git a/assets/bitnami/wordpress-15.2.37.tgz b/assets/bitnami/wordpress-15.2.37.tgz new file mode 100644 index 000000000..308a389a4 Binary files /dev/null and b/assets/bitnami/wordpress-15.2.37.tgz differ diff --git a/assets/bitnami/wordpress-15.2.38.tgz b/assets/bitnami/wordpress-15.2.38.tgz new file mode 100644 index 000000000..b0bfecdd5 Binary files /dev/null and b/assets/bitnami/wordpress-15.2.38.tgz differ diff --git a/assets/bitnami/zookeeper-11.1.2.tgz b/assets/bitnami/zookeeper-11.1.2.tgz new file mode 100644 index 000000000..6d9726d19 Binary files /dev/null and b/assets/bitnami/zookeeper-11.1.2.tgz differ diff --git a/assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz b/assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz new file mode 100644 index 000000000..59fb695b3 Binary files /dev/null and b/assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz differ diff --git a/assets/citrix/citrix-ingress-controller-1.29.5.tgz b/assets/citrix/citrix-ingress-controller-1.29.5.tgz new file mode 100644 index 000000000..c02748da6 Binary files /dev/null and b/assets/citrix/citrix-ingress-controller-1.29.5.tgz differ diff --git a/assets/clastix/kamaji-0.11.0.tgz b/assets/clastix/kamaji-0.11.0.tgz new file mode 100644 index 000000000..02782a9e3 Binary files /dev/null and b/assets/clastix/kamaji-0.11.0.tgz differ diff --git a/assets/crate/crate-operator-2.22.0.tgz b/assets/crate/crate-operator-2.22.0.tgz new file mode 100644 index 000000000..7698c1214 Binary files /dev/null and b/assets/crate/crate-operator-2.22.0.tgz differ diff --git a/assets/datadog/datadog-3.10.4.tgz b/assets/datadog/datadog-3.10.4.tgz new file mode 100644 index 000000000..94ae9ff4e Binary files /dev/null and b/assets/datadog/datadog-3.10.4.tgz differ diff --git a/assets/datadog/datadog-3.10.5.tgz b/assets/datadog/datadog-3.10.5.tgz new file mode 100644 index 000000000..cb291ae95 Binary files /dev/null and b/assets/datadog/datadog-3.10.5.tgz differ diff --git a/assets/datadog/datadog-3.10.6.tgz b/assets/datadog/datadog-3.10.6.tgz new file mode 100644 index 000000000..512a2c109 Binary files /dev/null and b/assets/datadog/datadog-3.10.6.tgz differ diff --git a/assets/digitalis/vals-operator-0.7.0.tgz b/assets/digitalis/vals-operator-0.7.0.tgz new file mode 100644 index 000000000..cd1b4680f Binary files /dev/null and b/assets/digitalis/vals-operator-0.7.0.tgz differ diff --git a/assets/digitalis/vals-operator-0.7.1.tgz b/assets/digitalis/vals-operator-0.7.1.tgz deleted file mode 100644 index f0d32a87d..000000000 Binary files a/assets/digitalis/vals-operator-0.7.1.tgz and /dev/null differ diff --git a/assets/gitlab/gitlab-6.8.1.tgz b/assets/gitlab/gitlab-6.8.1.tgz new file mode 100644 index 000000000..7f8fbf966 Binary files /dev/null and b/assets/gitlab/gitlab-6.8.1.tgz differ diff --git a/assets/haproxy/haproxy-1.27.1.tgz b/assets/haproxy/haproxy-1.27.1.tgz new file mode 100644 index 000000000..8392eb999 Binary files /dev/null and b/assets/haproxy/haproxy-1.27.1.tgz differ diff --git a/assets/hashicorp/consul-1.0.3.tgz b/assets/hashicorp/consul-1.0.3.tgz new file mode 100644 index 000000000..68615cd42 Binary files /dev/null and b/assets/hashicorp/consul-1.0.3.tgz differ diff --git a/assets/instana/instana-agent-1.2.52.tgz b/assets/instana/instana-agent-1.2.52.tgz new file mode 100644 index 000000000..8b2860f81 Binary files /dev/null and b/assets/instana/instana-agent-1.2.52.tgz differ diff --git a/assets/intel/intel-device-plugins-operator-0.26.0.tgz b/assets/intel/intel-device-plugins-operator-0.26.0.tgz new file mode 100644 index 000000000..309a3b45e Binary files /dev/null and b/assets/intel/intel-device-plugins-operator-0.26.0.tgz differ diff --git a/assets/jenkins/jenkins-4.3.1.tgz b/assets/jenkins/jenkins-4.3.1.tgz new file mode 100644 index 000000000..18d8e511a Binary files /dev/null and b/assets/jenkins/jenkins-4.3.1.tgz differ diff --git a/assets/jfrog/artifactory-ha-107.49.6.tgz b/assets/jfrog/artifactory-ha-107.49.6.tgz new file mode 100644 index 000000000..4289d1c61 Binary files /dev/null and b/assets/jfrog/artifactory-ha-107.49.6.tgz differ diff --git a/assets/jfrog/artifactory-jcr-107.49.6.tgz b/assets/jfrog/artifactory-jcr-107.49.6.tgz new file mode 100644 index 000000000..4b9244f3c Binary files /dev/null and b/assets/jfrog/artifactory-jcr-107.49.6.tgz differ diff --git a/assets/k10/k10-5.5.100.tgz b/assets/k10/k10-5.5.100.tgz deleted file mode 100644 index fd11fb6b7..000000000 Binary files a/assets/k10/k10-5.5.100.tgz and /dev/null differ diff --git a/assets/k10/k10-4.5.1000.tgz b/assets/kasten/k10-4.5.1000.tgz similarity index 100% rename from assets/k10/k10-4.5.1000.tgz rename to assets/kasten/k10-4.5.1000.tgz diff --git a/assets/k10/k10-4.5.1100.tgz b/assets/kasten/k10-4.5.1100.tgz similarity index 100% rename from assets/k10/k10-4.5.1100.tgz rename to assets/kasten/k10-4.5.1100.tgz diff --git a/assets/k10/k10-4.5.1200.tgz b/assets/kasten/k10-4.5.1200.tgz similarity index 100% rename from assets/k10/k10-4.5.1200.tgz rename to assets/kasten/k10-4.5.1200.tgz diff --git a/assets/k10/k10-4.5.1300.tgz b/assets/kasten/k10-4.5.1300.tgz similarity index 100% rename from assets/k10/k10-4.5.1300.tgz rename to assets/kasten/k10-4.5.1300.tgz diff --git a/assets/k10/k10-4.5.1400.tgz b/assets/kasten/k10-4.5.1400.tgz similarity index 100% rename from assets/k10/k10-4.5.1400.tgz rename to assets/kasten/k10-4.5.1400.tgz diff --git a/assets/k10/k10-4.5.1500.tgz b/assets/kasten/k10-4.5.1500.tgz similarity index 100% rename from assets/k10/k10-4.5.1500.tgz rename to assets/kasten/k10-4.5.1500.tgz diff --git a/assets/k10/k10-4.5.900.tgz b/assets/kasten/k10-4.5.900.tgz similarity index 100% rename from assets/k10/k10-4.5.900.tgz rename to assets/kasten/k10-4.5.900.tgz diff --git a/assets/k10/k10-5.0.0.tgz b/assets/kasten/k10-5.0.0.tgz similarity index 100% rename from assets/k10/k10-5.0.0.tgz rename to assets/kasten/k10-5.0.0.tgz diff --git a/assets/k10/k10-5.0.100.tgz b/assets/kasten/k10-5.0.100.tgz similarity index 100% rename from assets/k10/k10-5.0.100.tgz rename to assets/kasten/k10-5.0.100.tgz diff --git a/assets/k10/k10-5.0.1000.tgz b/assets/kasten/k10-5.0.1000.tgz similarity index 100% rename from assets/k10/k10-5.0.1000.tgz rename to assets/kasten/k10-5.0.1000.tgz diff --git a/assets/k10/k10-5.0.1100.tgz b/assets/kasten/k10-5.0.1100.tgz similarity index 100% rename from assets/k10/k10-5.0.1100.tgz rename to assets/kasten/k10-5.0.1100.tgz diff --git a/assets/k10/k10-5.0.200.tgz b/assets/kasten/k10-5.0.200.tgz similarity index 100% rename from assets/k10/k10-5.0.200.tgz rename to assets/kasten/k10-5.0.200.tgz diff --git a/assets/k10/k10-5.0.300.tgz b/assets/kasten/k10-5.0.300.tgz similarity index 100% rename from assets/k10/k10-5.0.300.tgz rename to assets/kasten/k10-5.0.300.tgz diff --git a/assets/k10/k10-5.0.400.tgz b/assets/kasten/k10-5.0.400.tgz similarity index 100% rename from assets/k10/k10-5.0.400.tgz rename to assets/kasten/k10-5.0.400.tgz diff --git a/assets/k10/k10-5.0.500.tgz b/assets/kasten/k10-5.0.500.tgz similarity index 100% rename from assets/k10/k10-5.0.500.tgz rename to assets/kasten/k10-5.0.500.tgz diff --git a/assets/k10/k10-5.0.600.tgz b/assets/kasten/k10-5.0.600.tgz similarity index 100% rename from assets/k10/k10-5.0.600.tgz rename to assets/kasten/k10-5.0.600.tgz diff --git a/assets/k10/k10-5.0.700.tgz b/assets/kasten/k10-5.0.700.tgz similarity index 100% rename from assets/k10/k10-5.0.700.tgz rename to assets/kasten/k10-5.0.700.tgz diff --git a/assets/k10/k10-5.0.800.tgz b/assets/kasten/k10-5.0.800.tgz similarity index 100% rename from assets/k10/k10-5.0.800.tgz rename to assets/kasten/k10-5.0.800.tgz diff --git a/assets/k10/k10-5.0.900.tgz b/assets/kasten/k10-5.0.900.tgz similarity index 100% rename from assets/k10/k10-5.0.900.tgz rename to assets/kasten/k10-5.0.900.tgz diff --git a/assets/k10/k10-5.5.0.tgz b/assets/kasten/k10-5.5.0.tgz similarity index 100% rename from assets/k10/k10-5.5.0.tgz rename to assets/kasten/k10-5.5.0.tgz diff --git a/assets/kasten/k10-5.5.100.tgz b/assets/kasten/k10-5.5.100.tgz new file mode 100644 index 000000000..2d42f1861 Binary files /dev/null and b/assets/kasten/k10-5.5.100.tgz differ diff --git a/assets/kasten/k10-5.5.201.tgz b/assets/kasten/k10-5.5.201.tgz new file mode 100644 index 000000000..c787929e9 Binary files /dev/null and b/assets/kasten/k10-5.5.201.tgz differ diff --git a/assets/kasten/k10-5.5.301.tgz b/assets/kasten/k10-5.5.301.tgz new file mode 100644 index 000000000..af2adcac3 Binary files /dev/null and b/assets/kasten/k10-5.5.301.tgz differ diff --git a/assets/kasten/k10-5.5.401.tgz b/assets/kasten/k10-5.5.401.tgz new file mode 100644 index 000000000..384e03fca Binary files /dev/null and b/assets/kasten/k10-5.5.401.tgz differ diff --git a/assets/kong/kong-2.16.1.tgz b/assets/kong/kong-2.16.1.tgz new file mode 100644 index 000000000..96ef1ee04 Binary files /dev/null and b/assets/kong/kong-2.16.1.tgz differ diff --git a/assets/kong/kong-2.16.2.tgz b/assets/kong/kong-2.16.2.tgz new file mode 100644 index 000000000..c7a2e3edd Binary files /dev/null and b/assets/kong/kong-2.16.2.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.100.0.tgz b/assets/kubecost/cost-analyzer-1.100.0.tgz new file mode 100644 index 000000000..699976c51 Binary files /dev/null and b/assets/kubecost/cost-analyzer-1.100.0.tgz differ diff --git a/assets/kubecost/cost-analyzer-1.99.0.tgz b/assets/kubecost/cost-analyzer-1.99.0.tgz index c0a9920f8..541fef374 100644 Binary files a/assets/kubecost/cost-analyzer-1.99.0.tgz and b/assets/kubecost/cost-analyzer-1.99.0.tgz differ diff --git a/assets/kuma/kuma-2.1.0.tgz b/assets/kuma/kuma-2.1.0.tgz new file mode 100644 index 000000000..5c029506b Binary files /dev/null and b/assets/kuma/kuma-2.1.0.tgz differ diff --git a/assets/mongodb/community-operator-0.7.8.tgz b/assets/mongodb/community-operator-0.7.8.tgz new file mode 100644 index 000000000..2923a9619 Binary files /dev/null and b/assets/mongodb/community-operator-0.7.8.tgz differ diff --git a/assets/nats/nats-0.19.7.tgz b/assets/nats/nats-0.19.7.tgz new file mode 100644 index 000000000..6d4e0620e Binary files /dev/null and b/assets/nats/nats-0.19.7.tgz differ diff --git a/assets/nats/nats-0.19.8.tgz b/assets/nats/nats-0.19.8.tgz new file mode 100644 index 000000000..f89435ec9 Binary files /dev/null and b/assets/nats/nats-0.19.8.tgz differ diff --git a/assets/percona/psmdb-operator-1.13.3.tgz b/assets/percona/psmdb-operator-1.13.3.tgz new file mode 100644 index 000000000..81b9c20a1 Binary files /dev/null and b/assets/percona/psmdb-operator-1.13.3.tgz differ diff --git a/assets/redpanda/redpanda-2.6.3.tgz b/assets/redpanda/redpanda-2.6.3.tgz new file mode 100644 index 000000000..91cb74e7b Binary files /dev/null and b/assets/redpanda/redpanda-2.6.3.tgz differ diff --git a/assets/redpanda/redpanda-2.6.4.tgz b/assets/redpanda/redpanda-2.6.4.tgz new file mode 100644 index 000000000..6faaafd5d Binary files /dev/null and b/assets/redpanda/redpanda-2.6.4.tgz differ diff --git a/assets/redpanda/redpanda-2.8.0.tgz b/assets/redpanda/redpanda-2.8.0.tgz new file mode 100644 index 000000000..284b307cc Binary files /dev/null and b/assets/redpanda/redpanda-2.8.0.tgz differ diff --git a/assets/redpanda/redpanda-2.8.1.tgz b/assets/redpanda/redpanda-2.8.1.tgz new file mode 100644 index 000000000..9739b99fc Binary files /dev/null and b/assets/redpanda/redpanda-2.8.1.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.2.19.tgz b/assets/speedscale/speedscale-operator-1.2.19.tgz new file mode 100644 index 000000000..0a57a316c Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.2.19.tgz differ diff --git a/assets/speedscale/speedscale-operator-1.2.20.tgz b/assets/speedscale/speedscale-operator-1.2.20.tgz new file mode 100644 index 000000000..96c5d9cb2 Binary files /dev/null and b/assets/speedscale/speedscale-operator-1.2.20.tgz differ diff --git a/assets/yugabyte/yugabyte-2.16.1.tgz b/assets/yugabyte/yugabyte-2.16.1.tgz new file mode 100644 index 000000000..8b3b4d888 Binary files /dev/null and b/assets/yugabyte/yugabyte-2.16.1.tgz differ diff --git a/assets/yugabyte/yugaware-2.16.1.tgz b/assets/yugabyte/yugaware-2.16.1.tgz new file mode 100644 index 000000000..90d13b35a Binary files /dev/null and b/assets/yugabyte/yugaware-2.16.1.tgz differ diff --git a/charts/aquarist-labs/s3gw/Chart.yaml b/charts/aquarist-labs/s3gw/Chart.yaml index 09c7faec9..9b5b5f8ed 100644 --- a/charts/aquarist-labs/s3gw/Chart.yaml +++ b/charts/aquarist-labs/s3gw/Chart.yaml @@ -26,4 +26,4 @@ sources: - https://github.com/aquarist-labs/s3gw - https://github.com/aquarist-labs/ceph type: application -version: 0.10.0 +version: 0.11.0 diff --git a/charts/aquarist-labs/s3gw/README.md b/charts/aquarist-labs/s3gw/README.md index 5388aba7d..33fc51ad3 100644 --- a/charts/aquarist-labs/s3gw/README.md +++ b/charts/aquarist-labs/s3gw/README.md @@ -1,45 +1,61 @@ -# Quickstart +# [s3gw][s3gw-url] -To install s3gw using Helm add the chart to your Helm repos and then run `helm -install`: +s3gw is an S3-compatible service focused on deployments in a Kubernetes +environment backed by any PVC, including Longhorn. Since its inception, the +primary focus has been on cloud native deployments. However, the s3gw can be +deployed in a myriad of scenarios, provided some form of storage is attached. + +s3gw is based on Ceph’s RADOSGW (RGW) but runs as a stand–alone service without +the RADOS cluster and relies on a storage backend still under heavy development +by the storage team at SUSE. A web-based UI for management and an object +explorer are also part of s3gw. + +## Quickstart + +To install s3gw using Helm add the chart to your Helm repository and then run +`helm install`: ```bash helm add repo s3gw https://aquarist-labs.github.io/s3gw-charts/ -helm --namespace s3gw-system install s3gw s3gw/s3gw --create-namespace -``` - -In order to install s3gw using Helm, from this repository directly, first you -must clone the repo: - -```bash -git clone https://github.com/aquarist-labs/s3gw-charts.git -``` - -Before installing, familiarize yourself with the options, if necessary provide -your own `values.yaml` file. -Then change into the repository and install using Helm: - -```bash -cd s3gw-charts -helm install $RELEASE_NAME charts/s3gw \ - --namespace $S3GW_NAMESPACE \ +helm \ + --namespace s3gw-system \ + install s3gw \ + s3gw/s3gw \ --create-namespace \ -f /path/to/your/custom/values.yaml ``` ## Rancher -Installing s3gw via the Rancher App Catalog is made easy, the steps are as follows: +Installing s3gw via the Rancher App Catalog is made easy, the steps are as +follows: - Cluster -> Projects/Namespaces - create the `s3gw` namespace. - Apps -> Repositories -> Create `s3gw` using the s3gw-charts Git URL and the `main` branch. - Apps -> Charts -> Install `Traefik`. -- Apps -> Charts -> Install `s3gw`. Select the `s3gw` namespace previously created. - A `pvc` for `s3gw` will be created automatically during installation. +- Apps -> Charts -> Install `s3gw`. Select the `s3gw` namespace previously + created. A `pvc` for `s3gw` will be created automatically during installation. ## Documentation -You can access our documentation [here][1]. +You can access our documentation [here][docs-url]. -[1]: https://s3gw-docs.readthedocs.io/en/latest/helm-charts/ +## License + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use licensed files except in compliance with the License. +You may obtain a copy of the License at + + + +or the LICENSE file in this repository. + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. + +[s3gw-url]: https://s3gw.io +[docs-url]: https://s3gw-docs.readthedocs.io/en/latest/helm-charts/ diff --git a/charts/aquarist-labs/s3gw/questions.yaml b/charts/aquarist-labs/s3gw/questions.yaml index 3a27d305d..5733cbf86 100644 --- a/charts/aquarist-labs/s3gw/questions.yaml +++ b/charts/aquarist-labs/s3gw/questions.yaml @@ -101,19 +101,39 @@ questions: type: string group: "General" + - variable: defaultUserCredentialsSecret + default: s3gw-creds + description: | + "The name of the secret containing the + S3 credentials for the default user" + type: string + group: "General" + + - variable: useExistingSecret + default: false + description: | + "Check this to use a preexisting secret + containing the S3 credentials for the default user" + type: boolean + group: "General" + - variable: accessKey + show_if: "useExistingSecret=false" default: test - description: "S3 Access Key" + description: | + "Set this as the empty string to make the Chart + to compute a random alphanumeric value" label: "S3 Access Key" - required: true type: string group: "General" - variable: secretKey + show_if: "useExistingSecret=false" default: test - description: "S3 Secret Key" + description: | + "Set this as the empty string to make the Chart + to compute a random alphanumeric value" label: "S3 Secret Key" - required: true type: string group: "General" diff --git a/charts/aquarist-labs/s3gw/templates/NOTES.txt b/charts/aquarist-labs/s3gw/templates/NOTES.txt index e69de29bb..d27381295 100644 --- a/charts/aquarist-labs/s3gw/templates/NOTES.txt +++ b/charts/aquarist-labs/s3gw/templates/NOTES.txt @@ -0,0 +1,16 @@ +Thank you for installing {{ .Chart.Name }} {{ printf "v%s" .Chart.Version }} + +The S3 endpoint is available at: + +{{ printf "%s.%s" .Values.serviceName .Values.publicDomain | indent 4 }} +{{ if .Values.ui.enabled}} +and the web interface is available at: + +{{ printf "%s.%s" .Values.ui.serviceName .Values.ui.publicDomain | indent 4 }} +{{- end }} +{{ if and (not .Values.useExistingSecret) (empty .Values.accessKey) }} +An access key has been generated: {{ include "s3gw.defaultAccessKey" . | quote }} +{{- end }} +{{- if and (not .Values.useExistingSecret) (empty .Values.secretKey) }} +A secret key has been generated: {{ include "s3gw.defaultSecretKey" . | quote }} +{{ end }} diff --git a/charts/aquarist-labs/s3gw/templates/_helpers.tpl b/charts/aquarist-labs/s3gw/templates/_helpers.tpl index 66a4a1f46..c22cdc683 100644 --- a/charts/aquarist-labs/s3gw/templates/_helpers.tpl +++ b/charts/aquarist-labs/s3gw/templates/_helpers.tpl @@ -97,3 +97,16 @@ Image Pull Secret {{- $au := (printf "%s:%s" $un $pw | b64enc) }} {{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" $rg $un $pw $em $au | b64enc}} {{- end }} + + +{{/* +Default Access Credentials +*/}} +{{- define "s3gw.defaultAccessKey" -}} +{{- $key := default (randAlphaNum 32) .Values.accessKey }} +{{- printf "%s" $key }} +{{- end }} +{{- define "s3gw.defaultSecretKey" -}} +{{- $key := default (randAlphaNum 32) .Values.secretKey }} +{{- printf "%s" $key }} +{{- end }} diff --git a/charts/aquarist-labs/s3gw/templates/deployment.yaml b/charts/aquarist-labs/s3gw/templates/deployment.yaml index 4731bafeb..500565e40 100644 --- a/charts/aquarist-labs/s3gw/templates/deployment.yaml +++ b/charts/aquarist-labs/s3gw/templates/deployment.yaml @@ -48,7 +48,7 @@ spec: name: s3-tls envFrom: - secretRef: - name: s3gw-secret + name: {{ .Values.defaultUserCredentialsSecret }} volumeMounts: - name: s3gw-lh-store mountPath: /data @@ -96,5 +96,5 @@ spec: - configMapRef: name: s3gw-config - secretRef: - name: s3gw-secret + name: {{ .Values.defaultUserCredentialsSecret }} {{- end }} diff --git a/charts/aquarist-labs/s3gw/templates/secret.yaml b/charts/aquarist-labs/s3gw/templates/secret.yaml index fd2f64aec..cdf13e1a7 100644 --- a/charts/aquarist-labs/s3gw/templates/secret.yaml +++ b/charts/aquarist-labs/s3gw/templates/secret.yaml @@ -1,15 +1,17 @@ +{{- if not .Values.useExistingSecret }} --- apiVersion: v1 kind: Secret metadata: - name: '{{ .Chart.Name }}-secret' + name: '{{ .Values.defaultUserCredentialsSecret }}' namespace: {{ .Release.Namespace }} labels: {{ include "s3gw.labels" . | indent 4 }} type: Opaque stringData: - RGW_DEFAULT_USER_ACCESS_KEY: {{ .Values.accessKey | quote }} - RGW_DEFAULT_USER_SECRET_KEY: {{ .Values.secretKey | quote }} + RGW_DEFAULT_USER_ACCESS_KEY: {{ include "s3gw.defaultAccessKey" . | quote }} + RGW_DEFAULT_USER_SECRET_KEY: {{ include "s3gw.defaultSecretKey" . | quote }} +{{- end }} {{- if .Values.imageCredentials }} --- apiVersion: v1 diff --git a/charts/aquarist-labs/s3gw/values.yaml b/charts/aquarist-labs/s3gw/values.yaml index 84a33eb3d..ccdb42b4c 100644 --- a/charts/aquarist-labs/s3gw/values.yaml +++ b/charts/aquarist-labs/s3gw/values.yaml @@ -55,9 +55,17 @@ ui: # # 'serviceName' is the service name of S3GW. serviceName: "s3gw" -# 'accessKey' is the S3 Access Key +# 'useExistingSecret' use an existing secret containing the S3 credentials +# for the default user +useExistingSecret: false +# 'defaultUserCredentialsSecret' the name of the secret containing +# the S3 Access Key and the S3 Secret Key for the default user. +defaultUserCredentialsSecret: "s3gw-creds" +# 'accessKey' is the S3 Access Key; the value is used when useExistingSecret: false. +# Set this as the empty string to make the Chart to compute a random alphanumeric value. accessKey: "test" -# 'secretKey' is the S3 Secret Key +# 'secretKey' is the S3 Secret Key; the value is used when useExistingSecret: false +# Set this as the empty string to make the Chart to compute a random alphanumeric value. secretKey: "test" # 'publicDomain' is the public domain of S3GW used by the Ingress publicDomain: "be.127.0.0.1.omg.howdoi.website" diff --git a/charts/argo/argo-cd/Chart.yaml b/charts/argo/argo-cd/Chart.yaml index efc5cabb9..a23d783f0 100644 --- a/charts/argo/argo-cd/Chart.yaml +++ b/charts/argo/argo-cd/Chart.yaml @@ -1,12 +1,15 @@ annotations: artifacthub.io/changes: | - - "[Added]: Added logFormat, logLevel and extraArgs to Slack bot" + - kind: changed + description: Upgrade Argo CD to 2.6.0 + - kind: deprecated + description: ApplicationSet args, logFormat and logLevel superseded by configs.params catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Argo CD catalog.cattle.io/kube-version: '>=1.22.0-0' catalog.cattle.io/release-name: argo-cd apiVersion: v2 -appVersion: v2.5.8 +appVersion: v2.6.0 dependencies: - condition: redis-ha.enabled name: redis-ha @@ -28,4 +31,4 @@ name: argo-cd sources: - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd - https://github.com/argoproj/argo-cd -version: 5.19.9 +version: 5.20.0 diff --git a/charts/argo/argo-cd/README.md b/charts/argo/argo-cd/README.md index 54a11752f..652620e55 100644 --- a/charts/argo/argo-cd/README.md +++ b/charts/argo/argo-cd/README.md @@ -415,6 +415,8 @@ NAME: my-release | configs.credentialTemplatesAnnotations | object | `{}` | Annotations to be added to `configs.credentialTemplates` Secret | | configs.gpg.annotations | object | `{}` | Annotations to be added to argocd-gpg-keys-cm configmap | | configs.gpg.keys | object | `{}` (See [values.yaml]) | [GnuPG] public keys to add to the keyring | +| configs.params."applicationsetcontroller.enable.progressive.syncs" | bool | `false` | Enables use of the Progressive Syncs capability | +| configs.params."applicationsetcontroller.policy" | string | `"sync"` | Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` | | configs.params."controller.operation.processors" | int | `10` | Number of application operation processors | | configs.params."controller.repo.server.timeout.seconds" | int | `60` | Repo server RPC call timeout seconds. | | configs.params."controller.self.heal.timeout.seconds" | int | `5` | Specifies timeout between application self heal attempts | @@ -464,10 +466,12 @@ NAME: my-release | controller.clusterRoleRules.rules | list | `[]` | List of custom rules for the application controller's ClusterRole resource | | controller.containerPorts.metrics | int | `8082` | Metrics container port | | controller.containerSecurityContext | object | See [values.yaml] | Application controller container-level security context | +| controller.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for application controller pods | | controller.env | list | `[]` | Environment variables to pass to application controller | | controller.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to application controller | | controller.extraArgs | list | `[]` | Additional command line arguments to pass to application controller | | controller.extraContainers | list | `[]` | Additional containers to be added to the application controller pod | +| controller.hostNetwork | bool | `false` | Host Network for application controller pods | | controller.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the application controller | | controller.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the application controller | | controller.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the application controller | @@ -543,10 +547,12 @@ NAME: my-release | repoServer.containerPorts.server | int | `8081` | Repo server container port | | repoServer.containerSecurityContext | object | See [values.yaml] | Repo server container-level security context | | repoServer.deploymentAnnotations | object | `{}` | Annotations to be added to repo server Deployment | +| repoServer.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Repo server pods | | repoServer.env | list | `[]` | Environment variables to pass to repo server | | repoServer.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to repo server | | repoServer.extraArgs | list | `[]` | Additional command line arguments to pass to repo server | | repoServer.extraContainers | list | `[]` | Additional containers to be added to the repo server pod | +| repoServer.hostNetwork | bool | `false` | Host Network for Repo server pods | | repoServer.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the repo server | | repoServer.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the repo server | | repoServer.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the repo server | @@ -643,6 +649,7 @@ NAME: my-release | server.containerPorts.server | int | `8080` | Server container port | | server.containerSecurityContext | object | See [values.yaml] | Server container-level security context | | server.deploymentAnnotations | object | `{}` | Annotations to be added to server Deployment | +| server.dnsPolicy | string | `"ClusterFirst"` | Alternative DNS policy for Server pods | | server.env | list | `[]` | Environment variables to pass to Argo CD server | | server.envFrom | list | `[]` (See [values.yaml]) | envFrom to pass to Argo CD server | | server.extensions.containerSecurityContext | object | See [values.yaml] | Server UI extensions container-level security context | @@ -653,6 +660,7 @@ NAME: my-release | server.extensions.resources | object | `{}` | Resource limits and requests for the argocd-extensions container | | server.extraArgs | list | `[]` | Additional command line arguments to pass to Argo CD server | | server.extraContainers | list | `[]` | Additional containers to be added to the server pod | +| server.hostNetwork | bool | `false` | Host Network for Server pods | | server.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Image pull policy for the Argo CD server | | server.image.repository | string | `""` (defaults to global.image.repository) | Repository to use for the Argo CD server | | server.image.tag | string | `""` (defaults to global.image.tag) | Tag to use for the Argo CD server | @@ -874,7 +882,7 @@ server: | redis.extraContainers | list | `[]` | Additional containers to be added to the redis pod | | redis.image.imagePullPolicy | string | `""` (defaults to global.image.imagePullPolicy) | Redis image pull policy | | redis.image.repository | string | `"public.ecr.aws/docker/library/redis"` | Redis repository | -| redis.image.tag | string | `"7.0.5-alpine"` | Redis tag | +| redis.image.tag | string | `"7.0.7-alpine"` | Redis tag | | redis.imagePullSecrets | list | `[]` (defaults to global.imagePullSecrets) | Secrets with credentials to pull images from a private registry | | redis.initContainers | list | `[]` | Init containers to add to the redis pod | | redis.metrics.enabled | bool | `false` | Deploy metrics service | @@ -932,7 +940,7 @@ The main options are listed here: | redis-ha.exporter.tag | string | `"1.45.0"` | Tag to use for the redis-exporter | | redis-ha.haproxy.enabled | bool | `true` | Enabled HAProxy LoadBalancing/Proxy | | redis-ha.haproxy.metrics.enabled | bool | `true` | HAProxy enable prometheus metric scraping | -| redis-ha.image.tag | string | `"7.0.5-alpine"` | Redis tag | +| redis-ha.image.tag | string | `"7.0.7-alpine"` | Redis tag | | redis-ha.persistentVolume.enabled | bool | `false` | Configures persistency on Redis nodes | | redis-ha.redis.config | object | See [values.yaml] | Any valid redis config options in this section will be applied to each server (see `redis-ha` chart) | | redis-ha.redis.config.save | string | `'""'` | Will save the DB if both the given number of seconds and the given number of write operations against the DB occurred. `""` is disabled | @@ -965,8 +973,7 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | Key | Type | Default | Description | |-----|------|---------|-------------| | applicationSet.affinity | object | `{}` | Assign custom [affinity] rules | -| applicationSet.args.dryRun | bool | `false` | Enable dry run mode | -| applicationSet.args.policy | string | `"sync"` | How application is synced between the generator and the cluster | +| applicationSet.args | object | `{}` | DEPRECATED - ApplicationSet controller command line flags | | applicationSet.containerPorts.metrics | int | `8080` | Metrics container port | | applicationSet.containerPorts.probe | int | `8081` | Probe container port | | applicationSet.containerPorts.webhook | int | `7000` | Webhook container port | @@ -990,8 +997,6 @@ If you want to use an existing Redis (eg. a managed service from a cloud provide | applicationSet.livenessProbe.periodSeconds | int | `10` | How often (in seconds) to perform the [probe] | | applicationSet.livenessProbe.successThreshold | int | `1` | Minimum consecutive successes for the [probe] to be considered successful after having failed | | applicationSet.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the [probe] times out | -| applicationSet.logFormat | string | `""` (defaults to global.logging.format) | ApplicationSet controller log format. Either `text` or `json` | -| applicationSet.logLevel | string | `""` (defaults to global.logging.level) | ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error` | | applicationSet.metrics.enabled | bool | `false` | Deploy metrics service | | applicationSet.metrics.service.annotations | object | `{}` | Metrics service annotations | | applicationSet.metrics.service.labels | object | `{}` | Metrics service labels | diff --git a/charts/argo/argo-cd/templates/NOTES.txt b/charts/argo/argo-cd/templates/NOTES.txt index 210cf3bbe..002d38442 100644 --- a/charts/argo/argo-cd/templates/NOTES.txt +++ b/charts/argo/argo-cd/templates/NOTES.txt @@ -76,6 +76,18 @@ DEPRECATED option configs.tlsCertsAnnotations - Use configs.tls.annotations {{- if hasKey .Values.configs "tlsCerts" }} DEPRECATED option configs.tlsCerts.data - Use configs.tls.certificates {{- end }} +{{- if .Values.applicationSet.logFormat }} +DEPRECATED option applicationSet.logFormat - Use configs.params.applicationsetcontroller.log.format +{{- end }} +{{- if .Values.applicationSet.logLevel }} +DEPRECATED option applicationSet.logLevel - Use configs.params.applicationsetcontroller.log.level +{{- end }} +{{- if .Values.applicationSet.args.policy }} +DEPRECATED option applicationSet.args.policy - Use configs.params.applicationsetcontroller.policy +{{- end }} +{{- if .Values.applicationSet.args.dryRun }} +DEPRECATED option applicationSet.args.dryRun - Use configs.params.applicationsetcontroller.dryRun +{{- end }} {{- if .Values.controller.service }} REMOVED option controller.service - Use controller.metrics {{- end }} diff --git a/charts/argo/argo-cd/templates/_helpers.tpl b/charts/argo/argo-cd/templates/_helpers.tpl index bdfa010b7..bd99fc9dd 100644 --- a/charts/argo/argo-cd/templates/_helpers.tpl +++ b/charts/argo/argo-cd/templates/_helpers.tpl @@ -202,10 +202,13 @@ redis.server: {{ . | quote }} server.dex.server: {{ include "argo-cd.dex.server" . | quote }} server.dex.server.strict.tls: {{ .Values.dex.certificateSecret.enabled | toString }} {{- end }} -{{- range $component := tuple "controller" "server" "reposerver" }} +{{- range $component := tuple "applicationsetcontroller" "controller" "server" "reposerver" }} {{ $component }}.log.format: {{ $.Values.global.logging.format | quote }} {{ $component }}.log.level: {{ $.Values.global.logging.level | quote }} {{- end }} +{{- if .Values.applicationSet.enabled }} +applicationsetcontroller.enable.leader.election: {{ gt (.Values.applicationSet.replicaCount | int64) 1 }} +{{- end }} {{- end -}} {{/* diff --git a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml index d853a8560..634431dd3 100644 --- a/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml +++ b/charts/argo/argo-cd/templates/argocd-application-controller/statefulset.yaml @@ -312,3 +312,5 @@ spec: {{- with .Values.controller.priorityClassName }} priorityClassName: {{ . }} {{- end }} + hostNetwork: {{ .Values.controller.hostNetwork }} + dnsPolicy: {{ .Values.controller.dnsPolicy }} diff --git a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml index 6fd9170c4..82324f4d1 100644 --- a/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-applicationset/deployment.yaml @@ -54,14 +54,20 @@ spec: - --metrics-addr=:{{ .Values.applicationSet.containerPorts.metrics }} - --probe-addr=:{{ .Values.applicationSet.containerPorts.probe }} - --webhook-addr=:{{ .Values.applicationSet.containerPorts.webhook }} - - --argocd-repo-server={{ template "argo-cd.repoServer.fullname" . }}:{{ .Values.repoServer.service.port }} - - --enable-leader-election={{ gt ( .Values.applicationSet.replicaCount | int64) 1 }} - - --policy={{ .Values.applicationSet.args.policy }} - - --dry-run={{ .Values.applicationSet.args.dryRun }} + {{- with .Values.applicationSet.args.policy }} + - --policy={{ . }} + {{- end }} + {{- with .Values.applicationSet.args.dryRun }} + - --dry-run={{ . }} + {{- end }} + {{- with .Values.applicationSet.logFormat }} - --logformat - - {{ default .Values.global.logging.format .Values.applicationSet.logFormat }} + - {{ . }} + {{- end }} + {{- with .Values.applicationSet.logLevel }} - --loglevel - - {{ default .Values.global.logging.level .Values.applicationSet.logLevel }} + - {{ . }} + {{- end }} {{- with .Values.applicationSet.extraArgs }} {{- toYaml . | nindent 12 }} {{- end }} @@ -73,6 +79,66 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_LEADER_ELECTION + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.leader.election + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_NAMESPACE + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.namespace + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_REPO_SERVER + valueFrom: + configMapKeyRef: + key: repo.server + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_POLICY + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.policy + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DEBUG + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.debug + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGFORMAT + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.format + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_LOGLEVEL + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.log.level + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_DRY_RUN + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.dryrun + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_GIT_MODULES_ENABLED + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.git.submodule + name: argocd-cmd-params-cm + optional: true + - name: ARGOCD_APPLICATIONSET_CONTROLLER_ENABLE_PROGRESSIVE_SYNCS + valueFrom: + configMapKeyRef: + key: applicationsetcontroller.enable.progressive.rollouts + name: argocd-cmd-params-cm + optional: true {{- with .Values.applicationSet.extraEnvFrom }} envFrom: {{- toYaml . | nindent 12 }} diff --git a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml index c786d7143..a39c007c3 100644 --- a/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-repo-server/deployment.yaml @@ -356,3 +356,5 @@ spec: {{- with .Values.repoServer.priorityClassName }} priorityClassName: {{ . }} {{- end }} + hostNetwork: {{ .Values.repoServer.hostNetwork }} + dnsPolicy: {{ .Values.repoServer.dnsPolicy }} diff --git a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml index 2f510bc37..b0ed47d4a 100644 --- a/charts/argo/argo-cd/templates/argocd-server/deployment.yaml +++ b/charts/argo/argo-cd/templates/argocd-server/deployment.yaml @@ -262,6 +262,12 @@ spec: name: argocd-cmd-params-cm key: application.namespaces optional: true + - name: ARGOCD_SERVER_ENABLE_PROXY_EXTENSION + valueFrom: + configMapKeyRef: + name: argocd-cmd-params-cm + key: server.enable.proxy.extension + optional: true {{- with .Values.server.envFrom }} envFrom: {{- toYaml . | nindent 10 }} @@ -415,3 +421,5 @@ spec: {{- with .Values.server.priorityClassName }} priorityClassName: {{ . }} {{- end }} + hostNetwork: {{ .Values.server.hostNetwork }} + dnsPolicy: {{ .Values.server.dnsPolicy }} diff --git a/charts/argo/argo-cd/templates/crds/crd-application.yaml b/charts/argo/argo-cd/templates/crds/crd-application.yaml index 23f9b6b31..ae0f7295f 100644 --- a/charts/argo/argo-cd/templates/crds/crd-application.yaml +++ b/charts/argo/argo-cd/templates/crds/crd-application.yaml @@ -151,6 +151,14 @@ spec: which to sync the application to If omitted, will use the revision specified in app spec. type: string + revisions: + description: Revisions is the list of revision (Git) or chart + version (Helm) which to sync each source in sources field for + the application to If omitted, will use the revision specified + in app spec. + items: + type: string + type: array source: description: Source overrides the source definition set in the application. This is typically set in a Rollback operation and @@ -366,7 +374,35 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -380,6 +416,271 @@ spec: required: - repoURL type: object + sources: + description: Sources overrides the source definition set in the + application. This is typically set in a Rollback operation and + is nil during a Sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded from + being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included during + manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the + helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally + by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to + tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to + use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or + Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. + type: string + required: + - repoURL + type: object + type: array syncOptions: description: SyncOptions provide per-sync sync-options, e.g. Validate=false items: @@ -711,7 +1012,32 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -725,6 +1051,264 @@ spec: required: - repoURL type: object + sources: + description: Sources is a reference to the location of the application's + manifests or chart + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match paths + against that should be explicitly excluded from being + used during manifest generation + type: string + include: + description: Include contains a glob pattern to match paths + against that should be explicitly included during manifest + generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External Variables + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level Arguments + items: + description: JsonnetVar represents a variable to be + passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to the helm + template + items: + description: HelmFileParameter is a file parameter that's + passed to helm template during manifest generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm template + from failing when valueFiles do not exist locally by not + appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters which + are passed to the helm template command upon manifest + generation + items: + description: HelmParameter is a parameter that's passed + to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether to tell + Helm to interpret booleans and numbers as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all domains + (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name to use. + If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition installation + step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files to + use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed to + helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for templating + ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional annotations + to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional labels + to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether to + force applying common annotations to resources for Kustomize + apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to force + applying common labels to resources for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize image + definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable entries + items: + description: EnvEntry represents an entry in the application's + environment + properties: + name: + description: Name is the name of the variable, usually + expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string type + parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git or Helm) + that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the source + to sync the application to. In case of Git, this can be commit, + tag, or branch. If omitted, will equal to HEAD. In case of + Helm, this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array syncPolicy: description: SyncPolicy controls when and how a sync will be performed properties: @@ -747,6 +1331,19 @@ spec: (default: false)' type: boolean type: object + managedNamespaceMetadata: + description: ManagedNamespaceMetadata controls metadata in the + given namespace (if CreateNamespace=true) + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: description: Retry controls failed sync retry behavior properties: @@ -784,7 +1381,6 @@ spec: required: - destination - project - - source type: object status: description: ApplicationStatus contains status information for the application @@ -850,6 +1446,12 @@ spec: description: Revision holds the revision the sync was performed against type: string + revisions: + description: Revisions holds the revision of each source in + sources field the sync was performed against + items: + type: string + type: array source: description: Source is a reference to the application source used for the sync operation @@ -1067,7 +1669,35 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array type + parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type parameter. + type: object + name: + description: Name is the name identifying a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within sources + field. This field will not be used if used with a `source` + tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -1082,10 +1712,278 @@ spec: required: - repoURL type: object + sources: + description: Sources is a reference to the application sources + used for the sync operation + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be specified + for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific options + properties: + exclude: + description: Exclude contains a glob pattern to match + paths against that should be explicitly excluded + from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to match + paths against that should be explicitly included + during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a directory + recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters to + the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm parameter + type: string + path: + description: Path is the path to the file containing + the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command upon + manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to all + domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value files + to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be passed + to helm template, typically defined as a block + type: string + version: + description: Version is the Helm version to use for + templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether to + force applying common labels to resources for Kustomize + apps + type: boolean + images: + description: Images is a list of Kustomize image override + specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to resources + for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to resources + for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git repository, + and is only valid for applications sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of the + source to sync the application to. In case of Git, this + can be commit, tag, or branch. If omitted, will equal + to HEAD. In case of Helm, this is a semver tag for the + Chart's version. + type: string + required: + - repoURL + type: object + type: array required: - deployedAt - id - - revision type: object type: array observedAt: @@ -1208,6 +2106,14 @@ spec: (Helm) which to sync the application to If omitted, will use the revision specified in app spec. type: string + revisions: + description: Revisions is the list of revision (Git) or + chart version (Helm) which to sync each source in sources + field for the application to If omitted, will use the + revision specified in app spec. + items: + type: string + type: array source: description: Source overrides the source definition set in the application. This is typically set in a Rollback @@ -1440,7 +2346,37 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -1455,6 +2391,291 @@ spec: required: - repoURL type: object + sources: + description: Sources overrides the source definition set + in the application. This is typically set in a Rollback + operation and is nil during a Sync operation + items: + description: ApplicationSource contains all required + information about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must + be specified for applications sourced from a Helm + repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern + to match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern + to match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific + to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet + External Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan + a directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents + helm template from failing when valueFiles + do not exist locally by not appending them + to helm template --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter + that's passed to helm template during manifest + generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and + numbers as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the + Helm parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials + to all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release + name to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource + definition installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to + be passed to helm template, typically defined + as a block + type: string + version: + description: Version is the Helm version to + use for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific + options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of + additional annotations to add to rendered + manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies + whether to force applying common annotations + to resources for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources + for Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended + to resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended + to resources for Kustomize apps + type: string + version: + description: Version controls which version + of Kustomize to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the + Git repository, and is only valid for applications + sourced from Git. + type: string + plugin: + description: Plugin holds config management plugin + specific options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry + in the application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the + variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an + array type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map + type parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a + string type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source + within sources field. This field will not be used + if used with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository + (Git or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision + of the source to sync the application to. In case + of Git, this can be commit, tag, or branch. If + omitted, will equal to HEAD. In case of Helm, + this is a semver tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array syncOptions: description: SyncOptions provide per-sync sync-options, e.g. Validate=false @@ -1564,6 +2785,12 @@ spec: description: Revision holds the revision this sync operation was performed to type: string + revisions: + description: Revisions holds the revision this sync operation + was performed for respective indexed source in sources field + items: + type: string + type: array source: description: Source records the application source information of the sync, used for comparing auto-sync @@ -1784,7 +3011,37 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -1799,6 +3056,284 @@ spec: required: - repoURL type: object + sources: + description: Source records the application source information + of the sync, used for comparing auto-sync + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block + type: string + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array required: - revision type: object @@ -1862,6 +3397,14 @@ spec: sourceType: description: SourceType specifies the type of this application type: string + sourceTypes: + description: SourceTypes specifies the type of the sources included + in the application + items: + description: ApplicationSourceType specifies the type of the application's + source + type: string + type: array summary: description: Summary contains a list of URLs and container images used by this application @@ -2125,7 +3668,37 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying a + parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used with + a `source` tag. + type: string repoURL: description: RepoURL is the URL to the repository (Git or Helm) that contains the application manifests @@ -2140,14 +3713,297 @@ spec: required: - repoURL type: object + sources: + description: Sources is a reference to the application's multiple + sources used for comparison + items: + description: ApplicationSource contains all required information + about the source of an application + properties: + chart: + description: Chart is a Helm chart name, and must be + specified for applications sourced from a Helm repo. + type: string + directory: + description: Directory holds path/directory specific + options + properties: + exclude: + description: Exclude contains a glob pattern to + match paths against that should be explicitly + excluded from being used during manifest generation + type: string + include: + description: Include contains a glob pattern to + match paths against that should be explicitly + included during manifest generation + type: string + jsonnet: + description: Jsonnet holds options specific to Jsonnet + properties: + extVars: + description: ExtVars is a list of Jsonnet External + Variables + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + description: Additional library search dirs + items: + type: string + type: array + tlas: + description: TLAS is a list of Jsonnet Top-level + Arguments + items: + description: JsonnetVar represents a variable + to be passed to jsonnet during manifest + generation + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + description: Recurse specifies whether to scan a + directory recursively for manifests + type: boolean + type: object + helm: + description: Helm holds helm specific options + properties: + fileParameters: + description: FileParameters are file parameters + to the helm template + items: + description: HelmFileParameter is a file parameter + that's passed to helm template during manifest + generation + properties: + name: + description: Name is the name of the Helm + parameter + type: string + path: + description: Path is the path to the file + containing the values for the Helm parameter + type: string + type: object + type: array + ignoreMissingValueFiles: + description: IgnoreMissingValueFiles prevents helm + template from failing when valueFiles do not exist + locally by not appending them to helm template + --values + type: boolean + parameters: + description: Parameters is a list of Helm parameters + which are passed to the helm template command + upon manifest generation + items: + description: HelmParameter is a parameter that's + passed to helm template during manifest generation + properties: + forceString: + description: ForceString determines whether + to tell Helm to interpret booleans and numbers + as strings + type: boolean + name: + description: Name is the name of the Helm + parameter + type: string + value: + description: Value is the value for the Helm + parameter + type: string + type: object + type: array + passCredentials: + description: PassCredentials pass credentials to + all domains (Helm's --pass-credentials) + type: boolean + releaseName: + description: ReleaseName is the Helm release name + to use. If omitted it will use the application + name + type: string + skipCrds: + description: SkipCrds skips custom resource definition + installation step (Helm's --skip-crds) + type: boolean + valueFiles: + description: ValuesFiles is a list of Helm value + files to use when generating a template + items: + type: string + type: array + values: + description: Values specifies Helm values to be + passed to helm template, typically defined as + a block + type: string + version: + description: Version is the Helm version to use + for templating ("3") + type: string + type: object + kustomize: + description: Kustomize holds kustomize specific options + properties: + commonAnnotations: + additionalProperties: + type: string + description: CommonAnnotations is a list of additional + annotations to add to rendered manifests + type: object + commonLabels: + additionalProperties: + type: string + description: CommonLabels is a list of additional + labels to add to rendered manifests + type: object + forceCommonAnnotations: + description: ForceCommonAnnotations specifies whether + to force applying common annotations to resources + for Kustomize apps + type: boolean + forceCommonLabels: + description: ForceCommonLabels specifies whether + to force applying common labels to resources for + Kustomize apps + type: boolean + images: + description: Images is a list of Kustomize image + override specifications + items: + description: KustomizeImage represents a Kustomize + image definition in the format [old_image_name=]: + type: string + type: array + namePrefix: + description: NamePrefix is a prefix appended to + resources for Kustomize apps + type: string + nameSuffix: + description: NameSuffix is a suffix appended to + resources for Kustomize apps + type: string + version: + description: Version controls which version of Kustomize + to use for rendering manifests + type: string + type: object + path: + description: Path is a directory path within the Git + repository, and is only valid for applications sourced + from Git. + type: string + plugin: + description: Plugin holds config management plugin specific + options + properties: + env: + description: Env is a list of environment variable + entries + items: + description: EnvEntry represents an entry in the + application's environment + properties: + name: + description: Name is the name of the variable, + usually expressed in uppercase + type: string + value: + description: Value is the value of the variable + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + description: Array is the value of an array + type parameter. + items: + type: string + type: array + map: + additionalProperties: + type: string + description: Map is the value of a map type + parameter. + type: object + name: + description: Name is the name identifying + a parameter. + type: string + string: + description: String_ is the value of a string + type parameter. + type: string + type: object + type: array + type: object + ref: + description: Ref is reference to another source within + sources field. This field will not be used if used + with a `source` tag. + type: string + repoURL: + description: RepoURL is the URL to the repository (Git + or Helm) that contains the application manifests + type: string + targetRevision: + description: TargetRevision defines the revision of + the source to sync the application to. In case of + Git, this can be commit, tag, or branch. If omitted, + will equal to HEAD. In case of Helm, this is a semver + tag for the Chart's version. + type: string + required: + - repoURL + type: object + type: array required: - destination - - source type: object revision: description: Revision contains information about the revision the comparison has been performed to type: string + revisions: + description: Revisions contains information about the revisions + of multiple sources the comparison has been performed to + items: + type: string + type: array status: description: Status is the sync state of the comparison type: string diff --git a/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml b/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml index 48dd57c57..7a15b67de 100644 --- a/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml +++ b/charts/argo/argo-cd/templates/crds/crd-applicationset.yaml @@ -278,7 +278,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -286,6 +305,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -297,6 +475,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -321,7 +510,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -565,7 +753,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -573,6 +780,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -584,6 +950,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -608,7 +985,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -641,6 +1017,8 @@ spec: - path type: object type: array + pathParamPrefix: + type: string repoURL: type: string requeueAfterSeconds: @@ -854,7 +1232,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -862,6 +1259,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -873,6 +1429,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -897,13 +1464,13 @@ spec: required: - destination - project - - source type: object required: - metadata - spec type: object required: + - pathParamPrefix - repoURL - revision type: object @@ -1119,7 +1686,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1127,6 +1713,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -1138,6 +1883,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1162,7 +1918,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -1414,7 +2169,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1422,6 +2196,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -1433,6 +2366,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1457,7 +2401,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -1701,7 +2644,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1709,6 +2671,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -1720,6 +2841,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -1744,7 +2876,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -1777,6 +2908,8 @@ spec: - path type: object type: array + pathParamPrefix: + type: string repoURL: type: string requeueAfterSeconds: @@ -1990,7 +3123,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -1998,6 +3150,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -2009,6 +3320,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2033,13 +3355,13 @@ spec: required: - destination - project - - source type: object required: - metadata - spec type: object required: + - pathParamPrefix - repoURL - revision type: object @@ -2255,7 +3577,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -2263,6 +3604,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -2274,6 +3774,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2298,7 +3809,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -2638,7 +4148,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -2646,6 +4175,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -2657,6 +4345,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -2681,7 +4380,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3068,7 +4766,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3076,6 +4793,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3087,6 +4963,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3111,7 +4998,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3349,7 +5235,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3357,6 +5262,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3368,6 +5432,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3392,7 +5467,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3644,7 +5718,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3652,6 +5745,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3663,6 +5915,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3687,7 +5950,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -3931,7 +6193,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -3939,6 +6220,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -3950,6 +6390,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -3974,7 +6425,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -4007,6 +6457,8 @@ spec: - path type: object type: array + pathParamPrefix: + type: string repoURL: type: string requeueAfterSeconds: @@ -4220,7 +6672,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -4228,6 +6699,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -4239,6 +6869,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4263,13 +6904,13 @@ spec: required: - destination - project - - source type: object required: - metadata - spec type: object required: + - pathParamPrefix - repoURL - revision type: object @@ -4485,7 +7126,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -4493,6 +7153,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -4504,6 +7323,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4528,7 +7358,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -4868,7 +7697,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -4876,6 +7724,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -4887,6 +7894,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -4911,7 +7929,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -5298,7 +8315,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -5306,6 +8342,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -5317,6 +8512,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5341,7 +8547,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -5583,7 +8788,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -5591,6 +8815,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -5602,6 +8985,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -5626,7 +9020,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -5963,7 +9356,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -5971,6 +9383,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -5982,6 +9553,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6006,7 +9588,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -6393,7 +9974,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -6401,6 +10001,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -6412,6 +10171,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6436,7 +10206,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -6470,6 +10239,37 @@ spec: type: array goTemplate: type: boolean + strategy: + properties: + rollingSync: + properties: + steps: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + type: array + type: object + type: + type: string + type: object syncPolicy: properties: preserveResourcesOnDeletion: @@ -6681,7 +10481,26 @@ spec: type: array name: type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array type: object + ref: + type: string repoURL: type: string targetRevision: @@ -6689,6 +10508,165 @@ spec: required: - repoURL type: object + sources: + items: + properties: + chart: + type: string + directory: + properties: + exclude: + type: string + include: + type: string + jsonnet: + properties: + extVars: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + libs: + items: + type: string + type: array + tlas: + items: + properties: + code: + type: boolean + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + type: object + recurse: + type: boolean + type: object + helm: + properties: + fileParameters: + items: + properties: + name: + type: string + path: + type: string + type: object + type: array + ignoreMissingValueFiles: + type: boolean + parameters: + items: + properties: + forceString: + type: boolean + name: + type: string + value: + type: string + type: object + type: array + passCredentials: + type: boolean + releaseName: + type: string + skipCrds: + type: boolean + valueFiles: + items: + type: string + type: array + values: + type: string + version: + type: string + type: object + kustomize: + properties: + commonAnnotations: + additionalProperties: + type: string + type: object + commonLabels: + additionalProperties: + type: string + type: object + forceCommonAnnotations: + type: boolean + forceCommonLabels: + type: boolean + images: + items: + type: string + type: array + namePrefix: + type: string + nameSuffix: + type: string + version: + type: string + type: object + path: + type: string + plugin: + properties: + env: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + name: + type: string + parameters: + items: + properties: + array: + items: + type: string + type: array + map: + additionalProperties: + type: string + type: object + name: + type: string + string: + type: string + type: object + type: array + type: object + ref: + type: string + repoURL: + type: string + targetRevision: + type: string + required: + - repoURL + type: object + type: array syncPolicy: properties: automated: @@ -6700,6 +10678,17 @@ spec: selfHeal: type: boolean type: object + managedNamespaceMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object retry: properties: backoff: @@ -6724,7 +10713,6 @@ spec: required: - destination - project - - source type: object required: - metadata @@ -6736,6 +10724,24 @@ spec: type: object status: properties: + applicationStatus: + items: + properties: + application: + type: string + lastTransitionTime: + format: date-time + type: string + message: + type: string + status: + type: string + required: + - application + - message + - status + type: object + type: array conditions: items: properties: diff --git a/charts/argo/argo-cd/templates/redis/pdb.yaml b/charts/argo/argo-cd/templates/redis/pdb.yaml index 8be05f938..223c57589 100644 --- a/charts/argo/argo-cd/templates/redis/pdb.yaml +++ b/charts/argo/argo-cd/templates/redis/pdb.yaml @@ -16,7 +16,7 @@ metadata: {{- end }} {{- end }} spec: - {{- with .Values.dex.pdb.maxUnavailable }} + {{- with .Values.redis.pdb.maxUnavailable }} maxUnavailable: {{ . }} {{- else }} minAvailable: {{ .Values.redis.pdb.minAvailable | default 0 }} diff --git a/charts/argo/argo-cd/values.yaml b/charts/argo/argo-cd/values.yaml index 1a6bdda4e..6e885f107 100644 --- a/charts/argo/argo-cd/values.yaml +++ b/charts/argo/argo-cd/values.yaml @@ -205,6 +205,12 @@ configs: # -- Limit on number of concurrent manifests generate requests. Any value less the 1 means no limit. reposerver.parallelism.limit: 0 + ## ApplicationSet Properties + # -- Modify how application is synced between the generator and the cluster. One of: `sync`, `create-only`, `create-update`, `create-delete` + applicationsetcontroller.policy: sync + # -- Enables use of the Progressive Syncs capability + applicationsetcontroller.enable.progressive.syncs: false + # Argo CD RBAC policy configuration ## Ref: https://github.com/argoproj/argo-cd/blob/master/docs/operator-manual/rbac.md rbac: @@ -580,6 +586,12 @@ controller: # -- Metrics container port metrics: 8082 + # -- Host Network for application controller pods + hostNetwork: false + + # -- Alternative DNS policy for application controller pods + dnsPolicy: "ClusterFirst" + # -- Application controller container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -987,7 +999,7 @@ redis: # -- Redis repository repository: public.ecr.aws/docker/library/redis # -- Redis tag - tag: 7.0.5-alpine + tag: 7.0.7-alpine # -- Redis image pull policy # @default -- `""` (defaults to global.image.imagePullPolicy) imagePullPolicy: "" @@ -1218,7 +1230,7 @@ redis-ha: enabled: true image: # -- Redis tag - tag: 7.0.5-alpine + tag: 7.0.7-alpine ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ topologySpreadConstraints: @@ -1448,6 +1460,12 @@ server: # -- Metrics container port metrics: 8082 + # -- Host Network for Server pods + hostNetwork: false + + # -- Alternative DNS policy for Server pods + dnsPolicy: "ClusterFirst" + # -- Server container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -1931,6 +1949,12 @@ repoServer: # -- Metrics container port metrics: 8084 + # -- Host Network for Repo server pods + hostNetwork: false + + # -- Alternative DNS policy for Repo server pods + dnsPolicy: "ClusterFirst" + # -- Repo server container-level security context # @default -- See [values.yaml] containerSecurityContext: @@ -2129,18 +2153,14 @@ applicationSet: # @default -- `[]` (defaults to global.imagePullSecrets) imagePullSecrets: [] - # -- ApplicationSet controller log format. Either `text` or `json` - # @default -- `""` (defaults to global.logging.format) - logFormat: "" - # -- ApplicationSet controller log level. One of: `debug`, `info`, `warn`, `error` - # @default -- `""` (defaults to global.logging.level) - logLevel: "" - - args: + # -- DEPRECATED - ApplicationSet controller command line flags + args: {} + # DEPRECATED - Use configs.params.applicationsetcontroller.policy to override # -- How application is synced between the generator and the cluster - policy: sync + # policy: sync + # DEPRECATED - Use configs.params.applicationsetcontroller.dryrun to override # -- Enable dry run mode - dryRun: false + # dryRun: false # -- List of extra cli args to add extraArgs: [] diff --git a/charts/avesha/kubeslice-controller/Chart.yaml b/charts/avesha/kubeslice-controller/Chart.yaml index 621625735..109a0d7a2 100644 --- a/charts/avesha/kubeslice-controller/Chart.yaml +++ b/charts/avesha/kubeslice-controller/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/namespace: kubeslice-controller catalog.cattle.io/release-name: kubeslice-controller apiVersion: v2 -appVersion: 0.2.1 +appVersion: 0.5.0 description: Multi cloud networking (MCN), multi cluster, hybrid cloud networking tool for efficient, secure, policy-enforced connectivity and true multi-tenancy capabilities. KubeSlice enables enterprise platform teams to reduce infrastructure @@ -36,4 +36,4 @@ keywords: kubeVersion: '>= 1.19.0-0' name: kubeslice-controller type: application -version: 0.4.4 +version: 0.5.0 diff --git a/charts/avesha/kubeslice-controller/Readme.MD b/charts/avesha/kubeslice-controller/Readme.MD index d67032cd8..f8bb90490 100644 --- a/charts/avesha/kubeslice-controller/Readme.MD +++ b/charts/avesha/kubeslice-controller/Readme.MD @@ -1,13 +1,13 @@ # Kubeslice Enterprise Controller Helm Charts ## Prerequisites -📖 Follow the overview and registration [documentation](https://staging2-docs.avesha.io/documentation/enterprise/0.4.0/deployment-partners/deploying-kubeslice-on-rancher/) +📖 Follow the overview and registration [documentation](https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/) -- Create and configure the controller cluster following instructions in the prerequisites section [documentation](https://staging2-docs.avesha.io/documentation/enterprise/0.4.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-kubeslice-controller-on-rancher) +- Create and configure the controller cluster following instructions in the prerequisites section [documentation](https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-kubeslice-controller-on-rancher) - Copy the chart version from the upper right hand section of this page [VERSION parameter need during install and upgrade] - Click on the download chart link from the upper right hand section of this page, save it to location available from command prompt - Untar the chart to get the values.yaml file, update values.yaml with the follwing information - - cluster end point [documentation](https://staging2-docs.avesha.io/documentation/enterprise/0.4.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-kubeslice-controller-on-rancher#getting-the-controller-cluster-endpoint) + - cluster end point [documentation](https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-kubeslice-controller-on-rancher#getting-the-controller-cluster-endpoint) - helm repository username, password and email [From registration] @@ -32,7 +32,7 @@ helm upgrade --history-max=5 --namespace=kubeslice-controller kubeslice-controll ``` ### Uninstall KubeSlice Controller -- Follow instructions [documentation](https://staging2-docs.avesha.io/documentation/enterprise/0.4.0/getting-started-with-cloud-clusters/uninstalling-kubeslice/) +- Follow instructions [documentation](https://docs.avesha.io/documentation/enterprise/0.5.0/getting-started-with-cloud-clusters/uninstalling-kubeslice/uninstalling-the-kubeslice-controller/) ```console export KUBECONFIG= diff --git a/charts/avesha/kubeslice-controller/questions.yml b/charts/avesha/kubeslice-controller/questions.yml index da9c4d750..c45fecbf2 100644 --- a/charts/avesha/kubeslice-controller/questions.yml +++ b/charts/avesha/kubeslice-controller/questions.yml @@ -2,7 +2,7 @@ questions: - default: "" - description: "https://github.com/kubeslice/docs-ent/blob/AM-6087/versioned_docs/version-0.4.0/deployment-partners/deploying-kubeslice-on-rancher/deploying-kubeslice-on-rancher.mdx#registering-to-access-the-enterprise-helm-chart" + description: "https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/#registering-to-access-the-enterprise-helm-chart" group: "Global Settings" label: "Registered Username" required: true @@ -18,7 +18,7 @@ questions: variable: imagePullSecrets.password - default: "" - description: "https://github.com/kubeslice/docs-ent/blob/AM-6087/versioned_docs/version-0.4.0/deployment-partners/deploying-kubeslice-on-rancher/deploying-kubeslice-on-rancher.mdx#getting-the-controller-cluster-endpoint" + description: "https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-kubeslice-controller-on-rancher/#getting-the-controller-cluster-endpoint" group: "Controller Settings" label: "Controller Endpoint" required: true @@ -44,7 +44,7 @@ questions: options: - ClusterIP - NodePort - - LoadBanlancer + - LoadBalancer required: true type: enum variable: kubeslice.uiproxy.service.type diff --git a/charts/avesha/kubeslice-controller/templates/_helpers.tpl b/charts/avesha/kubeslice-controller/templates/_helpers.tpl index 191be7618..6e2be538c 100644 --- a/charts/avesha/kubeslice-controller/templates/_helpers.tpl +++ b/charts/avesha/kubeslice-controller/templates/_helpers.tpl @@ -1,3 +1,5 @@ +*************************kubeslice-controller********************************* + {{/* Expand the name of the chart. */}} @@ -60,3 +62,68 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +*************************PROMETHUES********************************* + +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prometheus.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "prometheus.labels" -}} +helm.sh/chart: {{ include "prometheus.chart" . }} +{{ include "prometheus.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "prometheus.selectorLabels" -}} +app.kubernetes.io/name: {{ include "prometheus.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "prometheus.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "prometheus.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/avesha/kubeslice-controller/templates/kubeslice-ui-rbac.yaml b/charts/avesha/kubeslice-controller/templates/kubeslice-api-gw-rbac.yaml similarity index 78% rename from charts/avesha/kubeslice-controller/templates/kubeslice-ui-rbac.yaml rename to charts/avesha/kubeslice-controller/templates/kubeslice-api-gw-rbac.yaml index 949b5d587..04492f2ef 100644 --- a/charts/avesha/kubeslice-controller/templates/kubeslice-ui-rbac.yaml +++ b/charts/avesha/kubeslice-controller/templates/kubeslice-api-gw-rbac.yaml @@ -1,7 +1,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: kubeslice-ui + name: kubeslice-api-gw rules: - verbs: - get @@ -16,16 +16,16 @@ rules: apiVersion: v1 kind: ServiceAccount metadata: - name: kubeslice-ui + name: kubeslice-api-gw --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: kubeslice-ui + name: kubeslice-api-gw roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: kubeslice-ui + name: kubeslice-api-gw subjects: - kind: ServiceAccount - name: kubeslice-ui \ No newline at end of file + name: kubeslice-api-gw \ No newline at end of file diff --git a/charts/avesha/kubeslice-controller/templates/kubeslice-api-gw.yaml b/charts/avesha/kubeslice-controller/templates/kubeslice-api-gw.yaml new file mode 100644 index 000000000..9c8e1ddfc --- /dev/null +++ b/charts/avesha/kubeslice-controller/templates/kubeslice-api-gw.yaml @@ -0,0 +1,58 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: kubeslice-api-gw + name: kubeslice-api-gw +spec: + ports: + - name: http + port: 8080 + protocol: TCP + targetPort: 3000 + selector: + app: kubeslice-api-gw + type: ClusterIP +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: kubeslice-api-gw + name: kubeslice-api-gw +spec: + replicas: 1 + selector: + matchLabels: + app: kubeslice-api-gw + template: + metadata: + labels: + app: kubeslice-api-gw + spec: + containers: + - image: '{{ .Values.kubeslice.apigw.image }}:{{ .Values.kubeslice.apigw.tag }}' + imagePullPolicy: '{{ .Values.kubeslice.apigw.pullPolicy }}' + env: + - name: KUBESLICE_CONTROLLER_PROMETHEUS + value: {{ .Values.kubeslice.prometheus.url }} + name: kubeslice-api-gw + ports: + - containerPort: 3000 + protocol: TCP + volumeMounts: + - mountPath: /app/secrets + name: oidc-secrets + {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} + imagePullSecrets: + - name: kubeslice-ui-image-pull-secret + {{- end }} + restartPolicy: Always + serviceAccount: kubeslice-api-gw + serviceAccountName: kubeslice-api-gw + volumes: + - name: oidc-secrets + secret: + secretName: kubeslice-ui-oidc + optional: true diff --git a/charts/avesha/kubeslice-controller/templates/kubeslice-controller.yaml b/charts/avesha/kubeslice-controller/templates/kubeslice-controller.yaml index f286a55ea..6b9c34bc7 100644 --- a/charts/avesha/kubeslice-controller/templates/kubeslice-controller.yaml +++ b/charts/avesha/kubeslice-controller/templates/kubeslice-controller.yaml @@ -22,20 +22,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null name: clusters.controller.kubeslice.io spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: kubeslice-controller-webhook-service - namespace: kubeslice-controller - path: /convert - conversionReviewVersions: - - v1 group: controller.kubeslice.io names: kind: Cluster @@ -158,20 +148,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null name: projects.controller.kubeslice.io spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: kubeslice-controller-webhook-service - namespace: kubeslice-controller - path: /convert - conversionReviewVersions: - - v1 group: controller.kubeslice.io names: kind: Project @@ -328,20 +308,10 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null name: sliceconfigs.controller.kubeslice.io spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - service: - name: kubeslice-controller-webhook-service - namespace: kubeslice-controller - path: /convert - conversionReviewVersions: - - v1 group: controller.kubeslice.io names: kind: SliceConfig @@ -400,6 +370,11 @@ spec: type: object type: object type: array + maxClusters: + default: 16 + maximum: 32 + minimum: 2 + type: integer namespaceIsolationProfile: properties: allowedNamespaces: @@ -511,6 +486,103 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: slicenodeaffinities.controller.kubeslice.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /convert + conversionReviewVersions: + - v1 + group: controller.kubeslice.io + names: + kind: SliceNodeAffinity + listKind: SliceNodeAffinityList + plural: slicenodeaffinities + singular: slicenodeaffinity + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceNodeAffinity is the Schema for the slicenodeaffinities API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SliceNodeAffinitySpec defines the desired state of SliceNodeAffinity + properties: + nodeAffinityProfiles: + description: NodeAffinityProfiles defines the node affinity profile for the slice + items: + properties: + cluster: + description: Cluster is the cluster in the slice this rule applies to + type: string + nodeAffinityRules: + description: NodeAffinityRules defines the node affinity profile for the slice + items: + properties: + namespace: + description: Namespace is the namespace in the slice this rule applies to + type: string + nodeSelectorLabels: + description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + type: object + type: array + type: object + status: + description: SliceNodeAffinityStatus defines the observed state of SliceNodeAffinity + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 @@ -597,6 +669,583 @@ status: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: sliceresourcequotaconfigs.controller.kubeslice.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /convert + conversionReviewVersions: + - v1 + group: controller.kubeslice.io + names: + kind: SliceResourceQuotaConfig + listKind: SliceResourceQuotaConfigList + plural: sliceresourcequotaconfigs + singular: sliceresourcequotaconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceResourceQuotaConfig is the Schema for the sliceresourcequotaconfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SliceResourceQuotaConfigSpec defines the desired state of SliceResourceQuotaConfig + properties: + clusterQuota: + description: ClusterQuota defines the configuration for cluster quota of a resource quota + items: + description: ClusterQuota defines the configuration for cluster quota of a resource quota + properties: + clusterName: + description: ClusterName defines the name of the cluster in ClusterQuota + type: string + namespaceQuota: + description: NamespaceQuota defines the configuration for namespace quota of a ClusterQuota + items: + description: NamespaceQuota defines the configuration for namespace quota of a NamespaceQuota + properties: + enforceQuota: + default: false + description: EnforceQuota defines the enforceQuota status flag for NamespaceQuota + type: boolean + namespace: + description: Namespace defines the namespace of the NamespaceQuota + type: string + resources: + description: Resources defines the configuration for resources for NamespaceQuota + properties: + defaultLimitPerContainer: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + defaultRequestPerContainer: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + resources: + description: Resources defines the configuration for resources for ClusterQuota + properties: + limit: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + sliceQuota: + description: SliceQuota defines the configuration for slice quota of a resource quota + properties: + resources: + description: Resources defines the configuration for resources for SliceQuota + properties: + defaultRequestPerContainer: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: object + status: + description: SliceResourceQuotaConfigStatus defines the observed state of SliceResourceQuotaConfig + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: slicerolebindings.controller.kubeslice.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /convert + conversionReviewVersions: + - v1 + group: controller.kubeslice.io + names: + kind: SliceRoleBinding + listKind: SliceRoleBindingList + plural: slicerolebindings + singular: slicerolebinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceRoleBinding is the Schema for the slicerolebindings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bindings: + items: + description: RoleBinding references a role, but does not contain it. + properties: + applyTo: + description: ApplyTo contains information about the namespace and the Subjects. + items: + description: ApplyTo contains information about the namespace and the Subjects. It adds who information via Subjects and namespace information by which namespace it exists in. + properties: + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. '*' Represents all namespaces + type: string + subjects: + description: Subjects holds references to the objects the role applies to. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + type: array + type: object + type: array + roleRef: + description: RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiVersion + - kind + - name + type: object + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + roleRefConditions: + items: + properties: + condition: + description: Condition defines conditions of a RoleRef, one of INVALID_NS, NOT_ACCESSIBLE, INVALID_RULE, INVALID_ROLE_BINDING. + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human-readable message indicating details about the transition. + type: string + namespace: + description: Name of the Namespace in case of INVALID_NS condition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + roleRef: + description: Name, APIVersion and Kind of the RoleRef + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiVersion + - kind + - name + type: object + status: + description: Status of the condition, one of True, False, Unknown. + type: string + required: + - condition + - lastUpdateTime + - reason + - roleRef + - status + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: sliceroletemplates.controller.kubeslice.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /convert + conversionReviewVersions: + - v1 + group: controller.kubeslice.io + names: + kind: SliceRoleTemplate + listKind: SliceRoleTemplateList + plural: sliceroletemplates + singular: sliceroletemplate + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceRoleTemplate is the Schema for the sliceroletemplates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + rules: + items: + description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. + items: + type: string + type: array + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule applies to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + status: + description: SliceRoleTemplateStatus defines the observed state of SliceResourceQuotaConfig + type: object + required: + - rules + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 @@ -727,6 +1376,8 @@ spec: spec: description: WorkerSliceConfigSpec defines the desired state of Slice properties: + clusterSubnetCIDR: + type: string externalGatewayConfig: properties: egress: @@ -766,6 +1417,8 @@ spec: default: false type: boolean type: object + octet: + type: integer qosProfileDetails: description: QOSProfile is the QOS Profile configuration from backend properties: @@ -818,6 +1471,8 @@ spec: sliceType: default: Application type: string + required: + - octet type: object status: description: WorkerSliceConfigStatus defines the observed state of Slice @@ -966,6 +1621,757 @@ status: conditions: [] storedVersions: [] --- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: workerslicenodeaffinities.worker.kubeslice.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /convert + conversionReviewVersions: + - v1 + group: worker.kubeslice.io + names: + kind: WorkerSliceNodeAffinity + listKind: WorkerSliceNodeAffinityList + plural: workerslicenodeaffinities + singular: workerslicenodeaffinity + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkerSliceNodeAffinity is the Schema for the workerslicenodeaffinities API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkerSliceNodeAffinitySpec defines the desired state of WorkerSliceNodeAffinity + properties: + clusterName: + description: ClusterName defines the name of the cluster for the WorkerSliceNodeAffinity + type: string + nodeAffinityRules: + description: NodeAffinityRules defines the node affinity profile for the slice + items: + properties: + namespace: + description: Namespace is the namespace in the slice this rule applies to + type: string + nodeSelectorLabels: + description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + sliceName: + description: SliceName defines the name of the slice for the WorkerSliceNodeAffinity + type: string + type: object + status: + description: WorkerSliceNodeAffinityStatus defines the observed state of WorkerSliceNodeAffinity + properties: + nodeAffinityRules: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' + items: + properties: + namespace: + description: Namespace is the namespace in the slice this rule applies to + type: string + nodeSelectorLabels: + description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: workersliceresourcequotas.worker.kubeslice.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /convert + conversionReviewVersions: + - v1 + group: worker.kubeslice.io + names: + kind: WorkerSliceResourceQuota + listKind: WorkerSliceResourceQuotaList + plural: workersliceresourcequotas + singular: workersliceresourcequota + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkerSliceResourceQuota is the Schema for the workersliceresourcequota API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: WorkerSliceResourceQuotaSpec defines the desired state of WorkerSliceResourceQuota + properties: + clusterName: + description: ClusterName defines the name of the cluster for the WorkerResourceQuota + type: string + resourceQuotaProfile: + description: ResourceQuotaProfile defines the resource quota profile for the slice + properties: + clusterQuota: + description: ClusterQuota defines the configuration for cluster quota of a resource quota + properties: + namespaceQuota: + description: NamespaceQuota defines the configuration for namespace quota of a ClusterQuota + items: + description: NamespaceQuota defines the configuration for namespace quota of a namespaceQuota + properties: + enforceQuota: + default: false + description: EnforceQuota defines the enforceQuota status flag for NamespaceQuota + type: boolean + namespace: + description: Namespace defines the namespace of the NamespaceQuota + type: string + resources: + description: Resources defines the configuration for resources for NamespaceQuota + properties: + defaultLimitPerContainer: + description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + defaultRequestPerContainer: + description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + resources: + description: Resources defines the configuration for resources for ClusterQuota + properties: + limit: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + sliceQuota: + description: SliceQuota defines the configuration for slice quota of a resource quota + properties: + resources: + description: Resources defines the configuration for resources for SliceQuota + properties: + defaultRequestPerContainer: + description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: object + sliceName: + description: SliceName defines the name of the slice for the WorkerResourceQuota + type: string + type: object + status: + description: WorkerSliceResourceQuotaStatus defines the observed state of WorkerSliceResourceQuota + properties: + clusterResourceQuotaStatus: + properties: + namespaceResourceQuotaStatus: + items: + properties: + namespace: + type: string + requestResourceUsage: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resourceUsage: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + type: object + type: array + requestResourceUsage: + description: RequestResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resourceUsage: + description: LimitResourceList is a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + type: object + onboardedNamespace: + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert + controller-gen.kubebuilder.io/version: v0.7.0 + name: workerslicerolebindings.worker.kubeslice.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /convert + conversionReviewVersions: + - v1 + group: worker.kubeslice.io + names: + kind: WorkerSliceRoleBinding + listKind: WorkerSliceRoleBindingList + plural: workerslicerolebindings + singular: workerslicerolebinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: WorkerSliceRoleBinding is the Schema for the workerslicerolebindings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + bindings: + properties: + applyTo: + description: ApplyTo contains information about the namespace and the Subjects. + items: + description: ApplyTo contains information about the namespace and the Subjects. It adds who information via Subjects and namespace information by which namespace it exists in. + properties: + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. '*' Represents all namespaces + type: string + subjects: + description: Subjects holds references to the objects the role applies to. + items: + description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + type: string + required: + - kind + - name + type: object + type: array + type: object + type: array + rules: + items: + description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. + items: + type: string + type: array + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule applies to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + status: + properties: + roleRefCondition: + properties: + condition: + description: Condition defines conditions of the RoleRef, one of INVALID_RULE, INVALID_ROLE_BINDING. + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human-readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + roleRef: + description: Name, APIGroup and Kind of the RoleRef + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiVersion + - kind + - name + type: object + status: + description: Status of the condition, one of True, False, Unknown. + type: string + required: + - condition + - lastUpdateTime + - reason + - roleRef + - status + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- apiVersion: v1 kind: ServiceAccount metadata: @@ -1091,7 +2497,11 @@ rules: - projects - serviceexportconfigs - sliceconfigs + - slicenodeaffinities - sliceqosconfigs + - sliceresourcequotaconfigs + - slicerolebindings + - sliceroletemplates verbs: - create - delete @@ -1107,7 +2517,11 @@ rules: - projects/finalizers - serviceexportconfigs/finalizers - sliceconfigs/finalizers + - slicenodeaffinities/finalizers - sliceqosconfigs/finalizers + - sliceresourcequotaconfigs/finalizers + - slicerolebindings/finalizers + - sliceroletemplates/finalizers verbs: - update - apiGroups: @@ -1117,11 +2531,17 @@ rules: - projects/status - serviceexportconfigs/status - sliceconfigs/status + - slicenodeaffinities/status - sliceqosconfigs/status + - sliceresourcequotaconfigs/status + - slicerolebindings/status + - sliceroletemplates/status verbs: - get + - list - patch - update + - watch - apiGroups: - rbac.authorization.k8s.io resources: @@ -1142,6 +2562,9 @@ rules: - workerserviceimports - workersliceconfigs - workerslicegateways + - workerslicenodeaffinities + - workersliceresourcequotas + - workerslicerolebindings verbs: - create - delete @@ -1155,7 +2578,10 @@ rules: resources: - workerserviceimports/finalizers - workersliceconfigs/finalizers - - workerslicegateways/ + - workerslicegateways/finalizers + - workerslicenodeaffinities/finalizers + - workersliceresourcequotas/finalizers + - workerslicerolebindings/finalizers verbs: - update - apiGroups: @@ -1164,10 +2590,126 @@ rules: - workerserviceimports/status - workersliceconfigs/status - workerslicegateways/status + - workerslicenodeaffinities/status + - workersliceresourcequotas/status + - workerslicerolebindings/status verbs: - get + - list - patch - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: v1.8.0 + name: kubeslice-controller-kube-state-metrics +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + - nodes + - pods + - services + - resourcequotas + - replicationcontrollers + - limitranges + - persistentvolumeclaims + - persistentvolumes + - namespaces + - endpoints + verbs: + - list + - watch +- apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + - ingresses + verbs: + - list + - watch +- apiGroups: + - apps + resources: + - statefulsets + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch +- apiGroups: + - batch + resources: + - cronjobs + - jobs + verbs: + - list + - watch +- apiGroups: + - autoscaling + resources: + - horizontalpodautoscalers + verbs: + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - policy + resources: + - poddisruptionbudgets + verbs: + - list + - watch +- apiGroups: + - certificates.k8s.io + resources: + - certificatesigningrequests + verbs: + - list + - watch +- apiGroups: + - storage.k8s.io + resources: + - storageclasses + - volumeattachments + verbs: + - list + - watch +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - list + - watch +- apiGroups: + - networking.k8s.io + resources: + - networkpolicies + verbs: + - list + - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1227,6 +2769,38 @@ rules: - get - patch - update +--- + {{ if .Values.kubeslice.prometheus.enabled}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeslice-controller-prometheus +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - services + - endpoints + - pods + verbs: + - get + - list + - watch +- apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch +- nonResourceURLs: + - /metrics + verbs: + - get + {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -1260,10 +2834,28 @@ subjects: name: kubeslice-controller-controller-manager namespace: kubeslice-controller --- + {{ if .Values.kubeslice.prometheus.enabled}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: kubeslice-controller-controller-rolebinding + labels: + app.kubernetes.io/name: kube-state-metrics + app.kubernetes.io/version: v1.8.0 + name: kubeslice-controller-kube-state-metrics +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeslice-controller-kube-state-metrics +subjects: +- kind: ServiceAccount + name: kube-state-metrics + namespace: kube-system + {{ end }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeslice-controller-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -1285,6 +2877,21 @@ subjects: - kind: ServiceAccount name: kubeslice-controller-ovpn-manager namespace: kubeslice-controller +--- + {{ if .Values.kubeslice.prometheus.enabled}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeslice-controller-prometheus +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeslice-controller-prometheus +subjects: +- kind: ServiceAccount + name: default + namespace: kubeslice-controller + {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -1312,11 +2919,82 @@ data: port: 9443 leaderElection: leaderElect: true - resourceName: d7f43c17.kubeslice.io + resourceName: 35a65c38.kubeslice.io kind: ConfigMap metadata: name: kubeslice-controller-manager-config namespace: kubeslice-controller +--- + {{ if .Values.kubeslice.prometheus.enabled}} +apiVersion: v1 +data: + prometheus.rules: |- + groups: + - name: Resource Quota violation alerts + rules: + - alert: Slice Resource Quota Violation + expr: kubeslice_controller_slice_quota_violation > 0 + for: 1m + labels: + severity: critical + annotations: + summary: "Slice Resource Usage Exceeded Quota" + description: "The slice {{ "{{" }} $labels.slice_name}} has CPU usage {{ "{{" }} $labels.cpu}} and memory usage {{ "{{" }} $labels.memory}}: violated by {{ "{{" }} $labels.violated_resource_type}}" + - alert: Cluster Resource Quota Violation + expr: kubeslice_controller_cluster_quota_violation > 0 + for: 1m + labels: + severity: critical + annotations: + summary: "Cluster Resource Usage Exceeded Quota" + description: "The cluster {{ "{{" }} $labels.cluster_name}} has CPU usage {{ "{{" }} $labels.cpu}} and memory usage {{ "{{" }} $labels.memory}}: violated by {{ "{{" }} $labels.violated_resource_type}}" + - alert: Namespace Resource Quota Violation + expr: kubeslice_controller_namespace_quota_violation > 0 + for: 1m + labels: + severity: critical + annotations: + summary: "Namespace Resource Usage Exceeded Quota" + description: "The namespace {{ "{{" }}$labels.namespace}} has CPU usage {{ "{{" }}$labels.cpu}} and memory usage {{ "{{" }}$labels.memory}}: violated by {{ "{{" }}$labels.violated_resource_type}}" + prometheus.yml: |- + global: + scrape_interval: 5s + evaluation_interval: 5s + rule_files: + - /etc/prometheus/prometheus.rules + scrape_configs: + - job_name: 'kubernetes-pods' + kubernetes_sd_configs: + - role: pod + relabel_configs: + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] + action: keep + regex: true + - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] + action: replace + target_label: __metrics_path__ + regex: (.+) + - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] + action: replace + regex: ([^:]+)(?::\d+)?;(\d+) + replacement: $1:$2 + target_label: __address__ + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_namespace] + action: replace + target_label: kubernetes_namespace + - source_labels: [__meta_kubernetes_pod_name] + action: replace + target_label: kubernetes_pod_name +kind: ConfigMap +metadata: + labels: + name: prometheus-server-conf + name: kubeslice-controller-prometheus-server-conf + namespace: kubeslice-controller + {{ end }} +--- --- apiVersion: v1 kind: Service @@ -1333,6 +3011,21 @@ spec: targetPort: https selector: control-plane: controller-manager +--- + {{ if .Values.kubeslice.prometheus.enabled}} +apiVersion: v1 +kind: Service +metadata: + name: kubeslice-controller-prometheus-service + namespace: kubeslice-controller +spec: + ports: + - port: 9090 + targetPort: 9090 + selector: + app: prometheus-server + type: ClusterIP + {{ end }} --- apiVersion: v1 kind: Service @@ -1347,6 +3040,35 @@ spec: selector: control-plane: controller-manager --- +apiVersion: batch/v1 +kind: Job +metadata: + name: kubeslice-controller-cleanup + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed +spec: + template: + spec: + serviceAccountName: kubeslice-controller-controller-manager + containers: + - name: cleanup + image: '{{ .Values.kubeslice.controller.image }}:{{ .Values.kubeslice.controller.tag }}' + imagePullPolicy: '{{ .Values.kubeslice.controller.pullPolicy }}' + command: + - /cleanup + env: + - name: KUBESLICE_CONTROLLER_MANAGER_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + imagePullSecrets: + - name: kubeslice-image-pull-secret + restartPolicy: Never + backoffLimit: 1 +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -1363,6 +3085,8 @@ spec: metadata: annotations: kubectl.kubernetes.io/default-container: manager + prometheus.io/port: "18080" + prometheus.io/scrape: "true" labels: control-plane: controller-manager spec: @@ -1371,7 +3095,7 @@ spec: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - - --v=10 + - --v=0 image: '{{ .Values.kubeslice.rbacproxy.image }}:{{ .Values.kubeslice.rbacproxy.tag }}' name: kube-rbac-proxy ports: @@ -1386,6 +3110,7 @@ spec: - --rbac-resource-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.rbacResourcePrefix }} - --project-namespace-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.projectnsPrefix }} - --controller-end-point={{ required "A valid value is required!" .Values.kubeslice.controller.endpoint }} + - --prometheus-service-endpoint={{ required "A valid value is required!" .Values.kubeslice.prometheus.url}} - --ovpn-job-image={{ .Values.kubeslice.ovpnJob.image }}:{{ .Values.kubeslice.ovpnJob.tag }} command: - /manager @@ -1439,6 +3164,51 @@ spec: imagePullSecrets: - name: kubeslice-image-pull-secret {{- end }} +--- + {{ if .Values.kubeslice.prometheus.enabled}} +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: prometheus-server + name: kubeslice-controller-prometheus + namespace: kubeslice-controller +spec: + replicas: 1 + selector: + matchLabels: + app: prometheus-server + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + type: RollingUpdate + template: + metadata: + labels: + app: prometheus-server + spec: + containers: + - args: + - --config.file=/etc/prometheus/prometheus.yml + - --storage.tsdb.path=/prometheus/ + image: prom/prometheus + name: prometheus + ports: + - containerPort: 9090 + volumeMounts: + - mountPath: /etc/prometheus/ + name: prometheus-config-volume + - mountPath: /prometheus/ + name: prometheus-storage-volume + volumes: + - configMap: + defaultMode: 420 + name: kubeslice-controller-prometheus-server-conf + name: prometheus-config-volume + - emptyDir: {} + name: prometheus-storage-volume + {{ end }} --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -1469,6 +3239,46 @@ metadata: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert name: kubeslice-controller-mutating-webhook-configuration webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /mutate-controller-kubeslice-io-v1alpha1-sliceresourcequotaconfig + failurePolicy: Fail + name: msliceresourcequotaconfig.kb.io + rules: + - apiGroups: + - controller.kubeslice.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - sliceresourcequotaconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /mutate-controller-kubeslice-io-v1alpha1-slicerolebinding + failurePolicy: Fail + name: mslicerolebinding.kb.io + rules: + - apiGroups: + - controller.kubeslice.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - slicerolebindings + sideEffects: None - admissionReviewVersions: - v1 clientConfig: @@ -1617,6 +3427,69 @@ metadata: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert name: kubeslice-controller-validating-webhook-configuration webhooks: +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /validate-controller-kubeslice-io-v1alpha1-sliceresourcequotaconfig + failurePolicy: Fail + name: vsliceresourcequotaconfig.kb.io + rules: + - apiGroups: + - controller.kubeslice.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sliceresourcequotaconfigs + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /validate-controller-kubeslice-io-v1alpha1-slicerolebinding + failurePolicy: Fail + name: vslicerolebinding.kb.io + rules: + - apiGroups: + - controller.kubeslice.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - slicerolebindings + sideEffects: None +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: kubeslice-controller-webhook-service + namespace: kubeslice-controller + path: /validate-controller-kubeslice-io-v1alpha1-sliceroletemplate + failurePolicy: Fail + name: vsliceroletemplate.kb.io + rules: + - apiGroups: + - controller.kubeslice.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - sliceroletemplates + sideEffects: None - admissionReviewVersions: - v1 clientConfig: @@ -1760,4 +3633,4 @@ webhooks: - UPDATE resources: - workerslicegateways - sideEffects: None + sideEffects: None \ No newline at end of file diff --git a/charts/avesha/kubeslice-controller/templates/kubeslice-ui-imagepullsecret.yaml b/charts/avesha/kubeslice-controller/templates/kubeslice-ui-imagepullsecret.yaml new file mode 100644 index 000000000..b1cefd2dd --- /dev/null +++ b/charts/avesha/kubeslice-controller/templates/kubeslice-ui-imagepullsecret.yaml @@ -0,0 +1,19 @@ +--- + {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} +apiVersion: v1 +data: + .dockerconfigjson: {{ + printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" + .Values.imagePullSecrets.repository + .Values.imagePullSecrets.username + .Values.imagePullSecrets.password + .Values.imagePullSecrets.email + (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) + | b64enc + }} +kind: Secret +metadata: + name: kubeslice-ui-image-pull-secret + namespace: kubeslice-controller +type: kubernetes.io/dockerconfigjson + {{- end }} \ No newline at end of file diff --git a/charts/avesha/kubeslice-controller/templates/kubeslice-ui-oidc-secret.yaml b/charts/avesha/kubeslice-controller/templates/kubeslice-ui-oidc-secret.yaml new file mode 100644 index 000000000..a722c8974 --- /dev/null +++ b/charts/avesha/kubeslice-controller/templates/kubeslice-ui-oidc-secret.yaml @@ -0,0 +1,10 @@ +--- + {{- if .Values.kubeslice.ui.idp}} +apiVersion: v1 +kind: Secret +metadata: + name: kubeslice-ui-oidc + namespace: kubeslice-controller +data: + oidc-secrets.yaml: {{ (printf "idp:%s" (.Values.kubeslice.ui.idp | toYaml | nindent 2)) | b64enc }} + {{- end}} diff --git a/charts/avesha/kubeslice-controller/templates/kubeslice-ui-proxy.yaml b/charts/avesha/kubeslice-controller/templates/kubeslice-ui-proxy.yaml index 46d14cc93..b5435b98f 100644 --- a/charts/avesha/kubeslice-controller/templates/kubeslice-ui-proxy.yaml +++ b/charts/avesha/kubeslice-controller/templates/kubeslice-ui-proxy.yaml @@ -33,9 +33,14 @@ spec: - name: kubeslice-ui-proxy image: '{{ .Values.kubeslice.uiproxy.image }}:{{ .Values.kubeslice.uiproxy.tag }}' imagePullPolicy: '{{ .Values.kubeslice.uiproxy.pullPolicy }}' + env: + - name: KUBESLICE-CONTROLLER-PROMETHEUS + value: {{ .Values.kubeslice.prometheus.url }} + - name: REACT_APP_SOCKET_URL + value: 'ws://kubeslice-api-gw.kubeslice-controller.svc.cluster.local:3000' ports: - containerPort: 443 {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} imagePullSecrets: - name: kubeslice-ui-image-pull-secret - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/avesha/kubeslice-controller/templates/kubeslice-ui.yaml b/charts/avesha/kubeslice-controller/templates/kubeslice-ui.yaml index 5002159d4..00aaef791 100644 --- a/charts/avesha/kubeslice-controller/templates/kubeslice-ui.yaml +++ b/charts/avesha/kubeslice-controller/templates/kubeslice-ui.yaml @@ -1,22 +1,3 @@ ---- - {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} -apiVersion: v1 -data: - .dockerconfigjson: {{ - printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" - .Values.imagePullSecrets.repository - .Values.imagePullSecrets.username - .Values.imagePullSecrets.password - .Values.imagePullSecrets.email - (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) - | b64enc - }} -kind: Secret -metadata: - name: kubeslice-ui-image-pull-secret - namespace: kubeslice-controller -type: kubernetes.io/dockerconfigjson - {{- end }} --- apiVersion: v1 kind: Service @@ -30,7 +11,7 @@ spec: - name: http port: 80 protocol: TCP - targetPort: 3000 + targetPort: 80 selector: app: kubeslice-ui type: ClusterIP @@ -54,11 +35,16 @@ spec: - image: '{{ .Values.kubeslice.ui.image }}:{{ .Values.kubeslice.ui.tag }}' imagePullPolicy: '{{ .Values.kubeslice.ui.pullPolicy }}' name: kubeslice-ui + env: + - name: KUBESLICE_CONTROLLER_PROMETHEUS + value: {{ .Values.kubeslice.prometheus.url }} + - name: REACT_APP_SOCKET_URL + value: 'ws://kubeslice-api-gw.kubeslice-controller.svc.cluster.local:3000' ports: - containerPort: 3000 {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} imagePullSecrets: - name: kubeslice-ui-image-pull-secret {{- end }} - serviceAccountName: kubeslice-ui - serviceAccount: kubeslice-ui + serviceAccountName: kubeslice-api-gw + serviceAccount: kubeslice-api-gw diff --git a/charts/avesha/kubeslice-controller/values.yaml b/charts/avesha/kubeslice-controller/values.yaml index e1143dc5f..724bc04cd 100644 --- a/charts/avesha/kubeslice-controller/values.yaml +++ b/charts/avesha/kubeslice-controller/values.yaml @@ -7,18 +7,21 @@ kubeslice: logLevel: info rbacResourcePrefix: kubeslice-rbac projectnsPrefix: kubeslice - endpoint: + endpoint: image: aveshasystems/kubeslice-controller-ent - tag: 0.2.0 + tag: 0.5.0 pullPolicy: IfNotPresent ovpnJob: image: aveshasystems/gateway-certs-generator - tag: 0.1.5 + tag: 0.1.10 + prometheus: + enabled: true + url: http://kubeslice-controller-prometheus-service:9090 # Kubeslice UI settings ui: image: aveshasystems/kubeslice-ui-ent - tag: 0.2.3 + tag: 0.5.0 pullPolicy: IfNotPresent dashboard: image: aveshasystems/kubeslice-kubernetes-dashboard @@ -26,14 +29,18 @@ kubeslice: pullPolicy: IfNotPresent uiproxy: image: aveshasystems/kubeslice-ui-proxy - tag: 1.0.1 + tag: 1.0.4 pullPolicy: IfNotPresent service: ## For kind, set this to NodePort, elsewhere use LoadBalancer or NodePort ## Ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types ## type: LoadBalancer - + apigw: + image: aveshasystems/kubeslice-api-gw-ent + tag: 1.3.5 + pullPolicy: IfNotPresent + # username & password & email values for imagePullSecrets has to provided to create a secret imagePullSecrets: repository: https://index.docker.io/v1/ diff --git a/charts/avesha/kubeslice-worker/Chart.yaml b/charts/avesha/kubeslice-worker/Chart.yaml index e03a59777..a225ad9b8 100644 --- a/charts/avesha/kubeslice-worker/Chart.yaml +++ b/charts/avesha/kubeslice-worker/Chart.yaml @@ -5,7 +5,7 @@ annotations: catalog.cattle.io/namespace: kubeslice-system catalog.cattle.io/release-name: kubeslice-worker apiVersion: v2 -appVersion: 0.2.1 +appVersion: 0.5.0 description: Multi cloud networking (MCN), multi cluster, hybrid cloud networking tool for efficient, secure, policy-enforced connectivity and true multi-tenancy capabilities. KubeSlice enables enterprise platform teams to reduce infrastructure @@ -36,4 +36,4 @@ keywords: kubeVersion: '>= 1.19.0-0' name: kubeslice-worker type: application -version: 0.4.7 +version: 0.5.0 diff --git a/charts/avesha/kubeslice-worker/Readme.MD b/charts/avesha/kubeslice-worker/Readme.MD index 023f5c1f1..441bd2029 100644 --- a/charts/avesha/kubeslice-worker/Readme.MD +++ b/charts/avesha/kubeslice-worker/Readme.MD @@ -2,7 +2,7 @@ ## Prerequisites - KubeSlice Controller needs to be installed -- Create and configure the worker cluster following instructions in prerequisites and "registering the worker cluster" sections [documentation](https://staging2-docs.avesha.io/documentation/enterprise/0.4.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher) +- Create and configure the worker cluster following instructions in prerequisites and "registering the worker cluster" sections [documentation](https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher) - Copy the chart version from the upper right hand section of this page [VERSION parameter need during install and upgrade] - Click on the download link from the upper right hand section of this page, save it to location available from command prompt - Untar the chart to get the values.yaml file and edit the following fields @@ -34,14 +34,17 @@ helm upgrade --history-max=5 --namespace=kubeslice-system kubeslice-worker kubes ``` ### Uninstall Kubeslice Worker -- Follow instructions [documentation](https://staging2-docs.avesha.io/documentation/enterprise/0.2.0/getting-started-with-cloud-clusters/uninstalling-kubeslice/deregistering-the-worker-cluster) +- Follow instructions [documentation](https://docs.avesha.io/documentation/enterprise/0.5.0/getting-started-with-cloud-clusters/uninstalling-kubeslice/deregistering-the-worker-cluster) ```console export KUBECONFIG= helm uninstall --namespace=kubeslice-system --timeout=10m0s --wait=true kubeslice-worker kubectl delete crd serviceexports.networking.kubeslice.io kubectl delete crd serviceimports.networking.kubeslice.io -kubectl delete crd slice.networking.kubeslice.io kubectl delete crd slicegateways.networking.kubeslice.io +kubectl delete crd slicenodeaffinities.networking.kubeslice.io +kubectl delete crd sliceresourcequotas.networking.kubeslice.io +kubectl delete crd slicerolebindings.networking.kubeslice.io +kubectl delete crd slices.networking.kubeslice.io kubectl delete ns kubeslice-system ``` diff --git a/charts/avesha/kubeslice-worker/charts/jaeger/Chart.yaml b/charts/avesha/kubeslice-worker/charts/jaeger/Chart.yaml deleted file mode 100644 index 595bab58c..000000000 --- a/charts/avesha/kubeslice-worker/charts/jaeger/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: 0.2.0 -description: Simple Jaeger installation for use by NSM Developers -name: jaeger -version: 0.2.0 diff --git a/charts/avesha/kubeslice-worker/charts/jaeger/templates/jaeger.tpl b/charts/avesha/kubeslice-worker/charts/jaeger/templates/jaeger.tpl deleted file mode 100644 index 77ba68d82..000000000 --- a/charts/avesha/kubeslice-worker/charts/jaeger/templates/jaeger.tpl +++ /dev/null @@ -1,57 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: jaeger - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - run: jaeger - replicas: 1 - template: - metadata: - labels: - run: jaeger - spec: - containers: - - name: jaeger - image: {{ .Values.image }} - imagePullPolicy: {{ .Values.pullPolicy }} - ports: - - name: http - containerPort: 16686 - - name: jaeger - containerPort: 6831 - protocol: UDP - tolerations: - - key: kubeslice.io/node-type - operator: Equal - value: gateway - effect: NoSchedule - - key: kubeslice.io/node-type - operator: Equal - value: gateway - effect: NoExecute ---- -apiVersion: v1 -kind: Service -metadata: - name: jaeger - namespace: {{ .Release.Namespace }} - labels: - run: jaeger - namespace: {{ .Release.Namespace }} -spec: - ports: - - name: http -{{- if eq .Values.monSvcType "NodePort" }} - nodePort: 31922 -{{- end }} - port: 16686 - protocol: TCP - - name: jaeger - port: 6831 - protocol: UDP - selector: - run: jaeger - type: {{ .Values.monSvcType }} diff --git a/charts/avesha/kubeslice-worker/charts/jaeger/values.yaml b/charts/avesha/kubeslice-worker/charts/jaeger/values.yaml deleted file mode 100644 index 567e7b5d8..000000000 --- a/charts/avesha/kubeslice-worker/charts/jaeger/values.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Default values for jaeger. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -pullPolicy: IfNotPresent -image: jaegertracing/all-in-one:1.14.0 - -# The type for monitoring services, i.e. Jaeger -# May be set to valid Kubernetes ServiceTypes values--ClusterIP, NodePort, LoadBalancer, ExternalName -monSvcType: NodePort - -# Variable used to deploy Prometheus -# Values can be true or false -prometheus: false - -metricsCollectorEnabled: false diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/Chart.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/Chart.yaml index 369a55135..6ff35c6fd 100644 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/Chart.yaml +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 0.2.0 +appVersion: 0.2.1 description: A Helm chart for Kubernetes name: admission-webhook -version: 0.2.0 +version: 0.2.1 diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/admission-webhook-secret.tpl b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/admission-webhook-secret.tpl deleted file mode 100644 index 0795e00a8..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/admission-webhook-secret.tpl +++ /dev/null @@ -1,118 +0,0 @@ -{{- $ca := genCA "admission-controller-ca" 3650 -}} -{{- $cn := printf "nsm-admission-webhook-svc" -}} -{{- $altName1 := printf "%s.%s.svc" $cn .Release.Namespace }} -{{- $altName2 := printf "%s.%s.svc.cluster.local" $cn .Release.Namespace }} -{{- $cert := genSignedCert $cn nil (list $altName1 $altName2) 3650 $ca -}} -apiVersion: v1 -kind: Secret -metadata: - name: nsm-admission-webhook-certs - namespace: {{ .Release.Namespace }} -type: Opaque -data: - tls.key: {{ $cert.Key | b64enc }} - tls.crt: {{ $cert.Cert | b64enc }} ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: nsm-admission-webhook - namespace: {{ .Release.Namespace }} - labels: - app: nsm-admission-webhook -spec: - replicas: 1 - selector: - matchLabels: - app: nsm-admission-webhook - template: - metadata: - labels: - app: nsm-admission-webhook - spec: - imagePullSecrets: - - name: avesha-nexus - containers: - - name: nsm-admission-webhook - image: docker.io/aveshasystems/nsm-admission-webhook:1.0.1 - imagePullPolicy: {{ .Values.pullPolicy }} - env: - - name: INITCONTAINER_REPO - value: "{{ .Values.initContainerRegistry }}" - - name: INITCONTAINER_TAG - value: "{{ .Values.initContainerTag }}" - - name: DNS_SIDECAR_REPO - value: "{{ .Values.dnsSidecarContainerRegistry }}" - - name: DNS_SIDECAR_TAG - value: "{{ .Values.dnsSidecarContainerTag }}" - - name: NSM_NAMESPACE - value: "{{ .Values.clientNamespace }}" - - name: TRACER_ENABLED - value: {{ .Values.global.JaegerTracing | default false | quote }} - - name: JAEGER_AGENT_HOST - value: jaeger.{{ .Release.Namespace }} - - name: JAEGER_AGENT_PORT - value: "6831" - - name: CABUNDLE - value: {{ $ca.Cert | b64enc }} - volumeMounts: - - name: webhook-certs - mountPath: /etc/webhook/certs - readOnly: true - livenessProbe: - httpGet: - path: /liveness - port: 5555 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - readinessProbe: - httpGet: - path: /readiness - port: 5555 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - volumes: - - name: webhook-certs - secret: - secretName: nsm-admission-webhook-certs ---- -apiVersion: v1 -kind: Service -metadata: - name: nsm-admission-webhook-svc - namespace: {{ .Release.Namespace }} - labels: - app: nsm-admission-webhook -spec: - ports: - - port: 443 - targetPort: 443 - selector: - app: nsm-admission-webhook ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: nsm-admission-webhook-cfg - namespace: {{ .Release.Namespace }} - labels: - app: nsm-admission-webhook -webhooks: - - name: admission-webhook.networkservicemesh.io - sideEffects: None - admissionReviewVersions: ["v1", "v1beta1"] - failurePolicy: Ignore - matchPolicy: Equivalent - clientConfig: - service: - name: nsm-admission-webhook-svc - namespace: {{ .Release.Namespace }} - path: "/mutate" - caBundle: {{ $ca.Cert | b64enc }} - rules: - - operations: ["CREATE"] - apiGroups: ["apps", "extensions", ""] - apiVersions: ["v1", "v1beta1"] - resources: ["deployments", "services", "pods"] diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/admission-webhook.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/admission-webhook.yaml new file mode 100644 index 000000000..9107e5346 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/admission-webhook.yaml @@ -0,0 +1,52 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: nsm-admission-webhook-k8s + namespace: {{ .Release.Namespace }} + labels: + app: admission-webhook-k8s +spec: + selector: + matchLabels: + app: admission-webhook-k8s + template: + metadata: + labels: + app: admission-webhook-k8s + spec: + serviceAccountName: admission-webhook-sa + containers: + - name: admission-webhook-k8s + image: {{ .Values.webhookImageRegistry }}:{{ .Values.webhookImageTag }} + imagePullPolicy: IfNotPresent + readinessProbe: + httpGet: + path: /ready + port: 443 + scheme: HTTPS + env: + - name: SPIFFE_ENDPOINT_SOCKET + value: unix:///run/spire/sockets/agent.sock + - name: NSM_SERVICE_NAME + value: admission-webhook-svc + - name: NSM_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NSM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NSM_ANNOTATION + value: networkservicemesh.io +{{/* - name: NSM_CONTAINER_IMAGES*/}} +{{/* value: ghcr.io/networkservicemesh/cmd-nsc:v1.5.0*/}} + - name: NSM_CONTAINER_IMAGES + value: "{{ .Values.nsmInjectContainerImageRegistry }}:{{ .Values.nsmInjectContainerImageTag }}" + - name: NSM_INIT_CONTAINER_IMAGES + value: "{{ .Values.nsmInjectInitContainerImageRegistry }}:{{ .Values.nsmInjectInitContainerImageTag }}" + - name: NSM_LABELS + value: spiffe.io/spiffe-id:true + - name: NSM_ENVS + value: NSM_LOG_LEVEL=TRACE,NSM_LIVENESSCHECKENABLED=false diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/binding.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/binding.yaml new file mode 100644 index 000000000..bd632d007 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/binding.yaml @@ -0,0 +1,13 @@ +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: admission-webhook-binding +subjects: + - kind: ServiceAccount + name: admission-webhook-sa + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: admission-webhook-role + apiGroup: rbac.authorization.k8s.io diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/priorityClass.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/priorityClass.yaml new file mode 100644 index 000000000..194e24904 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/priorityClass.yaml @@ -0,0 +1,7 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: + name: nsm-webhook-high-priority +value: 1000000 +globalDefault: false +description: "This priority class should be used for nsm webhook pods only." \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/role.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/role.yaml new file mode 100644 index 000000000..6224924e3 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/role.yaml @@ -0,0 +1,13 @@ +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: admission-webhook-role + labels: + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" +rules: + - apiGroups: ["admissionregistration.k8s.io"] + resources: + - "mutatingwebhookconfigurations" + verbs: ["*"] diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/sa.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/sa.yaml new file mode 100644 index 000000000..696aef6f4 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/sa.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: admission-webhook-sa + namespace: {{ .Release.Namespace }} diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/service.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/service.yaml new file mode 100644 index 000000000..d43040e31 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/templates/service.yaml @@ -0,0 +1,14 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: admission-webhook-svc + namespace: {{ .Release.Namespace }} + labels: + app: admission-webhook-k8s +spec: + ports: + - port: 443 + targetPort: 443 + selector: + app: admission-webhook-k8s diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/values.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/values.yaml index 1b4f662f9..82c8c2407 100644 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/values.yaml +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/admission-webhook/values.yaml @@ -3,11 +3,11 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -initContainerRegistry: docker.io/aveshasystems -initContainerTag: 1.0.0 +webhookImageRegistry: aveshasystems/cmd-admission-webhook-k8s +webhookImageTag: 1.5.3 -dnsSidecarContainerRegistry: docker.io/aveshasystems -dnsSidecarContainerTag: 1.0.0 +nsmInjectContainerImageRegistry: aveshasystems/cmd-nsc +nsmInjectContainerImageTag: 1.5.3 -pullPolicy: IfNotPresent -clientNamespace: kubeslice-system +nsmInjectInitContainerImageRegistry: aveshasystems/cmd-nsc-init +nsmInjectInitContainerImageTag: 1.5.3 diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/crds/crd-ns.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/crds/crd-ns.yaml new file mode 100644 index 000000000..5c48f9aa4 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/crds/crd-ns.yaml @@ -0,0 +1,29 @@ +# warning: please update nsm crd upgrade hook as well if you change this +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkservices.networkservicemesh.io +spec: + conversion: + strategy: None + group: networkservicemesh.io + names: + kind: NetworkService + listKind: NetworkServiceList + plural: networkservices + shortNames: + - netsvc + - netsvcs + singular: networkservice + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/crds/crd-nse.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/crds/crd-nse.yaml new file mode 100644 index 000000000..12f351a71 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/crds/crd-nse.yaml @@ -0,0 +1,29 @@ +# warning: please update nsm crd upgrade hook as well if you change this +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: networkserviceendpoints.networkservicemesh.io +spec: + conversion: + strategy: None + group: networkservicemesh.io + names: + kind: NetworkServiceEndpoint + listKind: NetworkServiceEndpointList + plural: networkserviceendpoints + shortNames: + - nse + - nses + singular: networkserviceendpoint + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/cluster-role-admin.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/cluster-role-admin.yaml index 6726ae940..ced002266 100644 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/cluster-role-admin.yaml +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/cluster-role-admin.yaml @@ -11,14 +11,13 @@ rules: resources: - "networkservices" - "networkserviceendpoints" - - "networkservicemanagers" verbs: ["*"] - apiGroups: ["apiextensions.k8s.io"] resources: ["customresourcedefinitions"] verbs: ["*"] - apiGroups: [""] resources: ["configmaps"] - verbs: ["get", "update"] + verbs: ["patch", "get", "list", "watch", "update", "read", "write"] - apiGroups: [""] resources: ["nodes", "services", "namespaces"] verbs: ["get", "list", "watch"] diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkserviceendpoints.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkserviceendpoints.yaml deleted file mode 100644 index 74e42768a..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkserviceendpoints.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkserviceendpoints.networkservicemesh.io -spec: - conversion: - strategy: None - group: networkservicemesh.io - names: - kind: NetworkServiceEndpoint - listKind: NetworkServiceEndpointList - plural: networkserviceendpoints - shortNames: - - nse - - nses - singular: networkserviceendpoint - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'NetworkServiceEndpoints is the schema for NetworkServiceEndpoints API' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec defines the desired state' - type: object - x-kubernetes-preserve-unknown-fields: true diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkservicemanagers.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkservicemanagers.yaml deleted file mode 100644 index 53870ca5c..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkservicemanagers.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkservicemanagers.networkservicemesh.io -spec: - conversion: - strategy: None - group: networkservicemesh.io - names: - kind: NetworkServiceManager - listKind: NetworkServiceManagerList - plural: networkservicemanagers - shortNames: - - nsm - - nsms - singular: networkservicemanager - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'NetworkServiceManagers is the schema for NetworkServiceManagers API' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec defines the desired state' - type: object - x-kubernetes-preserve-unknown-fields: true diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkservices.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkservices.yaml deleted file mode 100644 index b8437804b..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/crd-networkservices.yaml +++ /dev/null @@ -1,43 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: networkservices.networkservicemesh.io -spec: - conversion: - strategy: None - group: networkservicemesh.io - names: - kind: NetworkService - listKind: NetworkServiceList - plural: networkservices - shortNames: - - netsvc - - netsvcs - singular: networkservice - scope: Namespaced - versions: - - name: v1alpha1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'NetworkServices is the schema for NetworkServices API' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: 'Spec defines the desired state' - type: object - x-kubernetes-preserve-unknown-fields: true diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-configmap.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-configmap.yaml index 200907e5c..476717a9c 100644 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-configmap.yaml +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-configmap.yaml @@ -3,5 +3,8 @@ apiVersion: v1 kind: ConfigMap metadata: name: nsm-config + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep data: - excluded_prefixes.yaml: '' + excluded_prefixes_output.yaml: '' \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-crd-upgrade-preinstall-hook.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-crd-upgrade-preinstall-hook.yaml new file mode 100644 index 000000000..b13d0cab9 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-crd-upgrade-preinstall-hook.yaml @@ -0,0 +1,174 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nsm-install-crds + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote}} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nsm-install-crds + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nsm-install-crds +subjects: + - kind: ServiceAccount + name: nsm-install-crds + namespace: {{ .Release.Namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: nsm-install-crds + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: + - "apiextensions.k8s.io" + resources: + - customresourcedefinitions + verbs: + - get + - list + - patch + - update + - create + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nsm-crd-install + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" +data: + crd-ns.yaml: | + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: networkservices.networkservicemesh.io + spec: + conversion: + strategy: None + group: networkservicemesh.io + names: + kind: NetworkService + listKind: NetworkServiceList + plural: networkservices + shortNames: + - netsvc + - netsvcs + singular: networkservice + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + crd-nse.yaml: | + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + name: networkserviceendpoints.networkservicemesh.io + spec: + conversion: + strategy: None + group: networkservicemesh.io + names: + kind: NetworkServiceEndpoint + listKind: NetworkServiceEndpointList + plural: networkserviceendpoints + shortNames: + - nse + - nses + singular: networkserviceendpoint + scope: Namespaced + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + properties: + spec: + x-kubernetes-preserve-unknown-fields: true + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: nsm-install-crds + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "2" + labels: + app.kubernetes.io/name: nsm + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + backoffLimit: 3 + template: + metadata: + name: nsm-install-crds + namespace: {{ .Release.Namespace }} + spec: + serviceAccountName: nsm-install-crds + containers: + - name: kubectl + image: "alpine/k8s:1.22.9" + command: + - /bin/sh + - -c + - kubectl apply -f /tmp + volumeMounts: + - mountPath: /tmp + name: crds + volumes: + - name: crds + configMap: + name: nsm-crd-install + restartPolicy: OnFailure \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-webhook-predelete-hook.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-webhook-predelete-hook.yaml new file mode 100644 index 000000000..a61eaa239 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/nsm-webhook-predelete-hook.yaml @@ -0,0 +1,128 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: nsm-delete-webhooks + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote}} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: nsm-delete-webhooks + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: nsm-delete-webhooks +subjects: + - kind: ServiceAccount + name: nsm-delete-webhooks + namespace: {{ .Release.Namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: nsm-delete-webhooks + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - mutatingwebhookconfigurations + verbs: + - get + - list + - delete + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: nsm-delete-webhooks + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" +data: + delete-admission-webhook.sh: |- + #!/usr/bin/env bash + + echo "finding out the admission webhook " + WH=$(kubectl get pods -l app=admission-webhook-k8s -n {{ .Release.Namespace }} --template {{`'{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'`}}) + echo "deleting mutatingwebhookconfiguration ${WH}" + kubectl delete mutatingwebhookconfiguration --ignore-not-found ${WH} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: nsm-delete-webhooks + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "2" + labels: + app.kubernetes.io/name: nsm + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + backoffLimit: 3 + template: + metadata: + name: nsm-delete-webhooks + namespace: {{ .Release.Namespace }} + spec: + serviceAccountName: nsm-delete-webhooks + containers: + - name: kubectl + image: "alpine/k8s:1.22.9" + command: + - /bin/bash + - /tmp/delete-admission-webhook.sh + volumeMounts: + - mountPath: /tmp + name: nsm-delete-webhooks + volumes: + - name: nsm-delete-webhooks + configMap: + name: nsm-delete-webhooks + restartPolicy: OnFailure \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/charts/nsm/templates/service-accounts.tpl b/charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/service-accounts.tpl similarity index 100% rename from charts/avesha/kubeslice-worker/charts/nsm/templates/service-accounts.tpl rename to charts/avesha/kubeslice-worker/charts/nsm/charts/config/templates/service-accounts.tpl diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/Chart.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/Chart.yaml deleted file mode 100644 index 941b85d25..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/Chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -appVersion: "1.0" -description: A Helm chart for Kubernetes -name: prefix-service -version: 0.1.0 diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/templates/deployment.tpl b/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/templates/deployment.tpl deleted file mode 100644 index dbbee9259..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/templates/deployment.tpl +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Chart.Name }} -spec: - selector: - matchLabels: - app: {{ .Chart.Name }} - template: - metadata: - labels: - app: {{ .Chart.Name }} - spec: - serviceAccountName: {{ .Values.serviceAccount.name }} - imagePullSecrets: - - name: avesha-nexus - containers: - - name: {{ .Chart.Name }} - image: {{ .Values.registry }}/{{ .Values.org }}/{{ .Chart.Name }}:{{ .Values.tag }} - imagePullPolicy: {{ .Values.pullPolicy }} - env: - - name: NSM_NAMESPACE - value: {{ .Release.Namespace }} - tolerations: - - key: kubeslice.io/node-type - operator: Equal - value: gateway - effect: NoSchedule - - key: kubeslice.io/node-type - operator: Equal - value: gateway - effect: NoExecute diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/values.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/values.yaml deleted file mode 100644 index 9f89ade01..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/values.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Default values for prefix-service. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -# NOTE: the variables might be overriden by helm command line options, see helm.mk -registry: docker.io -org: aveshasystems -tag: 0.6.1 -pullPolicy: IfNotPresent - -serviceAccount: - name: nsmgr-acc diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/.helmignore b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/.helmignore similarity index 97% rename from charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/.helmignore rename to charts/avesha/kubeslice-worker/charts/nsm/charts/spire/.helmignore index 50af03172..0e8a0eb36 100644 --- a/charts/avesha/kubeslice-worker/charts/nsm/charts/prefix-service/.helmignore +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/.helmignore @@ -14,6 +14,7 @@ *.swp *.bak *.tmp +*.orig *~ # Various IDEs .project diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/Chart.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/Chart.yaml new file mode 100644 index 000000000..c913ed304 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 1.16.0 +description: A Helm chart for Kubernetes +name: spire +type: application +version: 0.4.0 diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/.helmignore b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/Chart.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/Chart.yaml new file mode 100644 index 000000000..92edd664c --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 1.16.0 +description: A Helm chart for Kubernetes +name: spire-server +type: application +version: 0.1.0 diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/.helmignore b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/Chart.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/Chart.yaml new file mode 100644 index 000000000..1bf754cd8 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +appVersion: 1.16.0 +description: A Helm chart for Kubernetes +name: spire-config +type: application +version: 0.1.0 diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/agent-account.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/agent-account.yaml new file mode 100644 index 000000000..4e5794c82 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/agent-account.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: spire-agent + namespace: spire diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/agent-cluster-role.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/agent-cluster-role.yaml new file mode 100644 index 000000000..b79564de3 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/agent-cluster-role.yaml @@ -0,0 +1,25 @@ +--- +# Required cluster role to allow spire-agent to query k8s API server +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: spire-agent-cluster-role +rules: +- apiGroups: [""] + resources: ["pods", "nodes", "nodes/proxy"] + verbs: ["get"] + +--- +# Binds above cluster role to spire-agent service account +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: spire-agent-cluster-role-binding +subjects: +- kind: ServiceAccount + name: spire-agent + namespace: spire +roleRef: + kind: ClusterRole + name: spire-agent-cluster-role + apiGroup: rbac.authorization.k8s.io diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar-cluster-role.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar-cluster-role.yaml new file mode 100644 index 000000000..d456be235 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar-cluster-role.yaml @@ -0,0 +1,30 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: k8s-workload-registrar-role +rules: + - apiGroups: [""] + resources: ["endpoints", "nodes", "pods"] + verbs: ["get", "list", "watch"] + - apiGroups: ["spiffeid.spiffe.io"] + resources: ["spiffeids"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["spiffeid.spiffe.io"] + resources: ["spiffeids/status"] + verbs: ["get", "patch", "update"] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: k8s-workload-registrar-role-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: k8s-workload-registrar-role +subjects: + - kind: ServiceAccount + name: spire-server + namespace: spire + diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar-crd.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar-crd.yaml new file mode 100644 index 000000000..5dd18a604 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar-crd.yaml @@ -0,0 +1,107 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.2.4 + name: spiffeids.spiffeid.spiffe.io +spec: + group: spiffeid.spiffe.io + names: + kind: SpiffeID + listKind: SpiffeIDList + plural: spiffeids + singular: spiffeid + scope: Namespaced + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: SpiffeID is the Schema for the spiffeid API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SpiffeIDSpec defines the desired state of SpiffeID + properties: + dnsNames: + items: + type: string + type: array + federatesWith: + items: + type: string + type: array + parentId: + type: string + selector: + properties: + arbitrary: + description: Arbitrary selectors + items: + type: string + type: array + containerImage: + description: Container image to match for this spiffe ID + type: string + containerName: + description: Container name to match for this spiffe ID + type: string + namespace: + description: Namespace to match for this spiffe ID + type: string + nodeName: + description: Node name to match for this spiffe ID + type: string + podLabel: + additionalProperties: + type: string + description: Pod label name/value to match for this spiffe ID + type: object + podName: + description: Pod name to match for this spiffe ID + type: string + podUid: + description: Pod UID to match for this spiffe ID + type: string + serviceAccount: + description: ServiceAccount to match for this spiffe ID + type: string + cluster: + description: The k8s_psat cluster name + type: string + agent_node_uid: + description: UID of the node + type: string + type: object + spiffeId: + type: string + required: + - parentId + - selector + - spiffeId + type: object + status: + description: SpiffeIDStatus defines the observed state of SpiffeID + properties: + entryId: + description: 'INSERT ADDITIONAL STATUS FIELD - define observed state + of cluster Important: Run "make" to regenerate code after modifying + this file' + type: string + type: object + type: object diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar.yaml new file mode 100644 index 000000000..740c69e2b --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/k8s-workload-registrar.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +data: + k8s-workload-registrar.conf: |- + log_level = "debug" + trust_domain = "example.org" + agent_socket_path = "/run/spire/sockets/agent.sock" + server_socket_path = "/tmp/spire-server/private/api.sock" + cluster = "nsm-cluster" + pod_controller = true + add_svc_dns_names = true + mode = "crd" + webhook_enabled = true + identity_template = "ns/{{ printf "{{.Pod.Namespace}}" }}/pod/{{ printf "{{.Pod.Name}}" }}" + identity_template_label = "spiffe.io/spiffe-id" +kind: ConfigMap +metadata: + name: k8s-workload-registrar + namespace: spire diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/server-account.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/server-account.yaml new file mode 100644 index 000000000..98d811ce2 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/server-account.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: spire-server + namespace: spire diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/server-cluster-role.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/server-cluster-role.yaml new file mode 100644 index 000000000..03c59a502 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/server-cluster-role.yaml @@ -0,0 +1,35 @@ +--- +# ClusterRole to allow spire-server node attestor to query Token Review API +# and to be able to push certificate bundles to a configmap +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: spire-server-trust-role +rules: +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations", "validatingwebhookconfigurations"] + verbs: ["get", "list", "patch", "watch"] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["patch", "get", "list"] +- apiGroups: [""] + resources: ["pods", "nodes"] + verbs: ["get"] + +--- +# Binds above cluster role to spire-server service account +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: spire-server-trust-role-binding +subjects: +- kind: ServiceAccount + name: spire-server + namespace: spire +roleRef: + kind: ClusterRole + name: spire-server-trust-role + apiGroup: rbac.authorization.k8s.io diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-agent.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-agent.yaml new file mode 100644 index 000000000..20b317078 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-agent.yaml @@ -0,0 +1,42 @@ +--- +apiVersion: v1 +data: + agent.conf: | + agent { + data_dir = "/run/spire" + log_level = "DEBUG" + server_address = "spire-server" + server_port = "8081" + socket_path = "/run/spire/sockets/agent.sock" + trust_bundle_path = "/run/spire/bundle/bundle.crt" + trust_domain = "example.org" + } + + plugins { + NodeAttestor "k8s_psat" { + plugin_data { + # NOTE: Change this to your cluster name + cluster = "nsm-cluster" + } + } + + KeyManager "memory" { + plugin_data {} + } + + WorkloadAttestor "k8s" { + plugin_data { + # Defaults to the secure kubelet port by default. + # Minikube does not have a cert in the cluster CA bundle that + # can authenticate the kubelet cert, so skip validation. + skip_kubelet_verification = true + } + } + WorkloadAttestor "unix" { + plugin_data {} + } + } +kind: ConfigMap +metadata: + name: spire-agent + namespace: spire diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-bundle.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-bundle.yaml new file mode 100644 index 000000000..4633e426c --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-bundle.yaml @@ -0,0 +1,6 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: spire-bundle + namespace: spire diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-namespace.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-namespace.yaml new file mode 100644 index 000000000..08c7fd849 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-namespace.yaml @@ -0,0 +1,5 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + name: spire diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-server.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-server.yaml new file mode 100644 index 000000000..4b8528427 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/templates/spire-server.yaml @@ -0,0 +1,55 @@ +--- +apiVersion: v1 +data: + server.conf: | + server { + bind_address = "0.0.0.0" + bind_port = "8081" + trust_domain = "example.org" + data_dir = "/run/spire/data" + log_level = "DEBUG" + #AWS requires the use of RSA. EC cryptography is not supported + ca_key_type = "rsa-2048" + default_svid_ttl = "1h" + ca_subject = { + country = ["US"], + organization = ["SPIFFE"], + common_name = "", + } + } + + plugins { + DataStore "sql" { + plugin_data { + database_type = "sqlite3" + connection_string = "/run/spire/data/datastore.sqlite3" + } + } + + NodeAttestor "k8s_psat" { + plugin_data { + clusters = { + # NOTE: Change this to your cluster name + "nsm-cluster" = { + use_token_review_api_validation = true + service_account_allow_list = ["spire:spire-agent"] + } + } + } + } + + KeyManager "disk" { + plugin_data { + keys_path = "/run/spire/data/keys.json" + } + } + Notifier "k8sbundle" { + plugin_data { + webhook_label = "spiffe.io/webhook" + } + } + } +kind: ConfigMap +metadata: + name: spire-server + namespace: spire diff --git a/charts/k10/k10/config.json b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/values.yaml similarity index 100% rename from charts/k10/k10/config.json rename to charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/charts/spire-config/values.yaml diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/k8s-workload-registrar-service.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/k8s-workload-registrar-service.yaml new file mode 100644 index 000000000..e72048feb --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/k8s-workload-registrar-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: k8s-workload-registrar + namespace: spire +spec: + type: ClusterIP + ports: + - name: webhook + protocol: TCP + port: 443 + targetPort: 9443 + selector: + app: spire-server diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/k8s-workload-registrar-validating-webhook-configuration.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/k8s-workload-registrar-validating-webhook-configuration.yaml new file mode 100644 index 000000000..2653e8651 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/k8s-workload-registrar-validating-webhook-configuration.yaml @@ -0,0 +1,22 @@ +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: k8s-workload-registrar + labels: + spiffe.io/webhook: "true" +webhooks: + - name: k8s-workload-registrar.spire.svc + admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: k8s-workload-registrar + namespace: spire + path: "/validate-spiffeid-spiffe-io-v1beta1-spiffeid" + rules: + - apiGroups: ["spiffeid.spiffe.io"] + apiVersions: ["v1beta1"] + operations: ["CREATE", "UPDATE", "DELETE"] + resources: ["spiffeids"] + scope: Namespaced + sideEffects: None diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/server-service.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/server-service.yaml new file mode 100644 index 000000000..516b50770 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/server-service.yaml @@ -0,0 +1,19 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: spire-server + namespace: spire +spec: + type: ClusterIP + ports: + - name: spire-server + port: 8081 + targetPort: 8081 + protocol: TCP + - name: spire-federation + port: 8443 + targetPort: 8443 + protocol: TCP + selector: + app: spire-server diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/server-statefulset.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/server-statefulset.yaml new file mode 100644 index 000000000..7e7b0abe2 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/templates/server-statefulset.yaml @@ -0,0 +1,93 @@ +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: spire-server + namespace: spire + labels: + app: spire-server +spec: + replicas: 1 + selector: + matchLabels: + app: spire-server + serviceName: spire-server + template: + metadata: + namespace: spire + labels: + app: spire-server + spec: + serviceAccountName: spire-server + shareProcessNamespace: true + containers: + - name: spire-server + image: {{ .Values.spireServer.imageRegistry }}:{{ .Values.spireServer.imageTag }} + args: + - -config + - /run/spire/config/server.conf + ports: + - containerPort: 8081 + volumeMounts: + - name: spire-config + mountPath: /run/spire/config + readOnly: true + - name: spire-registration-socket + mountPath: /tmp + readOnly: false + livenessProbe: + exec: + command: + - /opt/spire/bin/spire-server + - healthcheck + failureThreshold: 2 + initialDelaySeconds: 15 + periodSeconds: 60 + timeoutSeconds: 3 + readinessProbe: + exec: + command: ["/opt/spire/bin/spire-server", "healthcheck", "--shallow"] + # This is a workaround for https://github.com/spiffe/spire/issues/2872 + # that prevents k8s-workload-registrar container restarts until + # https://github.com/spiffe/spire/pull/2921 will come with SPIRE 1.3.0. + lifecycle: + postStart: + exec: + command: ["sleep", "2"] + - name: k8s-workload-registrar + image: {{ .Values.spireServer.k8sWorkloadRegistrarImageRegistry }}:{{ .Values.spireServer.k8sWorkloadRegistrarImageTag }} + args: + - -config + - /run/spire/config/k8s-workload-registrar.conf + env: + - name: MY_POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + ports: + - containerPort: 9443 + name: webhook + protocol: TCP + volumeMounts: + - mountPath: /run/spire/config + name: k8s-workload-registrar-config + readOnly: true + - mountPath: /run/spire/sockets + name: spire-agent-socket + readOnly: true + - name: spire-registration-socket + mountPath: /tmp + readOnly: false + volumes: + - name: spire-config + configMap: + name: spire-server + - name: spire-agent-socket + hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate + - name: k8s-workload-registrar-config + configMap: + name: k8s-workload-registrar + - name: spire-registration-socket + emptyDir: {} diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/values.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/values.yaml new file mode 100644 index 000000000..771f085b6 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/charts/spire-server/values.yaml @@ -0,0 +1,91 @@ +# Default values for spire-server. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Variables added +spireServer: + imageRegistry: gcr.io/spiffe-io/spire-server + imageTag: 1.5.1 + k8sWorkloadRegistrarImageRegistry: gcr.io/spiffe-io/k8s-workload-registrar + k8sWorkloadRegistrarImageTag: 1.5.1 + +# TODO: check and remove unneeded values + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/templates/agent-daemonset.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/templates/agent-daemonset.yaml new file mode 100644 index 000000000..cb59f730e --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/templates/agent-daemonset.yaml @@ -0,0 +1,86 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: spire-agent + namespace: spire + labels: + app: spire-agent +spec: + selector: + matchLabels: + app: spire-agent + template: + metadata: + namespace: spire + labels: + app: spire-agent + spec: + hostPID: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + serviceAccountName: spire-agent + initContainers: + - name: init + # This is a small image with wait-for-it, choose whatever image + # you prefer that waits for a service to be up. This image is built + # from https://github.com/lqhl/wait-for-it + image: {{ .Values.spireAgent.waitForItImageRegistry }}:{{ .Values.spireAgent.waitForItImageTag }} + imagePullPolicy: IfNotPresent + args: ["-t", "30", "spire-server:8081"] + - name: init-bundle + # Additional init container with the same wait-for-it image to + # provide workaround for https://github.com/spiffe/spire/issues/3032 + # It checks if the bundle is in place and ready to be parsed or not. + image: {{ .Values.spireAgent.waitForItImageRegistry }}:{{ .Values.spireAgent.waitForItImageTag }} + imagePullPolicy: IfNotPresent + command: ['sh', '-c', "t=0; until [ -f /run/spire/bundle/bundle.crt 2>&1 ] || [ $t -eq 5 ]; do t=`expr $t + 1`; sleep 1; done"] + containers: + - name: spire-agent + image: {{ .Values.spireAgent.imageRegistry }}:{{ .Values.spireAgent.imageTag }} + args: ["-config", "/run/spire/config/agent.conf"] + volumeMounts: + - name: spire-config + mountPath: /run/spire/config + readOnly: true + - name: spire-bundle + mountPath: /run/spire/bundle + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: false + - name: spire-token + mountPath: /var/run/secrets/tokens + livenessProbe: + exec: + command: + - /opt/spire/bin/spire-agent + - healthcheck + - -socketPath + - /run/spire/sockets/agent.sock + failureThreshold: 2 + initialDelaySeconds: 15 + periodSeconds: 60 + timeoutSeconds: 3 + readinessProbe: + exec: + command: ["/opt/spire/bin/spire-agent", "healthcheck", "-socketPath", "/run/spire/sockets/agent.sock", "--shallow"] + initialDelaySeconds: 5 + periodSeconds: 5 + volumes: + - name: spire-config + configMap: + name: spire-agent + - name: spire-bundle + configMap: + name: spire-bundle + - name: spire-agent-socket + hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate + - name: spire-token + projected: + sources: + - serviceAccountToken: + path: spire-agent + expirationSeconds: 7200 + audience: spire-server diff --git a/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/values.yaml b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/values.yaml new file mode 100644 index 000000000..40738a534 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/charts/spire/values.yaml @@ -0,0 +1,94 @@ +# Default values for spire. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Variables added +spireAgent: + imageRegistry: gcr.io/spiffe-io/spire-agent + imageTag: 1.5.1 + waitForItImageRegistry: docker.io/aveshasystems/wait-for-it + waitForItImageTag: 1.0.0 + +# TODO: use these values/remove them +# TODO: figure how how to make this work outside of spire NS +# Official chart request https://github.com/spiffe/spire/issues/2652 + + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} diff --git a/charts/avesha/kubeslice-worker/charts/nsm/requirements.yaml b/charts/avesha/kubeslice-worker/charts/nsm/requirements.yaml index 2ff69fa6f..6fa28f923 100644 --- a/charts/avesha/kubeslice-worker/charts/nsm/requirements.yaml +++ b/charts/avesha/kubeslice-worker/charts/nsm/requirements.yaml @@ -1,9 +1,4 @@ --- dependencies: - - name: spire - version: 0.1.0 - condition: spire.enabled - - name: prefix-service - version: 0.1.0 - name: config version: 0.1.0 diff --git a/charts/avesha/kubeslice-worker/charts/nsm/templates/forwarder-kernel.yaml b/charts/avesha/kubeslice-worker/charts/nsm/templates/forwarder-kernel.yaml new file mode 100644 index 000000000..414e9389c --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/templates/forwarder-kernel.yaml @@ -0,0 +1,77 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: forwarder-kernel + namespace: {{ .Release.Namespace }} + labels: + app: forwarder-kernel +spec: + selector: + matchLabels: + app: forwarder-kernel + template: + metadata: + labels: + app: forwarder-kernel + "spiffe.io/spiffe-id": "true" + spec: + hostPID: true + hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet + containers: + - image: {{ .Values.forwardingPlane.kernelImageRegistry }}:{{ .Values.forwardingPlane.kernelImageTag }} + imagePullPolicy: IfNotPresent + name: forwarder-kernel + securityContext: + privileged: true + env: + - name: SPIFFE_ENDPOINT_SOCKET + value: unix:///run/spire/sockets/agent.sock + - name: NSM_LOG_LEVEL + value: TRACE + - name: NSM_TUNNEL_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NSM_CONNECT_TO + value: unix:///var/lib/networkservicemesh/nsm.io.sock + - name: NSM_LISTEN_ON + value: unix:///listen.on.sock + - name: NSM_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: true + - name: nsm-socket + mountPath: /var/lib/networkservicemesh + - name: kubelet-socket + mountPath: /var/lib/kubelet + - name: cgroup + mountPath: /host/sys/fs/cgroup + resources: + requests: + cpu: 150m + limits: + memory: 500Mi + cpu: 525m + volumes: + - name: spire-agent-socket + hostPath: + path: /run/spire/sockets + type: Directory + - name: nsm-socket + hostPath: + path: /var/lib/networkservicemesh + type: DirectoryOrCreate + - name: kubelet-socket + hostPath: + path: /var/lib/kubelet + type: Directory + - name: cgroup + hostPath: + path: /sys/fs/cgroup + type: Directory diff --git a/charts/avesha/kubeslice-worker/charts/nsm/templates/forwarding-plane.tpl b/charts/avesha/kubeslice-worker/charts/nsm/templates/forwarding-plane.tpl deleted file mode 100644 index c31539511..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/templates/forwarding-plane.tpl +++ /dev/null @@ -1,91 +0,0 @@ -{{ $fp := .Values.forwardingPlane }} - -apiVersion: apps/v1 -kind: DaemonSet -spec: - selector: - matchLabels: - app: nsm-{{ $fp }}-plane - template: - metadata: - labels: - app: nsm-{{ $fp }}-plane - spec: - hostPID: true - hostNetwork: true - serviceAccount: forward-plane-acc - {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} - imagePullSecrets: - - name: kubeslice-image-pull-secret - {{- end }} - containers: - - name: {{ (index .Values $fp).image }} - securityContext: - privileged: true - image: {{ .Values.registry }}/{{ .Values.org }}/{{ (index .Values $fp).image }}:{{ (index .Values $fp).tag }} - imagePullPolicy: {{ (index .Values $fp).pullPolicy }} - env: - - name: INSECURE - value: {{ .Values.insecure | default false | quote }} - - name: METRICS_COLLECTOR_ENABLED - value: {{ .Values.metricsCollectorEnabled | default false | quote }} - - name: TRACER_ENABLED - value: {{ .Values.global.JaegerTracing | default false | quote }} - - name: JAEGER_AGENT_HOST - value: jaeger.{{ .Release.Namespace }} - - name: JAEGER_AGENT_PORT - value: "6831" - - name: NSM_FORWARDER_SRC_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - volumeMounts: - - name: workspace - mountPath: /var/lib/networkservicemesh/ - mountPropagation: Bidirectional - - name: spire-agent-socket - mountPath: /run/spire/sockets - readOnly: true - livenessProbe: - httpGet: - path: /liveness - port: 5555 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - readinessProbe: - httpGet: - path: /readiness - port: 5555 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - {{- if (index .Values $fp).resources }} - resources: - limits: - cpu: {{ (index .Values $fp).resources.limitCPU }} - requests: - cpu: {{ (index .Values $fp).resources.requestsCPU }} - {{- end }} - volumes: - - hostPath: - path: /var/lib/networkservicemesh - type: DirectoryOrCreate - name: workspace - - hostPath: - path: /run/spire/sockets - type: DirectoryOrCreate - name: spire-agent-socket - tolerations: - - key: "kubeslice.io/node-type" - operator: "Equal" - value: "gateway" - effect: "NoSchedule" - - key: "kubeslice.io/node-type" - operator: "Equal" - value: "gateway" - effect: "NoExecute" - -metadata: - name: nsm-{{ $fp }}-forwarder - namespace: {{ .Release.Namespace }} diff --git a/charts/avesha/kubeslice-worker/charts/nsm/templates/nsmgr.tpl b/charts/avesha/kubeslice-worker/charts/nsm/templates/nsmgr.tpl deleted file mode 100644 index e320d7d34..000000000 --- a/charts/avesha/kubeslice-worker/charts/nsm/templates/nsmgr.tpl +++ /dev/null @@ -1,142 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: nsmgr - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: nsmgr-daemonset - template: - metadata: - labels: - app: nsmgr-daemonset - spec: - serviceAccount: nsmgr-acc - {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} - imagePullSecrets: - - name: kubeslice-image-pull-secret - {{- end }} - containers: - - name: nsmdp - image: {{ .Values.registry }}/{{ .Values.org }}/nsmdp:{{ .Values.nsmdp.tag }} - imagePullPolicy: {{ .Values.nsmdp.pullPolicy }} - env: - - name: INSECURE - value: {{ .Values.insecure | default false | quote }} - - name: TRACER_ENABLED - value: {{ .Values.global.JaegerTracing | default false | quote }} - - name: JAEGER_AGENT_HOST - value: jaeger.{{ .Release.Namespace }} - - name: NSM_NAMESPACE - value: {{ .Release.Namespace }} - - name: JAEGER_AGENT_PORT - value: "6831" - - name: PREFERRED_REMOTE_MECHANISM - value: {{ .Values.preferredRemoteMechanism | quote }} - ports: - - containerPort: 5001 - hostPort: 5001 - volumeMounts: - - name: kubelet-socket - mountPath: /var/lib/kubelet/device-plugins - - name: nsm-socket - mountPath: /var/lib/networkservicemesh - - name: spire-agent-socket - mountPath: /run/spire/sockets - readOnly: true - - name: nsmd - image: {{ .Values.registry }}/{{ .Values.org }}/nsmd:{{ .Values.nsmd.tag }} - imagePullPolicy: {{ .Values.nsmd.pullPolicy }} - env: - - name: INSECURE - value: {{ .Values.insecure | default false | quote }} - - name: TRACER_ENABLED - value: {{ .Values.global.JaegerTracing | default false | quote }} - - name: JAEGER_AGENT_HOST - value: jaeger.{{ .Release.Namespace }} - - name: JAEGER_AGENT_PORT - value: "6831" - - name: NSM_NAMESPACE - value: {{ .Release.Namespace }} - - name: PREFERRED_REMOTE_MECHANISM - value: {{ .Values.preferredRemoteMechanism | quote }} - volumeMounts: - - name: nsm-socket - mountPath: /var/lib/networkservicemesh - - name: spire-agent-socket - mountPath: /run/spire/sockets - readOnly: true - - name: nsm-config-volume - mountPath: /var/lib/networkservicemesh/config - livenessProbe: - httpGet: - host: "127.0.0.1" - path: /liveness - port: 5555 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - readinessProbe: - httpGet: - host: "127.0.0.1" - path: /readiness - port: 5555 - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 3 - - name: nsmd-k8s - image: {{ .Values.registry }}/{{ .Values.org }}/nsmd-k8s:{{ .Values.nsmdK8s.tag }} - imagePullPolicy: {{ .Values.nsmdK8s.pullPolicy }} - volumeMounts: - - name: spire-agent-socket - mountPath: /run/spire/sockets - readOnly: true - env: - - name: INSECURE - value: {{ .Values.insecure | default false | quote }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_UID - valueFrom: - fieldRef: - fieldPath: metadata.uid - - name: NODE_NAME - valueFrom: - fieldRef: - fieldPath: spec.nodeName - - name: TRACER_ENABLED - value: {{ .Values.global.JaegerTracing | default false | quote }} - - name: JAEGER_AGENT_HOST - value: jaeger.{{ .Release.Namespace }} - - name: JAEGER_AGENT_PORT - value: "6831" - - name: NSM_NAMESPACE - value: {{ .Release.Namespace }} - volumes: - - hostPath: - path: /var/lib/kubelet/device-plugins - type: DirectoryOrCreate - name: kubelet-socket - - hostPath: - path: /var/lib/networkservicemesh - type: DirectoryOrCreate - name: nsm-socket - - name: nsm-config-volume - configMap: - name: nsm-config - - hostPath: - path: /run/spire/sockets - type: DirectoryOrCreate - name: spire-agent-socket - tolerations: - - key: "kubeslice.io/node-type" - operator: "Equal" - value: "gateway" - effect: "NoSchedule" - - key: "kubeslice.io/node-type" - operator: "Equal" - value: "gateway" - effect: "NoExecute" diff --git a/charts/avesha/kubeslice-worker/charts/nsm/templates/nsmgr.yaml b/charts/avesha/kubeslice-worker/charts/nsm/templates/nsmgr.yaml new file mode 100644 index 000000000..6b7d3704a --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/templates/nsmgr.yaml @@ -0,0 +1,152 @@ +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: nsmgr + labels: + app: nsmgr + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: nsmgr + template: + metadata: + labels: + app: nsmgr + "spiffe.io/spiffe-id": "true" + spec: + serviceAccountName: nsmgr-acc + initContainers: + - name: init + # This is a small image with wait-for-it, choose whatever image + # you prefer that waits for a service to be up. This image is built + # from https://github.com/lqhl/wait-for-it + image: {{ .Values.nsmgr.waitForItImageRegistry }}:{{ .Values.nsmgr.waitForItImageTag }} + imagePullPolicy: IfNotPresent + args: [ "-t", "120", "spire-server.spire:8081" ] + #command: ['sh', '-c', 'sleep 120'] + #command: ['sh', '-c', "t=0; until [ -f /run/spire/sockets/agent.sock 2>&1 ] || [ $t -eq 5 ]; do t=`expr $t + 1`; sleep 15; done;"] + containers: + - image: {{ .Values.nsmgr.imageRegistry }}:{{ .Values.nsmgr.imageTag }} + imagePullPolicy: IfNotPresent + name: nsmgr + ports: + - containerPort: 5001 + hostPort: 5001 + env: + - name: SPIFFE_ENDPOINT_SOCKET + value: unix:///run/spire/sockets/agent.sock + - name: NSM_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NSM_LOG_LEVEL + value: TRACE + - name: NSM_REGISTRY_URL + value: "registry:5002" + # - name: DLV_LISTEN_NSMGR + # value: :40000 + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: NSM_LISTEN_ON + value: unix:///var/lib/networkservicemesh/nsm.io.sock,tcp://:5001 + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: INSECURE + value: {{ .Values.insecure | default false | quote }} + - name: TRACER_ENABLED + value: {{ .Values.global.JaegerTracing | default false | quote }} + - name: NSM_OPENTELEMETRYENDPOINT + value: jaeger.{{ .Release.Namespace }}:6831 + - name: JAEGER_AGENT_HOST + value: jaeger.{{ .Release.Namespace }} + - name: JAEGER_AGENT_PORT + value: "6831" + - name: FORWARDER_NAME + value: "kernel" + volumeMounts: + - name: kubelet-socket + mountPath: /var/lib/kubelet/device-plugins + - name: spire-agent-socket + mountPath: /run/spire/sockets + readOnly: true + - name: nsm-socket + mountPath: /var/lib/networkservicemesh + - name: nsm-config-volume + mountPath: /var/lib/networkservicemesh/config/ + resources: + requests: + cpu: 200m + memory: 100Mi + limits: + memory: 200Mi + cpu: 400m + readinessProbe: + exec: + command: ["/bin/grpc-health-probe", "-spiffe", "-addr=:5001"] + failureThreshold: 300 + initialDelaySeconds: 1 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 2 + livenessProbe: + exec: + command: ["/bin/grpc-health-probe", "-spiffe", "-addr=:5001"] + failureThreshold: 25 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 2 + startupProbe: + exec: + command: ["/bin/grpc-health-probe", "-spiffe", "-addr=:5001"] + failureThreshold: 25 + periodSeconds: 5 + - image: {{ .Values.nsmgr.excludePrefixesImageRegistry }}:{{ .Values.nsmgr.excludePrefixesImageTag }} + imagePullPolicy: IfNotPresent + name: exclude-prefixes + env: + - name: NSM_LOG_LEVEL + value: TRACE + - name: NSM_CONFIG_MAP_NAMESPACE + value: {{ .Release.Namespace }} + - name: NSM_PREFIXES_OUTPUT_TYPE + value: config-map + volumeMounts: + - name: nsm-config-volume + mountPath: /var/lib/networkservicemesh/config/ + resources: + limits: + memory: 40Mi + cpu: 75m + volumes: + - hostPath: + path: /var/lib/kubelet/device-plugins + type: DirectoryOrCreate + name: kubelet-socket + - name: spire-agent-socket + hostPath: + path: /run/spire/sockets + type: Directory + - name: nsm-socket + hostPath: + path: /var/lib/networkservicemesh + type: DirectoryOrCreate + - name: nsm-config-volume +{{/* emptyDir:*/}} +{{/* {}*/}} + configMap: + name: nsm-config + tolerations: + - key: "kubeslice.io/node-type" + operator: "Equal" + value: "gateway" + effect: "NoSchedule" + - key: "kubeslice.io/node-type" + operator: "Equal" + value: "gateway" + effect: "NoExecute" \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/charts/nsm/templates/registry-k8s.yaml b/charts/avesha/kubeslice-worker/charts/nsm/templates/registry-k8s.yaml new file mode 100644 index 000000000..5f619b25f --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/templates/registry-k8s.yaml @@ -0,0 +1,57 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: registry-k8s + namespace: {{ .Release.Namespace }} + labels: + app: registry +spec: + selector: + matchLabels: + app: registry + template: + metadata: + labels: + app: registry + "spiffe.io/spiffe-id": "true" + spec: + serviceAccountName: nsmgr-acc + containers: + - image: {{ .Values.registryK8sImageRegistry }}:{{ .Values.registryK8sImageTag }} + env: + - name: SPIFFE_ENDPOINT_SOCKET + value: unix:///run/spire/sockets/agent.sock + - name: REGISTRY_K8S_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: REGISTRY_K8S_LOG_LEVEL + value: TRACE + - name: REGISTRY_K8S_LISTEN_ON + value: tcp://:5002 + - name: REGISTRY_K8S_PROXY_REGISTRY_URL + value: nsmgr-proxy:5004 + imagePullPolicy: IfNotPresent + name: registry + ports: + - containerPort: 5002 + hostPort: 5002 + volumeMounts: + - name: spire-agent-socket + mountPath: /run/spire/sockets + resources: + requests: + cpu: 100m + limits: + memory: 40Mi + cpu: 200m + volumes: + - name: spire-agent-socket + hostPath: + path: /run/spire/sockets + type: DirectoryOrCreate + - name: nsm-socket + hostPath: + path: /var/lib/networkservicemesh + type: DirectoryOrCreate \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/charts/nsm/templates/registry-service.yaml b/charts/avesha/kubeslice-worker/charts/nsm/templates/registry-service.yaml new file mode 100644 index 000000000..22240e2a4 --- /dev/null +++ b/charts/avesha/kubeslice-worker/charts/nsm/templates/registry-service.yaml @@ -0,0 +1,15 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: registry + namespace: {{ .Release.Namespace }} +spec: + selector: + app: registry + ports: + - name: registry + protocol: TCP + port: 5002 + targetPort: 5002 + type: ClusterIP diff --git a/charts/avesha/kubeslice-worker/charts/nsm/values.yaml b/charts/avesha/kubeslice-worker/charts/nsm/values.yaml index 92797ffef..9c1048d80 100644 --- a/charts/avesha/kubeslice-worker/charts/nsm/values.yaml +++ b/charts/avesha/kubeslice-worker/charts/nsm/values.yaml @@ -3,50 +3,22 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -registry: docker.io -org: aveshasystems -tag: 0.6.1 -pullPolicy: IfNotPresent - -forwardingPlane: kernel insecure: true -preferredRemoteMechanism: - -vpp: - image: vppagent-forwarder - -nsmd: - image: nsmd - tag: 0.6.1 - pullPolicy: IfNotPresent - -nsmdp: - image: nsmdp - tag: 0.6.1 - pullPolicy: IfNotPresent - -nsmdK8s: - image: nsmd-k8s - tag: 0.6.2 - pullPolicy: IfNotPresent - -kernel: - image: kernel-forwarder - tag: 0.6.2 - pullPolicy: IfNotPresent - resources: - limitCPU: 1 - requestsCPU: 1m - global: # set to true to enable Jaeger tracing for NSM components JaegerTracing: true -metricsCollectorEnabled: false +forwardingPlane: + kernelImageRegistry: docker.io/aveshasystems/cmd-forwarder-kernel + kernelImageTag: 1.0.0 -# username & password & email values for imagePullSecrets has to provided to create a secret -imagePullSecrets: - repository: https://index.docker.io/v1/ - username: - password: - email: +nsmgr: + imageRegistry: docker.io/aveshasystems/cmd-nsmgr + imageTag: 1.5.2 + waitForItImageRegistry: docker.io/aveshasystems/wait-for-it + waitForItImageTag: 1.0.0 + excludePrefixesImageRegistry: docker.io/aveshasystems/cmd-exclude-prefixes-k8s + excludePrefixesImageTag: 1.5.2 + +registryK8sImageRegistry: docker.io/aveshasystems/cmd-registry-k8s +registryK8sImageTag: 1.5.2 diff --git a/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slicenodeaffinities.yaml b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slicenodeaffinities.yaml new file mode 100644 index 000000000..8b5a64553 --- /dev/null +++ b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slicenodeaffinities.yaml @@ -0,0 +1,103 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: slicenodeaffinities.networking.kubeslice.io +spec: + group: networking.kubeslice.io + names: + kind: SliceNodeAffinity + listKind: SliceNodeAffinityList + plural: slicenodeaffinities + singular: slicenodeaffinity + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceNodeAffinity is the Schema for the slicenodeaffinities API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SliceNodeAffinitySpec defines the desired state of SliceNodeAffinity + type: object + status: + description: SliceNodeAffinityStatus defines the observed state of SliceNodeAffinity + properties: + nodeAffinityRules: + description: NodeAffinityRules contains the list of rules per namespace + items: + description: NodeAffinityRule defines the rules to select nodes + for a particular namespace + properties: + namespace: + description: Namespace is the namespace in the slice this rule + applies to + type: string + nodeSelectorLabels: + description: NodeSelectorLabels defines the label selectors + to select nodes for assigning to pods + items: + description: A node selector requirement is a selector that + contains values, a key, and an operator that relates the + key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set + of values. Valid operators are In, NotIn, Exists, DoesNotExist. + Gt, and Lt. + type: string + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. If the operator is Gt or Lt, the + values array must have a single element, which will + be interpreted as an integer. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + required: + - namespace + - nodeSelectorLabels + type: object + type: array + sliceName: + description: SliceName defines the name of the slice for the NodeAffinity + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_sliceresourcequotas.yaml b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_sliceresourcequotas.yaml new file mode 100644 index 000000000..66315fe27 --- /dev/null +++ b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_sliceresourcequotas.yaml @@ -0,0 +1,527 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: sliceresourcequotas.networking.kubeslice.io +spec: + group: networking.kubeslice.io + names: + kind: SliceResourceQuota + listKind: SliceResourceQuotaList + plural: sliceresourcequotas + singular: sliceresourcequota + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceResourceQuota is the Schema for the sliceresourcequota API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + status: + properties: + clusterName: + description: ClusterName defines the name of the cluster for the ResourceQuota + type: string + configUpdatedOn: + format: int64 + type: integer + resourceQuotaProfile: + description: ResourceQuotaProfile defines the resource quota profile + for the slice + properties: + clusterQuota: + description: ClusterQuota defines the configuration for cluster + quota of a resource quota + properties: + namespaceQuota: + description: NamespaceQuota defines the configuration for + namespace quota of a ClusterQuota + items: + description: NamespaceQuota defines the configuration for + namespace quota of a ClusterQuota + properties: + enforceQuota: + default: false + description: EnforceQuota defines the enforceQuota status + flag for NamespaceQuota + type: boolean + namespace: + description: Namespace defines the namespace of the + NamespaceQuota + type: string + resources: + description: Resources defines the configuration for + resources for NamespaceQuota + properties: + defaultLimitPerContainer: + description: DefaultResourcePerContainerList is + a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral + storage, in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) The resource name for + EphemeralStorage is alpha, and it can change + across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + defaultRequestPerContainer: + description: DefaultRequestPerContainer is a set + of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage LoNamespaceResourceQuotaStatuscal + ephemeral storage, in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) The resource name + for EphemeralStorage is alpha, and it can + change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral + storage, in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) The resource name for + EphemeralStorage is alpha, and it can change + across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral + storage, in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) The resource name for + EphemeralStorage is alpha, and it can change + across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + resources: + description: Resources defines the configuration for resources + for ClusterQuota + properties: + limit: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + sliceQuota: + description: SliceQuota defines the configuration for slice quota + of a resource quota + properties: + resources: + description: Resources defines the configuration for resources + for SliceQuota + properties: + defaultRequestPerContainer: + description: DefaultRequestPerContainer is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage LoNamespaceResourceQuotaStatuscal + ephemeral storage, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) The resource name for EphemeralStorage + is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: object + sliceName: + description: SliceName defines the name of the slice for the ResourceQuota + type: string + sliceResourceQuotaStatus: + description: WorkerSliceResourceQuotaStatus defines the observed state + of WorkerSliceResourceQuota + properties: + clusterResourceQuotaStatus: + properties: + namespaceResourceQuotaStatus: + items: + properties: + namespace: + type: string + requestResourceUsage: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 + * 1024) The resource name for EphemeralStorage + is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resourceUsage: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 + * 1024) The resource name for EphemeralStorage + is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + type: object + type: array + requestResourceUsage: + description: RequestResourceList is a set of (resource name, + quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + The resource name for EphemeralStorage is alpha, and + it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resourceUsage: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + The resource name for EphemeralStorage is alpha, and + it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slicerolebindings.yaml b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slicerolebindings.yaml new file mode 100644 index 000000000..34e861a95 --- /dev/null +++ b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slicerolebindings.yaml @@ -0,0 +1,214 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: slicerolebindings.networking.kubeslice.io +spec: + group: networking.kubeslice.io + names: + kind: SliceRoleBinding + listKind: SliceRoleBindingList + plural: slicerolebindings + singular: slicerolebinding + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceRoleBinding is the Schema for the slicerolebindings API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SliceRoleBindingSpec defines the desired state of SliceRoleBinding + type: object + status: + properties: + roleRefCondition: + properties: + condition: + description: Condition defines conditions of the RoleRef, one + of INVALID_RULE, INVALID_ROLE_BINDING. + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about + the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + roleRef: + description: Name, APIGroup and Kind of the RoleRef + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiVersion + - kind + - name + type: object + status: + description: Status of the condition, one of True, False, Unknown. + type: string + required: + - condition + - lastUpdateTime + - reason + - roleRef + - status + type: object + sliceRbConfig: + description: RoleBindingConfig references a role, but does not contain + it. + properties: + applyTo: + description: ApplyTo contains information about the namespace + and the Subjects. + items: + description: ApplyTo contains information about the namespace + and the Subjects. It adds who information via Subjects and + namespace information by which namespace it exists in. + properties: + namespace: + description: Namespace of the referenced object. If the + object kind is non-namespace, such as "User" or "Group", + and this value is not empty the Authorizer should report + an error. '*' Represents all namespaces + type: string + subjects: + description: Subjects holds references to the objects the + role applies to. + items: + description: Subject contains a reference to the object + or user identities a role binding applies to. This + can either hold a direct API object reference, or a + value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced + subject. Defaults to "" for ServiceAccount subjects. + Defaults to "rbac.authorization.k8s.io" for User + and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values + defined by this API group are "User", "Group", and + "ServiceAccount". If the Authorizer does not recognized + the kind value, the Authorizer should report an + error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If + the object kind is non-namespace, such as "User" + or "Group", and this value is not empty the Authorizer + should report an error. + type: string + required: + - kind + - name + type: object + type: array + type: object + type: array + roleRefName: + description: Name of the RoleRef + type: string + rules: + description: PolicyRule holds information that describes a policy + rule + items: + description: PolicyRule holds information that describes a policy + rule, but does not contain information about who the rule + applies to or which namespace the rule applies to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that + contains the resources. If multiple API groups are specified, + any action requested against one of the enumerated resources + in any API group will be allowed. + items: + type: string + type: array + nonResourceURLs: + description: NonResourceURLs is a set of partial urls that + a user should have access to. *s are allowed, but only + as the full, final step in the path Since non-resource + URLs are not namespaced, this field is only applicable + for ClusterRoles referenced from a ClusterRoleBinding. + Rules can either apply to API resources (such as "pods" + or "secrets") or non-resource URL paths (such as "/api"), but + not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of + names that the rule applies to. An empty set means that + everything is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule + applies to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL + the ResourceKinds contained in this rule. '*' represents + all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + sliceName: + description: sliceName is the name of the slice + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slice.yaml b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slices.yaml similarity index 98% rename from charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slice.yaml rename to charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slices.yaml index c616c755a..f79770644 100644 --- a/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slice.yaml +++ b/charts/avesha/kubeslice-worker/crds/networking.kubeslice.io_slices.yaml @@ -1,4 +1,3 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -6,20 +5,20 @@ metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null - name: slice.networking.kubeslice.io + name: slices.networking.kubeslice.io spec: group: networking.kubeslice.io names: kind: Slice listKind: SliceList - plural: slice + plural: slices singular: slice scope: Namespaced versions: - name: v1beta1 schema: openAPIV3Schema: - description: Slice is the Schema for the slice API + description: Slice is the Schema for the slices API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -203,3 +202,4 @@ status: plural: "" conditions: [] storedVersions: [] + diff --git a/charts/avesha/kubeslice-worker/questions.yaml b/charts/avesha/kubeslice-worker/questions.yaml index 254b5f8c6..84e4284fc 100644 --- a/charts/avesha/kubeslice-worker/questions.yaml +++ b/charts/avesha/kubeslice-worker/questions.yaml @@ -17,7 +17,7 @@ questions: variable: imagePullSecrets.password - default: "" - description: "https://docs.avesha.io/documentation/enterprise/0.2.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" + description: "https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" group: "Worker Secrets from Controller" label: "Controller Namespace" required: true @@ -25,7 +25,7 @@ questions: variable: controllerSecret.namespace - default: "" - description: "https://docs.avesha.io/documentation/enterprise/0.2.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" + description: "https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" group: "Worker Secrets from Controller" label: "Controller Endpoint" required: true @@ -33,7 +33,7 @@ questions: variable: controllerSecret.endpoint - default: "" - description: "https://docs.avesha.io/documentation/enterprise/0.2.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" + description: "https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" group: "Worker Secrets from Controller" label: "Controller CA Cert" required: true @@ -41,7 +41,7 @@ questions: variable: controllerSecret.'ca.crt' - default: "" - description: "https://docs.avesha.io/documentation/enterprise/0.2.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" + description: "https://docs.avesha.io/documentation/enterprise/0.5.0/deployment-partners/deploying-kubeslice-on-rancher/installing-the-worker-operator-on-rancher#getting-the-secrets-of-the-registered-cluster" group: "Worker Secrets from Controller" label: "Controller Token" required: true @@ -57,7 +57,7 @@ questions: variable: cluster.name - default: "" - description: "Worker Cluster Endpoint,use 'kubectl cluster-info on worker cluster' or for details please follow https://docs.avesha.io/documentation/enterprise/0.2.0/" + description: "Worker Cluster Endpoint,use 'kubectl cluster-info on worker cluster' or for details please follow https://docs.avesha.io/documentation/enterprise/0.5.0/" group: "Worker Cluster Details" label: "Cluster Endpoint" required: true diff --git a/charts/avesha/kubeslice-worker/templates/cleanUp.yaml b/charts/avesha/kubeslice-worker/templates/cleanUp.yaml new file mode 100644 index 000000000..fb7a8b2b7 --- /dev/null +++ b/charts/avesha/kubeslice-worker/templates/cleanUp.yaml @@ -0,0 +1,93 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeslice-cleanup + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote}} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeslice-cleanup + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeslice-cleanup +subjects: + - kind: ServiceAccount + name: kubeslice-cleanup + namespace: {{ .Release.Namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeslice-cleanup + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - patch + - update + - create + - delete + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kubeslice-cleanup + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed + "helm.sh/hook-weight": "2" + labels: + app.kubernetes.io/name: nsm + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + backoffLimit: 3 + template: + metadata: + name: kubeslice-cleanup + namespace: {{ .Release.Namespace }} + spec: + serviceAccountName: kubeslice-cleanup + containers: + - name: kubectl + image: "alpine/k8s:1.22.9" + command: + - /bin/sh + - -c + - kubectl delete cm nsm-config --ignore-not-found -n {{ .Release.Namespace }} + restartPolicy: OnFailure \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/templates/opertor-secret.yaml b/charts/avesha/kubeslice-worker/templates/dashboard-rbac.yaml similarity index 71% rename from charts/avesha/kubeslice-worker/templates/opertor-secret.yaml rename to charts/avesha/kubeslice-worker/templates/dashboard-rbac.yaml index 4a9cd22be..08cdcc46a 100644 --- a/charts/avesha/kubeslice-worker/templates/opertor-secret.yaml +++ b/charts/avesha/kubeslice-worker/templates/dashboard-rbac.yaml @@ -18,6 +18,8 @@ kind: ServiceAccount metadata: name: kubeslice-kubernetes-dashboard namespace: kubeslice-system +secrets: + - name: kubeslice-kubernetes-dashboard-creds --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -31,3 +33,11 @@ subjects: - kind: ServiceAccount name: kubeslice-kubernetes-dashboard namespace: kubeslice-system +--- +apiVersion: v1 +kind: Secret +type: kubernetes.io/service-account-token +metadata: + name: kubeslice-kubernetes-dashboard-creds + annotations: + kubernetes.io/service-account.name: "kubeslice-kubernetes-dashboard" \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/templates/kubeslice-predelete-hook.yaml b/charts/avesha/kubeslice-worker/templates/kubeslice-predelete-hook.yaml new file mode 100644 index 000000000..e10034b72 --- /dev/null +++ b/charts/avesha/kubeslice-worker/templates/kubeslice-predelete-hook.yaml @@ -0,0 +1,136 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeslice-delete-webhooks + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote}} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeslice-delete-webhooks + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeslice-delete-webhooks +subjects: + - kind: ServiceAccount + name: kubeslice-delete-webhooks + namespace: {{ .Release.Namespace }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeslice-delete-webhooks + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - apiGroups: ["spiffeid.spiffe.io"] + resources: ["spiffeids"] + verbs: ["create", "delete", "get", "list", "patch", "update", "watch"] + - apiGroups: ["spiffeid.spiffe.io"] + resources: ["spiffeids/status"] + verbs: ["get", "patch", "update"] + +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubeslice-delete-webhooks + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" +data: + delete-admission-webhook.sh: |- + #!/usr/bin/env bash + NAMESPACE={{ .Release.Namespace | quote}} + echo "finding and removing spiffeids in namespace $NAMESPACE ..." + for item in $(kubectl get spiffeid.spiffeid.spiffe.io -n $NAMESPACE -o name); do + echo "removing item $item" + kubectl patch $item -p '{"metadata":{"finalizers":null}}' --type=merge -n $NAMESPACE + kubectl delete $item --ignore-not-found -n $NAMESPACE + done + # TODO: once we figure out how to keep spire in release ns then we could remove this + NAMESPACE="spire" + echo "finding and removing spiffeids in namespace $NAMESPACE ..." + for item in $(kubectl get spiffeid.spiffeid.spiffe.io -n $NAMESPACE -o name); do + echo "removing item $item" + kubectl patch $item -p '{"metadata":{"finalizers":null}}' --type=merge -n $NAMESPACE + kubectl delete $item --ignore-not-found -n $NAMESPACE + done + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kubeslice-delete-webhooks + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-delete,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation + "helm.sh/hook-weight": "2" + labels: + app.kubernetes.io/name: nsm + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + backoffLimit: 3 + template: + metadata: + name: kubeslice-delete-webhooks + namespace: {{ .Release.Namespace }} + spec: + serviceAccountName: kubeslice-delete-webhooks + containers: + - name: kubectl + image: "alpine/k8s:1.22.9" + command: + - /bin/bash + - /tmp/delete-admission-webhook.sh + volumeMounts: + - mountPath: /tmp + name: kubeslice-delete-webhooks + volumes: + - name: kubeslice-delete-webhooks + configMap: + name: kubeslice-delete-webhooks + restartPolicy: OnFailure \ No newline at end of file diff --git a/charts/avesha/kubeslice-worker/templates/operator-rbac.yaml b/charts/avesha/kubeslice-worker/templates/operator-rbac.yaml index 3372ebdac..7c596aa99 100644 --- a/charts/avesha/kubeslice-worker/templates/operator-rbac.yaml +++ b/charts/avesha/kubeslice-worker/templates/operator-rbac.yaml @@ -73,6 +73,32 @@ metadata: creationTimestamp: null name: kubeslice-manager-role rules: +- apiGroups: + - networking.kubeslice.io + resources: + - slicenodeaffinities + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.kubeslice.io + resources: + - slicenodeaffinities/finalizers + verbs: + - update +- apiGroups: + - networking.kubeslice.io + resources: + - slicenodeaffinities/status + verbs: + - get + - patch + - update - apiGroups: - apps resources: @@ -85,6 +111,42 @@ rules: - patch - update - watch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - daemonsets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - apps + resources: + - replicasets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -102,8 +164,11 @@ rules: resources: - pods verbs: + - create + - delete - get - list + - patch - update - watch - apiGroups: @@ -130,6 +195,30 @@ rules: - patch - update - watch +- apiGroups: + - "" + resources: + - resourcequotas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - limitranges + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - "" resources: @@ -154,10 +243,34 @@ rules: - update - patch - delete +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - batch + resources: + - cronjobs + verbs: + - get + - list + - watch + - create + - update + - patch + - delete - apiGroups: - networking.kubeslice.io resources: - - slice + - slicerolebindings verbs: - create - delete @@ -169,13 +282,39 @@ rules: - apiGroups: - networking.kubeslice.io resources: - - slice/finalizers + - slicerolebindings/finalizers verbs: - update - apiGroups: - networking.kubeslice.io resources: - - slice/status + - slicerolebindings/status + verbs: + - get + - patch + - update +- apiGroups: + - networking.kubeslice.io + resources: + - slices + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - networking.kubeslice.io + resources: + - slices/finalizers + verbs: + - update +- apiGroups: + - networking.kubeslice.io + resources: + - slices/status verbs: - get - patch @@ -206,6 +345,14 @@ rules: - get - patch - update +- apiGroups: + - networking.kubeslice.io + resources: + - sliceresourcequotas/status + verbs: + - get + - patch + - update - apiGroups: - networking.kubeslice.io resources: @@ -218,6 +365,18 @@ rules: - patch - update - watch +- apiGroups: + - networking.kubeslice.io + resources: + - sliceresourcequotas + verbs: + - create + - delete + - get + - list + - patch + - update + - watch - apiGroups: - networking.kubeslice.io resources: @@ -362,6 +521,47 @@ rules: - list - update - watch +- apiGroups: + - metrics.k8s.io + resources: + - pods + verbs: + - get + - list + - watch +- apiGroups: + - "" + - extensions + - apps + - rbac.authorization.k8s.io + - coordination.k8s.io + - discovery.k8s.io + - events.k8s.io + - networking.k8s.io + - policy + - batch + - authorization.k8s.io + - autoscaling + resources: + - '*' + verbs: + - create + - delete + - get + - list + - patch + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - nodes/proxy + verbs: + - get + - watch + - list --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole diff --git a/charts/avesha/kubeslice-worker/templates/preinstall-configmap.yaml b/charts/avesha/kubeslice-worker/templates/preinstall-configmap.yaml new file mode 100644 index 000000000..3d767ac0c --- /dev/null +++ b/charts/avesha/kubeslice-worker/templates/preinstall-configmap.yaml @@ -0,0 +1,245 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Release.Name }}-preinstall-configmap + namespace: kubeslice-system + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-7" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +data: + metrics-server.yaml: |- + # source https://github.com/kubernetes-sigs/metrics-server/releases/download/metrics-server-helm-chart-3.8.2/components.yaml + apiVersion: v1 + kind: ServiceAccount + metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + k8s-app: metrics-server + rbac.authorization.k8s.io/aggregate-to-admin: "true" + rbac.authorization.k8s.io/aggregate-to-edit: "true" + rbac.authorization.k8s.io/aggregate-to-view: "true" + name: system:aggregated-metrics-reader + rules: + - apiGroups: + - metrics.k8s.io + resources: + - pods + - nodes + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server + rules: + - apiGroups: + - "" + resources: + - nodes/metrics + verbs: + - get + - apiGroups: + - "" + resources: + - pods + - nodes + verbs: + - get + - list + - watch + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + labels: + k8s-app: metrics-server + name: metrics-server-auth-reader + namespace: kube-system + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: extension-apiserver-authentication-reader + subjects: + - kind: ServiceAccount + name: metrics-server + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + k8s-app: metrics-server + name: metrics-server:system:auth-delegator + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:auth-delegator + subjects: + - kind: ServiceAccount + name: metrics-server + namespace: kube-system + --- + apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + labels: + k8s-app: metrics-server + name: system:metrics-server + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: system:metrics-server + subjects: + - kind: ServiceAccount + name: metrics-server + namespace: kube-system + --- + apiVersion: v1 + kind: Service + metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system + spec: + ports: + - name: https + port: 443 + protocol: TCP + targetPort: https + selector: + k8s-app: metrics-server + --- + apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + k8s-app: metrics-server + name: metrics-server + namespace: kube-system + spec: + selector: + matchLabels: + k8s-app: metrics-server + strategy: + rollingUpdate: + maxUnavailable: 0 + template: + metadata: + labels: + k8s-app: metrics-server + spec: + containers: + - args: + - --cert-dir=/tmp + - --secure-port=4443 + - --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname + - --kubelet-use-node-status-port + - --metric-resolution={{ .Values.metrics.metricResolution }} +{{ if eq (toString .Values.metrics.insecure) "true" }} + - --kubelet-insecure-tls +{{ end }} + image: k8s.gcr.io/metrics-server/metrics-server:v0.6.1 + imagePullPolicy: "{{ .Values.metrics.imagePullPolicy }}" + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: https + scheme: HTTPS + periodSeconds: 10 + name: metrics-server + ports: + - containerPort: 4443 + name: https + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: https + scheme: HTTPS + initialDelaySeconds: 20 + periodSeconds: 10 + resources: + requests: + cpu: 100m + memory: 200Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + volumeMounts: + - mountPath: /tmp + name: tmp-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + serviceAccountName: metrics-server + volumes: + - emptyDir: {} + name: tmp-dir + --- + apiVersion: apiregistration.k8s.io/v1 + kind: APIService + metadata: + labels: + k8s-app: metrics-server + name: v1beta1.metrics.k8s.io + spec: + group: metrics.k8s.io + groupPriorityMinimum: 100 + insecureSkipTLSVerify: true + service: + name: metrics-server + namespace: kube-system + version: v1beta1 + versionPriority: 100 + pre-install.sh: |- + #!/usr/bin/env bash + + set -euo pipefail + + BASE_DIR="$(dirname "$0")" + metrics_server_file="${BASE_DIR}/metrics-server.yaml" + + # detect and install metrics server + echo "detecting if metrics server is installed" + if kubectl get apiservice v1beta1.metrics.k8s.io | grep True || kubectl get apiservice v1.metrics.k8s.io | grep True; then + echo "metrics server is already installed, skipping" + exit 0 + fi + echo "installing metrics server" + kubectl apply -f "$metrics_server_file" + echo "checking for successful installation" + for _ in $(seq 1 25); do + if kubectl get apiservice v1beta1.metrics.k8s.io | grep True || kubectl get apiservice v1.metrics.k8s.io | grep True; then + echo "metrics server installation successful" + exit 0 + fi + echo "not yet up" + sleep 3 + done + echo "failed to validate installation of metrics server" + exit 1 diff --git a/charts/avesha/kubeslice-worker/templates/preinstall-job.yaml b/charts/avesha/kubeslice-worker/templates/preinstall-job.yaml new file mode 100644 index 000000000..429d692ca --- /dev/null +++ b/charts/avesha/kubeslice-worker/templates/preinstall-job.yaml @@ -0,0 +1,40 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ .Release.Name }}-preinstall-job" + namespace: kubeslice-system + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-6" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + spec: + restartPolicy: Never + serviceAccountName: kubeslice-preinstall + containers: + - name: pre-install-job + image: "alpine/k8s:1.22.9" + imagePullPolicy: IfNotPresent + command: ["/bin/bash","/opt/scripts/pre-install.sh"] + volumeMounts: + - name: config-volume + mountPath: /opt/scripts + volumes: + - name: config-volume + configMap: + name: {{ .Release.Name }}-preinstall-configmap + defaultMode: 0777 diff --git a/charts/avesha/kubeslice-worker/templates/preinstall-rbac.yaml b/charts/avesha/kubeslice-worker/templates/preinstall-rbac.yaml new file mode 100644 index 000000000..8c22a959f --- /dev/null +++ b/charts/avesha/kubeslice-worker/templates/preinstall-rbac.yaml @@ -0,0 +1,128 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeslice-preinstall + namespace: kubeslice-system + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-10" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeslice-preinstall-role + namespace: kubeslice-system + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-9" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +rules: + - apiGroups: + - "" + resources: + - serviceaccounts + - services + verbs: + - get + - create + - update + - apiGroups: + - "" + resources: + - nodes + - pods + - nodes/metrics + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "authentication.k8s.io" + resources: + - tokenreviews + verbs: + - create + - update + - apiGroups: + - "authorization.k8s.io" + resources: + - subjectaccessreviews + verbs: + - create + - update + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - clusterroles + - rolebindings + - clusterrolebindings + verbs: + - get + - create + - update + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - create + - update + - patch + - apiGroups: + - "apiregistration.k8s.io" + resources: + - apiservices + verbs: + - get + - create + - apiGroups: + - "metrics.k8s.io" + resources: + - nodes + - pods + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeslice-preinstall-rolebinding + namespace: kubeslice-system + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + # This is what defines this resource as a hook. Without this line, the + # job is considered part of the release. + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-8" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeslice-preinstall-role +subjects: + - kind: ServiceAccount + name: kubeslice-preinstall + namespace: kubeslice-system diff --git a/charts/avesha/kubeslice-worker/templates/upgrade-crds.yaml b/charts/avesha/kubeslice-worker/templates/upgrade-crds.yaml new file mode 100644 index 000000000..497ee2d20 --- /dev/null +++ b/charts/avesha/kubeslice-worker/templates/upgrade-crds.yaml @@ -0,0 +1,1353 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeslice-install-crds + namespace: kubeslice-system + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} + helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeslice-install-crds + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: kubeslice-install-crds +subjects: +- kind: ServiceAccount + name: kubeslice-install-crds + namespace: kubeslice-system + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeslice-install-crds + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: +- apiGroups: + - "apiextensions.k8s.io" + resources: + - customresourcedefinitions + verbs: + - get + - list + - patch + - update + - create +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: kubeslice-install-crds + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "1" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + crds.yaml: | + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: sliceresourcequotas.networking.kubeslice.io + spec: + group: networking.kubeslice.io + names: + kind: SliceResourceQuota + listKind: SliceResourceQuotaList + plural: sliceresourcequotas + singular: sliceresourcequota + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: SliceResourceQuota is the Schema for the sliceresourcequota API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + status: + properties: + clusterName: + description: ClusterName defines the name of the cluster for the ResourceQuota + type: string + configUpdatedOn: + format: int64 + type: integer + resourceQuotaProfile: + description: ResourceQuotaProfile defines the resource quota profile + for the slice + properties: + clusterQuota: + description: ClusterQuota defines the configuration for cluster + quota of a resource quota + properties: + namespaceQuota: + description: NamespaceQuota defines the configuration for + namespace quota of a ClusterQuota + items: + description: NamespaceQuota defines the configuration for + namespace quota of a ClusterQuota + properties: + enforceQuota: + default: false + description: EnforceQuota defines the enforceQuota status + flag for NamespaceQuota + type: boolean + namespace: + description: Namespace defines the namespace of the + NamespaceQuota + type: string + resources: + description: Resources defines the configuration for + resources for NamespaceQuota + properties: + defaultLimitPerContainer: + description: DefaultResourcePerContainerList is + a set of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral + storage, in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) The resource name for + EphemeralStorage is alpha, and it can change + across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + defaultRequestPerContainer: + description: DefaultRequestPerContainer is a set + of (resource name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage LoNamespaceResourceQuotaStatuscal + ephemeral storage, in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) The resource name + for EphemeralStorage is alpha, and it can + change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral + storage, in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) The resource name for + EphemeralStorage is alpha, and it can change + across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral + storage, in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) The resource name for + EphemeralStorage is alpha, and it can change + across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB + = 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: array + resources: + description: Resources defines the configuration for resources + for ClusterQuota + properties: + limit: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + sliceQuota: + description: SliceQuota defines the configuration for slice quota + of a resource quota + properties: + resources: + description: Resources defines the configuration for resources + for SliceQuota + properties: + defaultRequestPerContainer: + description: DefaultRequestPerContainer is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage LoNamespaceResourceQuotaStatuscal + ephemeral storage, in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) The resource name for EphemeralStorage + is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + limit: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + request: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * + 1024) The resource name for EphemeralStorage is + alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 + * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + type: object + type: object + sliceName: + description: SliceName defines the name of the slice for the ResourceQuota + type: string + sliceResourceQuotaStatus: + description: WorkerSliceResourceQuotaStatus defines the observed state + of WorkerSliceResourceQuota + properties: + clusterResourceQuotaStatus: + properties: + namespaceResourceQuotaStatus: + items: + properties: + namespace: + type: string + requestResourceUsage: + description: RequestResourceList is a set of (resource + name, quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 + * 1024) The resource name for EphemeralStorage + is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resourceUsage: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 + * 1024) The resource name for EphemeralStorage + is alpha, and it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = + 500 * 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + type: object + type: array + requestResourceUsage: + description: RequestResourceList is a set of (resource name, + quantity) pairs. + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + The resource name for EphemeralStorage is alpha, and + it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + resourceUsage: + properties: + cpu: + anyOf: + - type: integer + - type: string + description: CPU in cores. (500m = .5 cores) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + ephemeralStorage: + anyOf: + - type: integer + - type: string + description: EphemeralStorage Local ephemeral storage, + in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) + The resource name for EphemeralStorage is alpha, and + it can change across releases. + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + memory: + anyOf: + - type: integer + - type: string + description: Memory in bytes. (500Gi = 500GiB = 500 * + 1024 * 1024 * 1024) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + podCount: + description: PodCount in number. + format: int64 + type: integer + type: object + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: serviceexports.networking.kubeslice.io + spec: + group: networking.kubeslice.io + names: + kind: ServiceExport + listKind: ServiceExportList + plural: serviceexports + shortNames: + - svcex + singular: serviceexport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.slice + name: Slice + type: string + - jsonPath: .spec.ingressEnabled + name: Ingress + type: boolean + - jsonPath: .status.exposedPorts + name: Port(s) + type: string + - jsonPath: .status.availableEndpoints + name: Endpoints + type: integer + - jsonPath: .status.exportStatus + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ServiceExport is the Schema for the serviceexports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServiceExportSpec defines the desired state of ServiceExport + properties: + ingressEnabled: + description: IngressEnabled denotes whether the traffic should be + proxied through an ingress gateway + type: boolean + ports: + description: Ports which should be exposed through the service + items: + description: ServicePort is the port exposed by ServicePod + properties: + containerPort: + description: Port number exposed from the container + format: int32 + type: integer + name: + description: Name of the port + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults + to "TCP". + type: string + required: + - containerPort + type: object + type: array + selector: + description: Selector is a label query over pods that should be exposed + as a service + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + slice: + description: Slice denotes the slice which the app is part of + type: string + required: + - ports + - selector + - slice + type: object + status: + description: ServiceExportStatus defines the observed state of ServiceExport + properties: + availableEndpoints: + description: AvailableEndpoints shows the number of available endpoints + type: integer + dnsName: + description: DNSName is the FQDN to reach the service + type: string + exportStatus: + description: ExportStatus denotes the export status of the service + type: string + exposedPorts: + description: ExposedPorts shows a one line representation of ports + and protocols exposed only used to show as a printercolumn + type: string + ingressGwEnabled: + description: IngressGwEnabled denotes ingress gw is enabled for the + serviceexport + type: boolean + ingressGwPod: + description: IngressGwPod contains ingress gateway pod info + properties: + name: + description: Name of the pod + type: string + nsmIp: + description: NsmIP of the pod which is reachable within slice + type: string + required: + - name + type: object + lastSync: + description: Last sync time with backend + format: int64 + type: integer + pods: + description: Pods denotes the service endpoint pods + items: + description: ServicePod contains pod information which offers a + service + properties: + dnsName: + description: DNSName is the dns A record name for the pod + type: string + name: + description: Name of the pod + type: string + nsmIp: + description: NsmIP of the pod which is reachable within slice + type: string + podIp: + description: PodIp of the pod which is reachable within cluster + type: string + required: + - dnsName + - name + - podIp + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: serviceimports.networking.kubeslice.io + spec: + group: networking.kubeslice.io + names: + kind: ServiceImport + listKind: ServiceImportList + plural: serviceimports + shortNames: + - svcim + singular: serviceimport + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.slice + name: Slice + type: string + - jsonPath: .status.exposedPorts + name: Port(s) + type: string + - jsonPath: .status.availableEndpoints + name: Endpoints + type: integer + - jsonPath: .status.importStatus + name: Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ServiceImport is the Schema for the serviceimports API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ServiceImportSpec defines the desired state of ServiceImport + properties: + dnsName: + description: DNSName shows the FQDN to reach the service + type: string + ports: + description: Ports which should be exposed through the service + items: + description: ServicePort is the port exposed by ServicePod + properties: + containerPort: + description: Port number exposed from the container + format: int32 + type: integer + name: + description: Name of the port + type: string + protocol: + default: TCP + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults + to "TCP". + type: string + required: + - containerPort + type: object + type: array + slice: + description: Slice denotes the slice which the app is part of + type: string + required: + - dnsName + - ports + - slice + type: object + status: + description: ServiceImportStatus defines the observed state of ServiceImport + properties: + availableEndpoints: + description: AvailableEndpoints shows the number of available endpoints + type: integer + endpoints: + description: Endpoints which provide the service + items: + description: ServiceEndpoint contains details of a single endpoint + which offers a particular service + properties: + clusterId: + description: ClusterID which the endpoint belongs to + type: string + dnsName: + description: DNSName + type: string + ip: + description: IP of the pod which is reachable within slice + type: string + name: + description: Name of the endpoint + type: string + port: + description: Port to reach the endpoint + format: int32 + type: integer + required: + - clusterId + - dnsName + - ip + - port + type: object + type: array + exposedPorts: + description: ExposedPorts shows a one line representation of ports + and protocols exposed only used to show as a printercolumn + type: string + importStatus: + description: ImportStatus denotes the status of the imported service + type: string + lastSync: + description: Last sync time with backend + format: int64 + type: integer + updatedOn: + description: Used to match if the service is updated from backend + format: int64 + type: integer + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + networking.kubeslice.io_slicegateways.yaml: |2 + + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: slicegateways.networking.kubeslice.io + spec: + group: networking.kubeslice.io + names: + kind: SliceGateway + listKind: SliceGatewayList + plural: slicegateways + shortNames: + - slicegw + singular: slicegateway + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.config.sliceGatewaySubnet + name: Subnet + type: string + - jsonPath: .status.config.sliceGatewayRemoteSubnet + name: Remote Subnet + type: string + - jsonPath: .status.config.sliceGatewayRemoteClusterId + name: Remote Cluster + type: string + - jsonPath: .status.config.sliceGatewayStatus + name: GW Status + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SliceGateway is the Schema for the slicegateways API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SliceGatewaySpec defines the desired state of SliceGateway + properties: + siteName: + description: SiteName is site name + type: string + sliceName: + description: SliceName is the Name of the slice this gateway is attached + into + type: string + type: object + status: + description: SliceGatewayStatus defines the observed state of SliceGateway + properties: + config: + description: SliceGatewayConfig defines the config received from backend + properties: + sliceGatewayHostType: + description: 'Host Type : server or client' + type: string + sliceGatewayId: + description: UUID of the slice gateway. + type: string + sliceGatewayLocalVpnIp: + description: Local VPN IP + type: string + sliceGatewayName: + description: Slice Gateway Name + type: string + sliceGatewayNodePort: + description: Node port + type: integer + sliceGatewayRemoteClusterId: + description: Remote Cluster ID + type: string + sliceGatewayRemoteGatewayId: + description: Remote Gateway ID + type: string + sliceGatewayRemoteNodeIp: + description: Remote Node IP + type: string + sliceGatewayRemoteNodePort: + description: Remote Node Port + type: integer + sliceGatewayRemoteSubnet: + description: Remote Node Subnet + type: string + sliceGatewayRemoteVpnIp: + description: Remote VPN IP + type: string + sliceGatewayStatus: + description: SliceGateway status + type: string + sliceGatewaySubnet: + description: Slice gateway subnet range. + type: string + sliceName: + description: Name of the slice. + type: string + sliceSiteName: + description: Slice gateway subnet range. + type: string + type: object + configUpdatedOn: + description: ConfigUpdatedOn is the time when Config updated from + backend + format: int64 + type: integer + connectionContextUpdatedOn: + description: ConnectionContextUpdated is the time when context updated + in pod + format: int64 + type: integer + localIp: + description: LocalIP is the gateway tunnel ip + type: string + localNsmIp: + description: LocalNsmIP is the IP on the nsm interface to Slice Router + type: string + peerIp: + description: PeerIP is the gateway tunnel peer ip + type: string + podIp: + description: PodIP is the Ip of the gateway pod running in cluster + type: string + podName: + description: PodName is the name of the gateway pod running in cluster + type: string + podStatus: + description: PodStatus shows whether gateway pod is healthy + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] + networking.kubeslice.io_slices.yaml: |2- + + --- + apiVersion: apiextensions.k8s.io/v1 + kind: CustomResourceDefinition + metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: slices.networking.kubeslice.io + spec: + group: networking.kubeslice.io + names: + kind: Slice + listKind: SliceList + plural: slices + singular: slice + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + description: Slice is the Schema for the slices API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: SliceSpec defines the desired state of Slice + type: object + status: + description: SliceStatus defines the observed state of Slice + properties: + allowedNamespaces: + description: Slice Allowed Namespace list + items: + type: string + type: array + appPods: + description: AppPods contains the list of app pods connected to the + slice + items: + description: AppPod defines the app pods connected to slice + properties: + nsmInterface: + description: NsmInterface is the nsm interface of App + type: string + nsmIp: + description: NsmIP is the nsm ip of App + type: string + nsmPeerIp: + description: PeerIp is the nsm peer ip of gateway + type: string + podIp: + description: PodIP is App Pod IP + type: string + podName: + description: PodName is App Pod Name + type: string + podNamespace: + description: PodNamespace is App Pod Namespace + type: string + type: object + type: array + appPodsUpdatedOn: + description: AppPodsUpdatedOn is the time when app pods list was updated + format: int64 + type: integer + applicationNamespaces: + description: Slice Application Namespace list + items: + type: string + type: array + dnsIP: + description: DNSIP is the IP of Coredns server + type: string + networkPoliciesInstalled: + default: false + description: NetworkPoliciesInstalled defines whether the netpol are + installed in atleast one applicationNamespace + type: boolean + sliceConfig: + description: SliceConfig is the spec for slice received from hub cluster + properties: + clusterSubnetCIDR: + description: ClusterSubnetCIDR is the subnet to be used by the + current cluster + type: string + externalGatewayConfig: + description: ExternalGatewayConfig determines istio ingress/egress + configuration + properties: + egress: + properties: + enabled: + type: boolean + type: object + gatewayType: + type: string + ingress: + properties: + enabled: + type: boolean + type: object + nsIngress: + properties: + enabled: + type: boolean + type: object + type: object + namespaceIsolationProfile: + description: Namespace Isolation profile contains fields related + to namespace binding to slice + properties: + allowedNamespaces: + description: Allowed namespaces is a list of namespaces that + can send and receive traffic to app namespaces + items: + type: string + type: array + applicationNamespaces: + description: Application namespaces is a list of namespaces + that are bound to the slice + items: + type: string + type: array + isolationEnabled: + default: false + description: Enable Namespace Isolation in the slice + type: boolean + type: object + qosProfileDetails: + description: QOS profile details + properties: + bandwidthCeilingKbps: + description: Bandwidth Ceiling eg:5000 + type: integer + bandwidthGuaranteedKbps: + description: Bandwidth Guaranteed eg:4000 + type: integer + dscpClass: + description: DSCP code for inter cluster traffic + type: string + priority: + description: Priority 0-3 + type: integer + queueType: + description: Queue Type + type: string + tcType: + description: TC type + type: string + type: object + sliceDisplayName: + description: display name of the slice. + type: string + sliceId: + description: UUID of the slice. + type: string + sliceIpam: + description: IPAM configuration for the slice + properties: + ipamClusterOctet: + description: Cluster specific octet for IPAM root subnet + type: integer + sliceIpamType: + description: IPAM Type for slice + type: string + required: + - sliceIpamType + type: object + sliceSubnet: + description: IP subnet range of the slice. + type: string + sliceType: + description: Type of the slice. + type: string + required: + - qosProfileDetails + - sliceDisplayName + - sliceId + - sliceIpam + - sliceSubnet + - sliceType + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} + status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: kubeslice-install-crds + namespace: kubeslice-system + annotations: + "helm.sh/hook": pre-install,pre-upgrade,pre-rollback + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "2" + labels: + app.kubernetes.io/name: kubeslice + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + backoffLimit: 3 + template: + metadata: + name: kubeslice-install-crds + spec: + serviceAccountName: kubeslice-install-crds + containers: + - name: kubectl + image: "alpine/k8s:1.22.9" + command: + - /bin/sh + - -c + - kubectl apply -f /tmp/crds.yaml + volumeMounts: + - mountPath: /tmp + name: crds + volumes: + - name: crds + configMap: + name: kubeslice-install-crds + items: + - key: "crds.yaml" + path: "crds.yaml" + restartPolicy: OnFailure diff --git a/charts/avesha/kubeslice-worker/templates/webhook.yaml b/charts/avesha/kubeslice-worker/templates/webhook.yaml index b9f8bf43e..f51a31d99 100644 --- a/charts/avesha/kubeslice-worker/templates/webhook.yaml +++ b/charts/avesha/kubeslice-worker/templates/webhook.yaml @@ -38,11 +38,12 @@ webhooks: service: name: kubeslice-webhook-service namespace: {{ .Release.Namespace }} - path: /mutate-appsv1-deploy + path: /mutate-webhook failurePolicy: Fail - name: mdeploy.avesha.io + name: webhook.kubeslice.io rules: - apiGroups: + - "" - apps apiVersions: - v1 @@ -50,17 +51,26 @@ webhooks: - CREATE - UPDATE resources: + - pods - deployments + - statefulsets + - daemonsets sideEffects: NoneOnDryRun namespaceSelector: matchExpressions: + - key: kubeslice.io/slice + operator: Exists - key: name operator: NotIn values: - - kube-system - - {{ .Release.Namespace }} + - kube-system + - spire + - {{ .Release.Namespace | quote}} + - {{ .Values.controllerNamespace | quote }} - key: kubernetes.io/metadata.name operator: NotIn values: - - kube-system - - {{ .Release.Namespace }} + - kube-system + - spire + - {{ .Release.Namespace | quote }} + - {{ .Values.controllerNamespace | quote }} diff --git a/charts/avesha/kubeslice-worker/values.yaml b/charts/avesha/kubeslice-worker/values.yaml index dfd8197e6..36ffde5b9 100644 --- a/charts/avesha/kubeslice-worker/values.yaml +++ b/charts/avesha/kubeslice-worker/values.yaml @@ -1,6 +1,6 @@ operator: image: docker.io/aveshasystems/worker-operator-ent - tag: 0.2.1 + tag: 0.5.0 pullPolicy: IfNotPresent logLevel: INFO @@ -17,51 +17,55 @@ cluster: endpoint: router: - image: docker.io/aveshasystems/vl3_ucnf-nse + image: docker.io/aveshasystems/cmd-nse-vl3 tag: 1.0.0 - pullPolicy: IfNotPresent + pullPolicy: IfNotPresent routerSidecar: - image: docker.io/aveshasystems/kubeslice-router-sidecar-ent - tag: 0.1.1 + image: docker.io/aveshasystems/kubeslice-router-sidecar + tag: 0.3.1 pullPolicy: IfNotPresent netop: - networkInterface: - image: docker.io/aveshasystems/netops-ent - tag: 0.1.0 + networkInterface: eth0 + image: docker.io/aveshasystems/netops + tag: 0.1.1 pullPolicy: IfNotPresent gateway: - image: docker.io/aveshasystems/gw-sidecar-ent - tag: 0.1.3 + image: docker.io/aveshasystems/gw-sidecar + tag: 0.1.4 pullPolicy: IfNotPresent logLevel: INFO openvpn: server: - image: docker.io/aveshasystems/openvpn-server.ubuntu.18.04 - tag: 1.0.0 + image: docker.io/aveshasystems/openvpn-server.alpine.amd64 + tag: 1.0.1 pullPolicy: IfNotPresent client: image: docker.io/aveshasystems/openvpn-client.alpine.amd64 - tag: 1.0.0 + tag: 1.0.1 pullPolicy: IfNotPresent dns: image: docker.io/aveshasystems/dns - tag: 0.0.2 + tag: 0.0.3 pullPolicy: IfNotPresent -nsm: - forwardingPlane: kernel - jaeger: enabled: false +metrics: + insecure: false + metricResolution: "15s" + imagePullPolicy: IfNotPresent + # username & password & email values for imagePullSecrets has to provided to create a secret imagePullSecrets: repository: https://index.docker.io/v1/ username: password: email: + +controllerNamespace: kubeslice-controller diff --git a/charts/bitnami/airflow/Chart.lock b/charts/bitnami/airflow/Chart.lock index a812d85e1..a7afc847f 100644 --- a/charts/bitnami/airflow/Chart.lock +++ b/charts/bitnami/airflow/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 17.6.0 - name: postgresql repository: https://charts.bitnami.com/bitnami - version: 12.1.10 + version: 12.1.14 - name: common repository: https://charts.bitnami.com/bitnami version: 2.2.2 -digest: sha256:ee18c87bfd8a3bd8527b9644a0e51112762fe1722d7b1e1a81f7c55617a4cf74 -generated: "2023-01-26T12:25:32.085167719Z" +digest: sha256:245de8b17e6c836197d271e160ba44ee3b6fb119ba8becc70e590bdcb0e3bc5f +generated: "2023-02-02T13:03:40.325978595Z" diff --git a/charts/bitnami/airflow/Chart.yaml b/charts/bitnami/airflow/Chart.yaml index 579ad5ff5..c098419ce 100644 --- a/charts/bitnami/airflow/Chart.yaml +++ b/charts/bitnami/airflow/Chart.yaml @@ -38,4 +38,4 @@ name: airflow sources: - https://github.com/bitnami/containers/tree/main/bitnami/airflow - https://airflow.apache.org/ -version: 14.0.9 +version: 14.0.11 diff --git a/charts/bitnami/airflow/README.md b/charts/bitnami/airflow/README.md index 2cb9dc461..44a164b05 100644 --- a/charts/bitnami/airflow/README.md +++ b/charts/bitnami/airflow/README.md @@ -92,7 +92,7 @@ The command removes all the Kubernetes components associated with the chart and | `dags.existingConfigmap` | Name of an existing ConfigMap with all the DAGs files you want to load in Airflow | `""` | | `dags.image.registry` | Init container load-dags image registry | `docker.io` | | `dags.image.repository` | Init container load-dags image repository | `bitnami/bitnami-shell` | -| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r76` | +| `dags.image.tag` | Init container load-dags image tag (immutable tags are recommended) | `11-debian-11-r79` | | `dags.image.digest` | Init container load-dags image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `dags.image.pullPolicy` | Init container load-dags image pull policy | `IfNotPresent` | | `dags.image.pullSecrets` | Init container load-dags image pull secrets | `[]` | @@ -112,7 +112,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | -------------------- | | `web.image.registry` | Airflow image registry | `docker.io` | | `web.image.repository` | Airflow image repository | `bitnami/airflow` | -| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.1-debian-11-r2` | +| `web.image.tag` | Airflow image tag (immutable tags are recommended) | `2.5.1-debian-11-r5` | | `web.image.digest` | Airflow image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `web.image.pullPolicy` | Airflow image pull policy | `IfNotPresent` | | `web.image.pullSecrets` | Airflow image pull secrets | `[]` | @@ -188,7 +188,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------------------- | | `scheduler.image.registry` | Airflow Scheduler image registry | `docker.io` | | `scheduler.image.repository` | Airflow Scheduler image repository | `bitnami/airflow-scheduler` | -| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.1-debian-11-r1` | +| `scheduler.image.tag` | Airflow Scheduler image tag (immutable tags are recommended) | `2.5.1-debian-11-r5` | | `scheduler.image.digest` | Airflow Schefuler image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `scheduler.image.pullPolicy` | Airflow Scheduler image pull policy | `IfNotPresent` | | `scheduler.image.pullSecrets` | Airflow Scheduler image pull secrets | `[]` | @@ -243,7 +243,7 @@ The command removes all the Kubernetes components associated with the chart and | ---------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ | | `worker.image.registry` | Airflow Worker image registry | `docker.io` | | `worker.image.repository` | Airflow Worker image repository | `bitnami/airflow-worker` | -| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.1-debian-11-r1` | +| `worker.image.tag` | Airflow Worker image tag (immutable tags are recommended) | `2.5.1-debian-11-r5` | | `worker.image.digest` | Airflow Worker image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `worker.image.pullPolicy` | Airflow Worker image pull policy | `IfNotPresent` | | `worker.image.pullSecrets` | Airflow Worker image pull secrets | `[]` | @@ -324,7 +324,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------------------ | --------------------------------------------------------------------------------------------------- | --------------------- | | `git.image.registry` | Git image registry | `docker.io` | | `git.image.repository` | Git image repository | `bitnami/git` | -| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.39.1-debian-11-r3` | +| `git.image.tag` | Git image tag (immutable tags are recommended) | `2.39.1-debian-11-r6` | | `git.image.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `git.image.pullPolicy` | Git image pull policy | `IfNotPresent` | | `git.image.pullSecrets` | Git image pull secrets | `[]` | @@ -420,7 +420,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Whether or not to create a standalone Airflow exporter to expose Airflow metrics | `false` | | `metrics.image.registry` | Airflow exporter image registry | `docker.io` | | `metrics.image.repository` | Airflow exporter image repository | `bitnami/airflow-exporter` | -| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r84` | +| `metrics.image.tag` | Airflow exporter image tag (immutable tags are recommended) | `0.20220314.0-debian-11-r86` | | `metrics.image.digest` | Airflow exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Airflow exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Airflow exporter image pull secrets | `[]` | @@ -703,7 +703,7 @@ Refer to the [chart documentation for more information about how to upgrade from ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/airflow/charts/postgresql/Chart.yaml b/charts/bitnami/airflow/charts/postgresql/Chart.yaml index 78b34f246..57f3af1e1 100644 --- a/charts/bitnami/airflow/charts/postgresql/Chart.yaml +++ b/charts/bitnami/airflow/charts/postgresql/Chart.yaml @@ -28,4 +28,4 @@ name: postgresql sources: - https://github.com/bitnami/containers/tree/main/bitnami/postgresql - https://www.postgresql.org/ -version: 12.1.10 +version: 12.1.14 diff --git a/charts/bitnami/airflow/charts/postgresql/README.md b/charts/bitnami/airflow/charts/postgresql/README.md index c9e9dbec8..e6259ab32 100644 --- a/charts/bitnami/airflow/charts/postgresql/README.md +++ b/charts/bitnami/airflow/charts/postgresql/README.md @@ -7,7 +7,7 @@ PostgreSQL (Postgres) is an open source object-relational database known for rel [Overview of PostgreSQL](http://www.postgresql.org) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR ```console @@ -102,7 +102,7 @@ $ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r20` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r31` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -383,7 +383,7 @@ $ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r69` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r79` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -412,7 +412,7 @@ $ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r46` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r55` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | @@ -679,7 +679,7 @@ Refer to the [chart documentation for more information about how to upgrade from ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-svc.yaml b/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-svc.yaml index 75a1b81be..a38b52a8a 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-svc.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/metrics-svc.yaml @@ -9,6 +9,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -16,6 +17,7 @@ metadata: {{- if .Values.metrics.service.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: type: ClusterIP sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml b/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml index 653138cde..0e312ea63 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/statefulset.yaml @@ -12,6 +12,7 @@ metadata: {{- if .Values.primary.labels }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.primary.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -19,6 +20,7 @@ metadata: {{- if .Values.primary.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: replicas: 1 serviceName: {{ include "postgresql.primary.svc.headless" . }} @@ -39,6 +41,7 @@ spec: {{- if .Values.primary.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} {{- end }} + {{- if or (include "postgresql.primary.createConfigmap" .) (include "postgresql.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }} annotations: {{- if (include "postgresql.primary.createConfigmap" .) }} checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} @@ -49,6 +52,7 @@ spec: {{- if .Values.primary.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }} {{- end }} + {{- end }} spec: {{- if .Values.primary.extraPodSpec }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }} @@ -89,6 +93,7 @@ spec: {{- end }} hostNetwork: {{ .Values.primary.hostNetwork }} hostIPC: {{ .Values.primary.hostIPC }} + {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled)) .Values.primary.initContainers }} initContainers: {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} - name: copy-certs @@ -177,6 +182,7 @@ spec: {{- if .Values.primary.initContainers }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }} {{- end }} + {{- end }} containers: - name: postgresql image: {{ include "postgresql.image" . }} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/primary/svc.yaml b/charts/bitnami/airflow/charts/postgresql/templates/primary/svc.yaml index cf184809a..6ddd55b7b 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/primary/svc.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/primary/svc.yaml @@ -8,6 +8,7 @@ metadata: {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} app.kubernetes.io/component: primary + {{- if or .Values.commonAnnotations .Values.primary.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -15,6 +16,7 @@ metadata: {{- if .Values.primary.service.annotations }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }} {{- end }} + {{- end }} spec: type: {{ .Values.primary.service.type }} {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-svc.yaml b/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-svc.yaml index b3e54974e..6f54ed243 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-svc.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/read/metrics-svc.yaml @@ -9,6 +9,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -16,6 +17,7 @@ metadata: {{- if .Values.metrics.service.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: type: ClusterIP sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml b/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml index 80c8e8bba..6d35e4747 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/read/statefulset.yaml @@ -13,6 +13,7 @@ metadata: {{- if .Values.readReplicas.labels }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.readReplicas.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -20,6 +21,7 @@ metadata: {{- if .Values.readReplicas.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: replicas: {{ .Values.readReplicas.replicaCount }} serviceName: {{ include "postgresql.readReplica.svc.headless" . }} @@ -40,6 +42,7 @@ spec: {{- if .Values.readReplicas.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }} {{- end }} + {{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }} annotations: {{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }} checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }} @@ -47,6 +50,7 @@ spec: {{- if .Values.readReplicas.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }} {{- end }} + {{- end }} spec: {{- if .Values.readReplicas.extraPodSpec }} {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }} @@ -87,6 +91,7 @@ spec: {{- end }} hostNetwork: {{ .Values.readReplicas.hostNetwork }} hostIPC: {{ .Values.readReplicas.hostIPC }} + {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled)) .Values.readReplicas.initContainers }} initContainers: {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} - name: copy-certs @@ -175,6 +180,7 @@ spec: {{- if .Values.readReplicas.initContainers }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }} {{- end }} + {{- end }} containers: - name: postgresql image: {{ include "postgresql.image" . }} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/read/svc.yaml b/charts/bitnami/airflow/charts/postgresql/templates/read/svc.yaml index 3eece4dbb..c308c3f60 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/read/svc.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/read/svc.yaml @@ -9,6 +9,7 @@ metadata: {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} app.kubernetes.io/component: read + {{- if or .Values.commonAnnotations .Values.readReplicas.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -16,6 +17,7 @@ metadata: {{- if .Values.readReplicas.service.annotations }} {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }} {{- end }} + {{- end }} spec: type: {{ .Values.readReplicas.service.type }} {{- if or (eq .Values.readReplicas.service.type "LoadBalancer") (eq .Values.readReplicas.service.type "NodePort") }} diff --git a/charts/bitnami/airflow/charts/postgresql/templates/tls-secrets.yaml b/charts/bitnami/airflow/charts/postgresql/templates/tls-secrets.yaml index 59c577647..482e29876 100644 --- a/charts/bitnami/airflow/charts/postgresql/templates/tls-secrets.yaml +++ b/charts/bitnami/airflow/charts/postgresql/templates/tls-secrets.yaml @@ -1,4 +1,5 @@ {{- if (include "postgresql.createTlsSecret" . ) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "postgresql-ca" 365 }} {{- $fullname := include "common.names.fullname" . }} {{- $releaseNamespace := .Release.Namespace }} @@ -6,11 +7,11 @@ {{- $primaryHeadlessServiceName := include "postgresql.primary.svc.headless" . }} {{- $readHeadlessServiceName := include "postgresql.readReplica.svc.headless" . }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -21,7 +22,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/airflow/charts/postgresql/values.yaml b/charts/bitnami/airflow/charts/postgresql/values.yaml index b4785a4f5..7bf35af20 100644 --- a/charts/bitnami/airflow/charts/postgresql/values.yaml +++ b/charts/bitnami/airflow/charts/postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 15.1.0-debian-11-r20 + tag: 15.1.0-debian-11-r31 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1130,7 +1130,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r69 + tag: 11-debian-11-r79 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1217,7 +1217,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.11.1-debian-11-r46 + tag: 0.11.1-debian-11-r55 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/airflow/templates/web/tls-secrets.yaml b/charts/bitnami/airflow/templates/web/tls-secrets.yaml index 68781fcd8..560c8b091 100644 --- a/charts/bitnami/airflow/templates/web/tls-secrets.yaml +++ b/charts/bitnami/airflow/templates/web/tls-secrets.yaml @@ -21,12 +21,13 @@ data: {{- end }} {{- end }} {{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} {{- $ca := genCA "airflow-ca" 365 }} {{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -37,8 +38,8 @@ metadata: {{- end }} type: kubernetes.io/tls data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- end }} diff --git a/charts/bitnami/airflow/values.yaml b/charts/bitnami/airflow/values.yaml index bf37be054..722953cb4 100644 --- a/charts/bitnami/airflow/values.yaml +++ b/charts/bitnami/airflow/values.yaml @@ -118,7 +118,7 @@ dags: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r76 + tag: 11-debian-11-r79 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -185,7 +185,7 @@ web: image: registry: docker.io repository: bitnami/airflow - tag: 2.5.1-debian-11-r2 + tag: 2.5.1-debian-11-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -443,7 +443,7 @@ scheduler: image: registry: docker.io repository: bitnami/airflow-scheduler - tag: 2.5.1-debian-11-r1 + tag: 2.5.1-debian-11-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -647,7 +647,7 @@ worker: image: registry: docker.io repository: bitnami/airflow-worker - tag: 2.5.1-debian-11-r1 + tag: 2.5.1-debian-11-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -920,7 +920,7 @@ git: image: registry: docker.io repository: bitnami/git - tag: 2.39.1-debian-11-r3 + tag: 2.39.1-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1283,7 +1283,7 @@ metrics: image: registry: docker.io repository: bitnami/airflow-exporter - tag: 0.20220314.0-debian-11-r84 + tag: 0.20220314.0-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/cassandra/Chart.yaml b/charts/bitnami/cassandra/Chart.yaml index b300bf614..9533cede2 100644 --- a/charts/bitnami/cassandra/Chart.yaml +++ b/charts/bitnami/cassandra/Chart.yaml @@ -29,4 +29,4 @@ name: cassandra sources: - https://github.com/bitnami/containers/tree/main/bitnami/cassandra - http://cassandra.apache.org -version: 10.0.1 +version: 10.0.2 diff --git a/charts/bitnami/cassandra/README.md b/charts/bitnami/cassandra/README.md index 18a1a57cc..b5dde0cb3 100644 --- a/charts/bitnami/cassandra/README.md +++ b/charts/bitnami/cassandra/README.md @@ -461,7 +461,7 @@ This release make it possible to specify custom initialization scripts in both c ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/cassandra/templates/_helpers.tpl b/charts/bitnami/cassandra/templates/_helpers.tpl index 5c715383d..0bd03d525 100644 --- a/charts/bitnami/cassandra/templates/_helpers.tpl +++ b/charts/bitnami/cassandra/templates/_helpers.tpl @@ -220,39 +220,6 @@ otherwise it generates a random value. {{- end }} {{- end -}} - -{{/* -Returns the available TLS Cert in an existing secret (if it exists), -otherwise it generates a new one. -*/}} -{{- define "cassandra.getTlsCertStrFromSecret" }} - {{- $len := (default 365 .Length) | int -}} - {{- $ca := "" -}} - {{- $crt := "" -}} - {{- $key := "" -}} - {{- $tlsCert := (lookup "v1" "Secret" .Release.Namespace (printf "%s-%s" (include "common.names.fullname" .) "crt" | trunc 63 | trimSuffix "-")).data -}} - - {{- if $tlsCert }} - {{- $ca = (get $tlsCert "ca.crt" | b64dec) -}} - {{- $crt = (get $tlsCert "tls.crt" | b64dec) -}} - {{- $key = (get $tlsCert "tls.key" | b64dec) -}} - {{- else -}} - {{- $caFull := genCA "cassandra-ca" 365 }} - {{- $fullname := include "common.names.fullname" . }} - {{- $releaseNamespace := .Release.Namespace }} - {{- $clusterDomain := .Values.clusterDomain }} - {{- $serviceName := include "common.names.fullname" . }} - {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} - {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "localhost" "127.0.0.1" $fullname }} - {{- $cert := genSignedCert $fullname nil $altNames 365 $caFull }} - {{- $ca = $caFull.Cert -}} - {{- $crt = $cert.Cert -}} - {{- $key = $cert.Key -}} - {{- end -}} - - {{- printf "%s###%s###%s" $ca $crt $key -}} -{{- end }} - {{/* Get the metrics config map name. */}} diff --git a/charts/bitnami/cassandra/templates/tls-secret.yaml b/charts/bitnami/cassandra/templates/tls-secret.yaml index e704ce904..4dcb6e9d4 100644 --- a/charts/bitnami/cassandra/templates/tls-secret.yaml +++ b/charts/bitnami/cassandra/templates/tls-secret.yaml @@ -1,14 +1,17 @@ {{- if (include "cassandra.createTlsSecret" . ) }} - -{{- $tlsCertStr := regexSplit "###" (include "cassandra.getTlsCertStrFromSecret" .) -1 }} -{{- $ca := index $tlsCertStr 0 }} -{{- $crt := index $tlsCertStr 1 }} -{{- $key := index $tlsCertStr 2 }} - +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- $ca := genCA "cassandra-ca" 365 }} +{{- $fullname := include "common.names.fullname" . }} +{{- $releaseNamespace := .Release.Namespace }} +{{- $clusterDomain := .Values.clusterDomain }} +{{- $serviceName := include "common.names.fullname" . }} +{{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} +{{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "localhost" "127.0.0.1" $fullname }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -19,7 +22,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca | b64enc | quote }} - tls.crt: {{ $crt | b64enc | quote }} - tls.key: {{ $key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/kafka/Chart.yaml b/charts/bitnami/kafka/Chart.yaml index f917e965a..114788e2c 100644 --- a/charts/bitnami/kafka/Chart.yaml +++ b/charts/bitnami/kafka/Chart.yaml @@ -35,4 +35,4 @@ name: kafka sources: - https://github.com/bitnami/containers/tree/main/bitnami/kafka - https://kafka.apache.org/ -version: 20.0.5 +version: 20.0.6 diff --git a/charts/bitnami/kafka/templates/tls-secrets.yaml b/charts/bitnami/kafka/templates/tls-secrets.yaml index fdf350e87..d6b1adc28 100644 --- a/charts/bitnami/kafka/templates/tls-secrets.yaml +++ b/charts/bitnami/kafka/templates/tls-secrets.yaml @@ -5,6 +5,7 @@ {{- $fullname := include "common.names.fullname" . }} {{- $ca := genCA "kafka-ca" 365 }} {{- range $i := until $replicaCount }} +{{- $secretName := printf "%s-%d-tls" (include "common.names.fullname" $) $i }} {{- $replicaHost := printf "%s-%d.%s-headless" $fullname $i $fullname }} {{- $altNames := list (printf "%s.%s.svc.%s" $replicaHost $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s" $replicaHost $releaseNamespace) (printf "%s.%s" $fullname $releaseNamespace) $replicaHost $fullname }} {{- $cert := genSignedCert $replicaHost nil $altNames 365 $ca }} @@ -22,9 +23,9 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} --- {{- end }} {{- end }} diff --git a/charts/bitnami/mariadb/Chart.yaml b/charts/bitnami/mariadb/Chart.yaml index 179e69532..5efaf4e9a 100644 --- a/charts/bitnami/mariadb/Chart.yaml +++ b/charts/bitnami/mariadb/Chart.yaml @@ -6,7 +6,7 @@ annotations: category: Database licenses: Apache-2.0 apiVersion: v2 -appVersion: 10.6.11 +appVersion: 10.6.12 dependencies: - name: common repository: file://./charts/common @@ -32,4 +32,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/mariadb - https://github.com/prometheus/mysqld_exporter - https://mariadb.org -version: 11.4.4 +version: 11.4.6 diff --git a/charts/bitnami/mariadb/README.md b/charts/bitnami/mariadb/README.md index 381149316..17b097298 100644 --- a/charts/bitnami/mariadb/README.md +++ b/charts/bitnami/mariadb/README.md @@ -10,7 +10,7 @@ Trademarks: This software listing is packaged by Bitnami. The respective tradema ## TL;DR -```bash +```console $ helm repo add my-repo https://charts.bitnami.com/bitnami $ helm install my-release my-repo/mariadb ``` @@ -33,7 +33,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: -```bash +```console +$ helm repo add my-repo https://charts.bitnami.com/bitnami $ helm install my-release my-repo/mariadb ``` @@ -45,7 +46,7 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati To uninstall/delete the `my-release` deployment: -```bash +```console $ helm delete my-release ``` @@ -82,210 +83,214 @@ The command removes all the Kubernetes components associated with the chart and ### MariaDB common parameters -| Name | Description | Value | -| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `image.registry` | MariaDB image registry | `docker.io` | -| `image.repository` | MariaDB image repository | `bitnami/mariadb` | -| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.11-debian-11-r22` | -| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | -| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` | -| `auth.database` | Name for a custom database to create | `my_database` | -| `auth.username` | Name for a custom user to create | `""` | -| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | -| `auth.replicationUser` | MariaDB replication user | `replicator` | -| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` | -| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` | -| `auth.forcePassword` | Force users to specify required passwords | `false` | -| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` | -| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | -| `initdbScripts` | Dictionary of initdb scripts | `{}` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `image.registry` | MariaDB image registry | `docker.io` | +| `image.repository` | MariaDB image repository | `bitnami/mariadb` | +| `image.tag` | MariaDB image tag (immutable tags are recommended) | `10.6.12-debian-11-r0` | +| `image.digest` | MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | MariaDB image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `architecture` | MariaDB architecture (`standalone` or `replication`) | `standalone` | +| `auth.rootPassword` | Password for the `root` user. Ignored if existing secret is provided. | `""` | +| `auth.database` | Name for a custom database to create | `my_database` | +| `auth.username` | Name for a custom user to create | `""` | +| `auth.password` | Password for the new user. Ignored if existing secret is provided | `""` | +| `auth.replicationUser` | MariaDB replication user | `replicator` | +| `auth.replicationPassword` | MariaDB replication user password. Ignored if existing secret is provided | `""` | +| `auth.existingSecret` | Use existing secret for password details (`auth.rootPassword`, `auth.password`, `auth.replicationPassword` will be ignored and picked up from this secret). The secret has to contain the keys `mariadb-root-password`, `mariadb-replication-password` and `mariadb-password` | `""` | +| `auth.forcePassword` | Force users to specify required passwords | `false` | +| `auth.usePasswordFiles` | Mount credentials as files instead of using environment variables | `false` | +| `auth.customPasswordFiles` | Use custom password files when `auth.usePasswordFiles` is set to `true`. Define path for keys `root` and `user`, also define `replicator` if `architecture` is set to `replication` | `{}` | +| `initdbScripts` | Dictionary of initdb scripts | `{}` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `""` | ### MariaDB Primary parameters -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- | -| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | -| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` | -| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` | -| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` | -| `primary.hostAliases` | Add deployment host aliases | `[]` | -| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` | -| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` | -| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` | -| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` | -| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` | -| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` | -| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` | -| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` | -| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` | -| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` | -| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` | -| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` | -| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | -| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | -| `primary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | -| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | -| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | -| `primary.startupProbe.enabled` | Enable startupProbe | `false` | -| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | -| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | -| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` | -| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` | -| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` | -| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` | -| `primary.extraFlags` | MariaDB primary additional command line flags | `""` | -| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` | -| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | -| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` | -| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` | -| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` | -| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` | -| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` | -| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` | -| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` | -| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` | -| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` | -| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` | -| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` | -| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` | -| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` | -| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` | -| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | +| Name | Description | Value | +| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- | +| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | +| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` | +| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` | +| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` | +| `primary.hostAliases` | Add deployment host aliases | `[]` | +| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` | +| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` | +| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` | +| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` | +| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` | +| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` | +| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` | +| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` | +| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` | +| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` | +| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` | +| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | +| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` | +| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | +| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | +| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | +| `primary.startupProbe.enabled` | Enable startupProbe | `false` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | +| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` | +| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` | +| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` | +| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` | +| `primary.extraFlags` | MariaDB primary additional command line flags | `""` | +| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` | +| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | +| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | +| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | +| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` | +| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` | +| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` | +| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` | +| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` | +| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` | +| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` | +| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` | +| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` | +| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` | +| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` | +| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` | +| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` | +| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | ### MariaDB Secondary parameters -| Name | Description | Value | -| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | -| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` | -| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` | -| `secondary.hostAliases` | Add deployment host aliases | `[]` | -| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` | -| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` | -| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` | -| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` | -| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` | -| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` | -| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | -| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | -| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` | -| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` | -| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` | -| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` | -| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` | -| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` | -| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` | -| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` | -| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | -| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | -| `secondary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | -| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | -| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | -| `secondary.startupProbe.enabled` | Enable startupProbe | `false` | -| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | -| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | -| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` | -| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` | -| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` | -| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` | -| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` | -| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` | -| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` | -| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` | -| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` | -| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` | -| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` | -| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` | -| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` | -| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` | -| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` | -| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` | -| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` | -| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` | -| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` | -| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` | -| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` | -| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` | -| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` | -| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` | -| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` | -| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` | -| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | +| Name | Description | Value | +| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | +| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` | +| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` | +| `secondary.hostAliases` | Add deployment host aliases | `[]` | +| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` | +| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` | +| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` | +| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` | +| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` | +| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` | +| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | +| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | +| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` | +| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` | +| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` | +| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` | +| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` | +| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` | +| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` | +| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` | +| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | +| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | +| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | +| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | +| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` | +| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | +| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | +| `secondary.startupProbe.enabled` | Enable startupProbe | `false` | +| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | +| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | +| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | +| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` | +| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` | +| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` | +| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` | +| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` | +| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` | +| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` | +| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` | +| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` | +| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` | +| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` | +| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` | +| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` | +| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` | +| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` | +| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` | +| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` | +| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` | +| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` | +| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` | +| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` | +| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` | +| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` | +| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` | +| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` | +| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` | +| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | ### RBAC parameters @@ -306,7 +311,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r71` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r80` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -316,47 +321,49 @@ The command removes all the Kubernetes components associated with the chart and ### Metrics parameters -| Name | Description | Value | -| -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Exporter image registry | `docker.io` | -| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` | -| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.annotations` | Annotations for the Exporter pod | `{}` | -| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | -| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | -| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | -| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | -| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | -| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Exporter image registry | `docker.io` | +| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r86` | +| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.annotations` | Annotations for the Exporter pod | `{}` | +| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | +| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | +| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` | +| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | ### NetworkPolicy parameters @@ -383,7 +390,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](https Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, -```bash +```console $ helm install my-release \ --set auth.rootPassword=secretpassword,auth.database=app_database \ my-repo/mariadb @@ -395,7 +402,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, -```bash +```console $ helm install my-release -f values.yaml my-repo/mariadb ``` @@ -455,7 +462,7 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: -```bash +```console $ helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] ``` @@ -512,7 +519,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new - Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://mariadb.com/kb/en/mysqldump/). - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: -```bash +```console $ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] ``` @@ -544,7 +551,7 @@ $ kubectl delete statefulset opencart-mariadb --cascade=false ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/mariadb/values.yaml b/charts/bitnami/mariadb/values.yaml index 5050374c6..3c7c3e170 100644 --- a/charts/bitnami/mariadb/values.yaml +++ b/charts/bitnami/mariadb/values.yaml @@ -81,7 +81,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mariadb - tag: 10.6.11-debian-11-r22 + tag: 10.6.12-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -313,12 +313,16 @@ primary: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param primary.containerSecurityContext.enabled MariaDB primary container securityContext ## @param primary.containerSecurityContext.runAsUser User ID for the MariaDB primary container - ## @param primary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot + ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot + ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged + ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false ## MariaDB primary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -702,12 +706,16 @@ secondary: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param secondary.containerSecurityContext.enabled MariaDB secondary container securityContext ## @param secondary.containerSecurityContext.runAsUser User ID for the MariaDB secondary container - ## @param secondary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot + ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot + ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged + ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false ## MariaDB secondary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -981,7 +989,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r71 + tag: 11-debian-11-r80 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1017,7 +1025,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.14.0-debian-11-r77 + tag: 0.14.0-debian-11-r86 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) @@ -1081,6 +1089,8 @@ metrics: ## MariaDB metrics container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container + ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged + ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation ## Example: ## containerSecurityContext: ## enabled: true @@ -1090,6 +1100,8 @@ metrics: ## containerSecurityContext: enabled: false + privileged: false + allowPrivilegeEscalation: false ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious diff --git a/charts/bitnami/postgresql/Chart.yaml b/charts/bitnami/postgresql/Chart.yaml index 1b8380966..8b7bec158 100644 --- a/charts/bitnami/postgresql/Chart.yaml +++ b/charts/bitnami/postgresql/Chart.yaml @@ -32,4 +32,4 @@ name: postgresql sources: - https://github.com/bitnami/containers/tree/main/bitnami/postgresql - https://www.postgresql.org/ -version: 12.1.11 +version: 12.1.14 diff --git a/charts/bitnami/postgresql/README.md b/charts/bitnami/postgresql/README.md index d48ef4740..e6259ab32 100644 --- a/charts/bitnami/postgresql/README.md +++ b/charts/bitnami/postgresql/README.md @@ -102,7 +102,7 @@ $ kubectl delete pvc -l release=my-release | ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | | `image.registry` | PostgreSQL image registry | `docker.io` | | `image.repository` | PostgreSQL image repository | `bitnami/postgresql` | -| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r28` | +| `image.tag` | PostgreSQL image tag (immutable tags are recommended) | `15.1.0-debian-11-r31` | | `image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | PostgreSQL image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `[]` | @@ -383,7 +383,7 @@ $ kubectl delete pvc -l release=my-release | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r76` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r79` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -412,7 +412,7 @@ $ kubectl delete pvc -l release=my-release | `metrics.enabled` | Start a prometheus exporter | `false` | | `metrics.image.registry` | PostgreSQL Prometheus Exporter image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Prometheus Exporter image repository | `bitnami/postgres-exporter` | -| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r53` | +| `metrics.image.tag` | PostgreSQL Prometheus Exporter image tag (immutable tags are recommended) | `0.11.1-debian-11-r55` | | `metrics.image.digest` | PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | PostgreSQL Prometheus Exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify image pull secrets | `[]` | @@ -679,7 +679,7 @@ Refer to the [chart documentation for more information about how to upgrade from ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml b/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml index 75a1b81be..a38b52a8a 100644 --- a/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml +++ b/charts/bitnami/postgresql/templates/primary/metrics-svc.yaml @@ -9,6 +9,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -16,6 +17,7 @@ metadata: {{- if .Values.metrics.service.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: type: ClusterIP sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} diff --git a/charts/bitnami/postgresql/templates/primary/statefulset.yaml b/charts/bitnami/postgresql/templates/primary/statefulset.yaml index 653138cde..0e312ea63 100644 --- a/charts/bitnami/postgresql/templates/primary/statefulset.yaml +++ b/charts/bitnami/postgresql/templates/primary/statefulset.yaml @@ -12,6 +12,7 @@ metadata: {{- if .Values.primary.labels }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.labels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.primary.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -19,6 +20,7 @@ metadata: {{- if .Values.primary.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: replicas: 1 serviceName: {{ include "postgresql.primary.svc.headless" . }} @@ -39,6 +41,7 @@ spec: {{- if .Values.primary.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podLabels "context" $ ) | nindent 8 }} {{- end }} + {{- if or (include "postgresql.primary.createConfigmap" .) (include "postgresql.primary.createExtendedConfigmap" .) .Values.primary.podAnnotations }} annotations: {{- if (include "postgresql.primary.createConfigmap" .) }} checksum/configuration: {{ include (print $.Template.BasePath "/primary/configmap.yaml") . | sha256sum }} @@ -49,6 +52,7 @@ spec: {{- if .Values.primary.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.podAnnotations "context" $ ) | nindent 8 }} {{- end }} + {{- end }} spec: {{- if .Values.primary.extraPodSpec }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.extraPodSpec "context" $) | nindent 6 }} @@ -89,6 +93,7 @@ spec: {{- end }} hostNetwork: {{ .Values.primary.hostNetwork }} hostIPC: {{ .Values.primary.hostIPC }} + {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.primary.persistence.enabled .Values.shmVolume.enabled)) .Values.primary.initContainers }} initContainers: {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} - name: copy-certs @@ -177,6 +182,7 @@ spec: {{- if .Values.primary.initContainers }} {{- include "common.tplvalues.render" ( dict "value" .Values.primary.initContainers "context" $ ) | nindent 8 }} {{- end }} + {{- end }} containers: - name: postgresql image: {{ include "postgresql.image" . }} diff --git a/charts/bitnami/postgresql/templates/primary/svc.yaml b/charts/bitnami/postgresql/templates/primary/svc.yaml index cf184809a..6ddd55b7b 100644 --- a/charts/bitnami/postgresql/templates/primary/svc.yaml +++ b/charts/bitnami/postgresql/templates/primary/svc.yaml @@ -8,6 +8,7 @@ metadata: {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} app.kubernetes.io/component: primary + {{- if or .Values.commonAnnotations .Values.primary.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -15,6 +16,7 @@ metadata: {{- if .Values.primary.service.annotations }} {{- include "common.tplvalues.render" (dict "value" .Values.primary.service.annotations "context" $) | nindent 4 }} {{- end }} + {{- end }} spec: type: {{ .Values.primary.service.type }} {{- if or (eq .Values.primary.service.type "LoadBalancer") (eq .Values.primary.service.type "NodePort") }} diff --git a/charts/bitnami/postgresql/templates/read/metrics-svc.yaml b/charts/bitnami/postgresql/templates/read/metrics-svc.yaml index b3e54974e..6f54ed243 100644 --- a/charts/bitnami/postgresql/templates/read/metrics-svc.yaml +++ b/charts/bitnami/postgresql/templates/read/metrics-svc.yaml @@ -9,6 +9,7 @@ metadata: {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.metrics.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -16,6 +17,7 @@ metadata: {{- if .Values.metrics.service.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.metrics.service.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: type: ClusterIP sessionAffinity: {{ .Values.metrics.service.sessionAffinity }} diff --git a/charts/bitnami/postgresql/templates/read/statefulset.yaml b/charts/bitnami/postgresql/templates/read/statefulset.yaml index 80c8e8bba..6d35e4747 100644 --- a/charts/bitnami/postgresql/templates/read/statefulset.yaml +++ b/charts/bitnami/postgresql/templates/read/statefulset.yaml @@ -13,6 +13,7 @@ metadata: {{- if .Values.readReplicas.labels }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.labels "context" $ ) | nindent 4 }} {{- end }} + {{- if or .Values.commonAnnotations .Values.readReplicas.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -20,6 +21,7 @@ metadata: {{- if .Values.readReplicas.annotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.annotations "context" $ ) | nindent 4 }} {{- end }} + {{- end }} spec: replicas: {{ .Values.readReplicas.replicaCount }} serviceName: {{ include "postgresql.readReplica.svc.headless" . }} @@ -40,6 +42,7 @@ spec: {{- if .Values.readReplicas.podLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podLabels "context" $ ) | nindent 8 }} {{- end }} + {{- if or (include "postgresql.readReplicas.createExtendedConfigmap" .) .Values.readReplicas.podAnnotations }} annotations: {{- if (include "postgresql.readReplicas.createExtendedConfigmap" .) }} checksum/extended-configuration: {{ include (print $.Template.BasePath "/read/extended-configmap.yaml") . | sha256sum }} @@ -47,6 +50,7 @@ spec: {{- if .Values.readReplicas.podAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.podAnnotations "context" $ ) | nindent 8 }} {{- end }} + {{- end }} spec: {{- if .Values.readReplicas.extraPodSpec }} {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.extraPodSpec "context" $) | nindent 6 }} @@ -87,6 +91,7 @@ spec: {{- end }} hostNetwork: {{ .Values.readReplicas.hostNetwork }} hostIPC: {{ .Values.readReplicas.hostIPC }} + {{- if or (and .Values.tls.enabled (not .Values.volumePermissions.enabled)) (and .Values.volumePermissions.enabled (or .Values.readReplicas.persistence.enabled .Values.shmVolume.enabled)) .Values.readReplicas.initContainers }} initContainers: {{- if and .Values.tls.enabled (not .Values.volumePermissions.enabled) }} - name: copy-certs @@ -175,6 +180,7 @@ spec: {{- if .Values.readReplicas.initContainers }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.initContainers "context" $ ) | nindent 8 }} {{- end }} + {{- end }} containers: - name: postgresql image: {{ include "postgresql.image" . }} diff --git a/charts/bitnami/postgresql/templates/read/svc.yaml b/charts/bitnami/postgresql/templates/read/svc.yaml index 3eece4dbb..c308c3f60 100644 --- a/charts/bitnami/postgresql/templates/read/svc.yaml +++ b/charts/bitnami/postgresql/templates/read/svc.yaml @@ -9,6 +9,7 @@ metadata: {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} {{- end }} app.kubernetes.io/component: read + {{- if or .Values.commonAnnotations .Values.readReplicas.service.annotations }} annotations: {{- if .Values.commonAnnotations }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} @@ -16,6 +17,7 @@ metadata: {{- if .Values.readReplicas.service.annotations }} {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.service.annotations "context" $) | nindent 4 }} {{- end }} + {{- end }} spec: type: {{ .Values.readReplicas.service.type }} {{- if or (eq .Values.readReplicas.service.type "LoadBalancer") (eq .Values.readReplicas.service.type "NodePort") }} diff --git a/charts/bitnami/postgresql/templates/tls-secrets.yaml b/charts/bitnami/postgresql/templates/tls-secrets.yaml index 59c577647..482e29876 100644 --- a/charts/bitnami/postgresql/templates/tls-secrets.yaml +++ b/charts/bitnami/postgresql/templates/tls-secrets.yaml @@ -1,4 +1,5 @@ {{- if (include "postgresql.createTlsSecret" . ) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "postgresql-ca" 365 }} {{- $fullname := include "common.names.fullname" . }} {{- $releaseNamespace := .Release.Namespace }} @@ -6,11 +7,11 @@ {{- $primaryHeadlessServiceName := include "postgresql.primary.svc.headless" . }} {{- $readHeadlessServiceName := include "postgresql.readReplica.svc.headless" . }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $primaryHeadlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $readHeadlessServiceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -21,7 +22,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/postgresql/values.yaml b/charts/bitnami/postgresql/values.yaml index fbbc4c4ff..7bf35af20 100644 --- a/charts/bitnami/postgresql/values.yaml +++ b/charts/bitnami/postgresql/values.yaml @@ -95,7 +95,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 15.1.0-debian-11-r28 + tag: 15.1.0-debian-11-r31 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1130,7 +1130,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r76 + tag: 11-debian-11-r79 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1217,7 +1217,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.11.1-debian-11-r53 + tag: 0.11.1-debian-11-r55 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/redis/Chart.yaml b/charts/bitnami/redis/Chart.yaml index 92f9715fa..c8c599669 100644 --- a/charts/bitnami/redis/Chart.yaml +++ b/charts/bitnami/redis/Chart.yaml @@ -28,4 +28,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/containers/tree/main/bitnami/redis -version: 17.6.0 +version: 17.7.2 diff --git a/charts/bitnami/redis/README.md b/charts/bitnami/redis/README.md index 20373c910..988058f18 100644 --- a/charts/bitnami/redis/README.md +++ b/charts/bitnami/redis/README.md @@ -89,6 +89,7 @@ The command removes all the Kubernetes components associated with the chart and | `secretAnnotations` | Annotations to add to secret | `{}` | | `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | | `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `useHostnames` | Use hostnames internally when announcing replication | `true` | | `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | | `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | | `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | @@ -934,7 +935,7 @@ $ kubectl patch deployments my-release-redis-metrics --type=json -p='[{"op": "re ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/redis/templates/master/service.yaml b/charts/bitnami/redis/templates/master/service.yaml index c03fea702..c2fb9087a 100644 --- a/charts/bitnami/redis/templates/master/service.yaml +++ b/charts/bitnami/redis/templates/master/service.yaml @@ -30,7 +30,7 @@ spec: loadBalancerIP: {{ .Values.master.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.master.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }} clusterIP: {{ .Values.master.service.clusterIP }} diff --git a/charts/bitnami/redis/templates/replicas/service.yaml b/charts/bitnami/redis/templates/replicas/service.yaml index f2619266a..c0b6861a2 100644 --- a/charts/bitnami/redis/templates/replicas/service.yaml +++ b/charts/bitnami/redis/templates/replicas/service.yaml @@ -30,7 +30,7 @@ spec: loadBalancerIP: {{ .Values.replica.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.replica.service.type "LoadBalancer") (not (empty .Values.replica.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.replica.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.replica.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and .Values.replica.service.clusterIP (eq .Values.replica.service.type "ClusterIP") }} clusterIP: {{ .Values.replica.service.clusterIP }} diff --git a/charts/bitnami/redis/templates/scripts-configmap.yaml b/charts/bitnami/redis/templates/scripts-configmap.yaml index 39fcc5011..96e2f1a0a 100644 --- a/charts/bitnami/redis/templates/scripts-configmap.yaml +++ b/charts/bitnami/redis/templates/scripts-configmap.yaml @@ -44,11 +44,17 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } @@ -262,11 +268,17 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } @@ -426,13 +438,20 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } + run_sentinel_command() { if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" @@ -492,13 +511,20 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } + run_sentinel_command() { if is_boolean_yes "$REDIS_SENTINEL_TLS_ENABLED"; then {{ .Values.auth.sentinel | ternary "" "env -u REDISCLI_AUTH " -}} redis-cli -h "$REDIS_SERVICE" -p "$SENTINEL_SERVICE_PORT" --tls --cert "$REDIS_SENTINEL_TLS_CERT_FILE" --key "$REDIS_SENTINEL_TLS_KEY_FILE" --cacert "$REDIS_SENTINEL_TLS_CA_FILE" sentinel "$@" @@ -614,11 +640,17 @@ data: hostname="$1" {{- if .Values.useExternalDNS.enabled }} - echo "${hostname}.{{- include "redis.externalDNS.suffix" . }}" + full_hostname="${hostname}.{{- include "redis.externalDNS.suffix" . }}" {{- else if eq .Values.sentinel.service.type "NodePort" }} - echo "${hostname}.{{- .Release.Namespace }}" + full_hostname="${hostname}.{{- .Release.Namespace }}" {{- else }} - echo "${hostname}.${HEADLESS_SERVICE}" + full_hostname="${hostname}.${HEADLESS_SERVICE}" + {{- end }} + + {{- if .Values.useHostnames }} + echo "${full_hostname}" + {{- else }} + getent hosts "${full_hostname}" | awk '{ print $1 ; exit }' {{- end }} } diff --git a/charts/bitnami/redis/templates/sentinel/service.yaml b/charts/bitnami/redis/templates/sentinel/service.yaml index 362d681dc..ac5b41145 100644 --- a/charts/bitnami/redis/templates/sentinel/service.yaml +++ b/charts/bitnami/redis/templates/sentinel/service.yaml @@ -38,7 +38,7 @@ spec: loadBalancerIP: {{ .Values.sentinel.service.loadBalancerIP }} {{- end }} {{- if and (eq .Values.sentinel.service.type "LoadBalancer") (not (empty .Values.sentinel.service.loadBalancerSourceRanges)) }} - loadBalancerSourceRanges: {{ .Values.sentinel.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: {{ toYaml .Values.sentinel.service.loadBalancerSourceRanges | nindent 4 }} {{- end }} {{- if and .Values.sentinel.service.clusterIP (eq .Values.sentinel.service.type "ClusterIP") }} clusterIP: {{ .Values.sentinel.service.clusterIP }} diff --git a/charts/bitnami/redis/templates/tls-secret.yaml b/charts/bitnami/redis/templates/tls-secret.yaml index 4f9c39b85..3479370a4 100644 --- a/charts/bitnami/redis/templates/tls-secret.yaml +++ b/charts/bitnami/redis/templates/tls-secret.yaml @@ -1,6 +1,5 @@ {{- if (include "redis.createTlsSecret" .) }} {{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} -{{- $existingCerts := (lookup "v1" "Secret" .Release.Namespace $secretName).data | default dict }} {{- $ca := genCA "redis-ca" 365 }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} @@ -9,7 +8,7 @@ {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} {{- $masterServiceName := printf "%s-master" (include "common.names.fullname" .) }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: @@ -24,7 +23,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ (get $existingCerts "ca.crt") | default ($ca.Cert | b64enc | quote ) }} - tls.crt: {{ (get $existingCerts "tls.crt") | default ($crt.Cert | b64enc | quote) }} - tls.key: {{ (get $existingCerts "tls.key") | default ($crt.Key | b64enc | quote) }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/redis/values.yaml b/charts/bitnami/redis/values.yaml index 2bbc7e4f6..3f5cd463f 100644 --- a/charts/bitnami/redis/values.yaml +++ b/charts/bitnami/redis/values.yaml @@ -47,6 +47,9 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] +## @param useHostnames Use hostnames internally when announcing replication +### +useHostnames: true ## Enable diagnostic mode in the deployment ## diff --git a/charts/bitnami/spark/Chart.yaml b/charts/bitnami/spark/Chart.yaml index 61eadb7a6..94b29d45f 100644 --- a/charts/bitnami/spark/Chart.yaml +++ b/charts/bitnami/spark/Chart.yaml @@ -28,4 +28,4 @@ name: spark sources: - https://github.com/bitnami/containers/tree/main/bitnami/spark - https://spark.apache.org/ -version: 6.3.15 +version: 6.3.16 diff --git a/charts/bitnami/spark/templates/tls-secrets.yaml b/charts/bitnami/spark/templates/tls-secrets.yaml index 9687b878f..08b75a650 100644 --- a/charts/bitnami/spark/templates/tls-secrets.yaml +++ b/charts/bitnami/spark/templates/tls-secrets.yaml @@ -21,12 +21,13 @@ data: {{- end }} {{- end }} {{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} {{- $ca := genCA "spark-ca" 365 }} {{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} + name: {{ $secretName }} namespace: {{ include "common.names.namespace" . | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -37,12 +38,13 @@ metadata: {{- end }} type: kubernetes.io/tls data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- end }} {{- if (include "spark.createTlsSecret" . ) }} +{{- $secretName := printf "%s-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "spark-internal-ca" 365 }} {{- $releaseNamespace := include "common.names.namespace" . }} {{- $clusterDomain := .Values.clusterDomain }} @@ -50,12 +52,12 @@ data: {{- $headlessServiceName := printf "%s-headless" ( include "common.names.fullname" . ) }} {{- $masterServiceName := printf "%s-master-svc" (include "common.names.fullname" .) }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} --- apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-crt" (include "common.names.fullname" .) }} + name: {{ $secretName }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} @@ -65,7 +67,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/tomcat/Chart.yaml b/charts/bitnami/tomcat/Chart.yaml index 4e81b01e4..e730ffecc 100644 --- a/charts/bitnami/tomcat/Chart.yaml +++ b/charts/bitnami/tomcat/Chart.yaml @@ -32,4 +32,4 @@ name: tomcat sources: - https://github.com/bitnami/containers/tree/main/bitnami/tomcat - http://tomcat.apache.org -version: 10.5.9 +version: 10.5.14 diff --git a/charts/bitnami/tomcat/README.md b/charts/bitnami/tomcat/README.md index 30e185aeb..75930106b 100644 --- a/charts/bitnami/tomcat/README.md +++ b/charts/bitnami/tomcat/README.md @@ -79,25 +79,25 @@ The command removes all the Kubernetes components associated with the chart and ### Tomcat parameters -| Name | Description | Value | -| ----------------------------- | ------------------------------------------------------------------------------------------------------ | --------------------- | -| `image.registry` | Tomcat image registry | `docker.io` | -| `image.repository` | Tomcat image repository | `bitnami/tomcat` | -| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r4` | -| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `tomcatUsername` | Tomcat admin user | `user` | -| `tomcatPassword` | Tomcat admin password | `""` | -| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` | -| `catalinaOpts` | Java runtime option used by tomcat JVM | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | +| Name | Description | Value | +| ----------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------------- | +| `image.registry` | Tomcat image registry | `docker.io` | +| `image.repository` | Tomcat image repository | `bitnami/tomcat` | +| `image.tag` | Tomcat image tag (immutable tags are recommended) | `10.1.5-debian-11-r12` | +| `image.digest` | Tomcat image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Tomcat image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `tomcatUsername` | Tomcat admin user | `user` | +| `tomcatPassword` | Tomcat admin password | `""` | +| `tomcatAllowRemoteManagement` | Enable remote access to management interface | `0` | +| `catalinaOpts` | Java runtime option used by tomcat JVM | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | Extra environment variables to be set on Tomcat container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra environment variables | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra environment variables | `""` | ### Tomcat deployment parameters @@ -207,7 +207,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r74` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `11-debian-11-r79` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -223,7 +223,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.jmx.catalinaOpts` | custom option used to enabled JMX on tomcat jvm evaluated as template | `-Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=5555 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.local.only=true` | | `metrics.jmx.image.registry` | JMX exporter image registry | `docker.io` | | `metrics.jmx.image.repository` | JMX exporter image repository | `bitnami/jmx-exporter` | -| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r40` | +| `metrics.jmx.image.tag` | JMX exporter image tag (immutable tags are recommended) | `0.17.2-debian-11-r45` | | `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | | `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -390,7 +390,7 @@ $ kubectl patch deployment tomcat --type=json -p='[{"op": "remove", "path": "/sp ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/tomcat/templates/tls-secrets.yaml b/charts/bitnami/tomcat/templates/tls-secrets.yaml index 0087dd412..1dfc255a8 100644 --- a/charts/bitnami/tomcat/templates/tls-secrets.yaml +++ b/charts/bitnami/tomcat/templates/tls-secrets.yaml @@ -21,12 +21,13 @@ data: {{- end }} {{- end }} {{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} {{- $ca := genCA "tomcat-ca" 365 }} {{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -37,8 +38,8 @@ metadata: {{- end }} type: kubernetes.io/tls data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- end }} diff --git a/charts/bitnami/tomcat/values.yaml b/charts/bitnami/tomcat/values.yaml index 28f2cd9b8..9b05b77ea 100644 --- a/charts/bitnami/tomcat/values.yaml +++ b/charts/bitnami/tomcat/values.yaml @@ -58,7 +58,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/tomcat - tag: 10.1.5-debian-11-r4 + tag: 10.1.5-debian-11-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -576,7 +576,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r74 + tag: 11-debian-11-r79 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -636,7 +636,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.17.2-debian-11-r40 + tag: 0.17.2-debian-11-r45 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' diff --git a/charts/bitnami/wordpress/Chart.lock b/charts/bitnami/wordpress/Chart.lock index 09cf6599b..18666eb50 100644 --- a/charts/bitnami/wordpress/Chart.lock +++ b/charts/bitnami/wordpress/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 6.3.5 - name: mariadb repository: https://charts.bitnami.com/bitnami - version: 11.4.4 + version: 11.4.5 - name: common repository: https://charts.bitnami.com/bitnami version: 2.2.2 -digest: sha256:a917b459cd4db5baea69506921dd13e699f8a1a330fbe76bb80d24f668874d9d -generated: "2023-01-19T00:46:08.195009985Z" +digest: sha256:ec3e466caf2f2204b19e2ececdfa7e0f398cebd6518b4467414a3a503c6b58a6 +generated: "2023-01-31T18:29:29.691174539Z" diff --git a/charts/bitnami/wordpress/Chart.yaml b/charts/bitnami/wordpress/Chart.yaml index eb37a8879..1aa335d37 100644 --- a/charts/bitnami/wordpress/Chart.yaml +++ b/charts/bitnami/wordpress/Chart.yaml @@ -41,4 +41,4 @@ name: wordpress sources: - https://github.com/bitnami/containers/tree/main/bitnami/wordpress - https://wordpress.org/ -version: 15.2.35 +version: 15.2.38 diff --git a/charts/bitnami/wordpress/README.md b/charts/bitnami/wordpress/README.md index b561ba2ef..b6d5b983d 100644 --- a/charts/bitnami/wordpress/README.md +++ b/charts/bitnami/wordpress/README.md @@ -7,7 +7,7 @@ WordPress is the world's most popular blogging and content management platform. [Overview of WordPress](http://www.wordpress.org) - + ## TL;DR ```console @@ -86,7 +86,7 @@ The command removes all the Kubernetes components associated with the chart and | ------------------- | --------------------------------------------------------------------------------------------------------- | --------------------- | | `image.registry` | WordPress image registry | `docker.io` | | `image.repository` | WordPress image repository | `bitnami/wordpress` | -| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r34` | +| `image.tag` | WordPress image tag (immutable tags are recommended) | `6.1.1-debian-11-r40` | | `image.digest` | WordPress image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | WordPress image pull policy | `IfNotPresent` | | `image.pullSecrets` | WordPress image pull secrets | `[]` | @@ -257,7 +257,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | | `volumePermissions.image.registry` | Bitnami Shell image registry | `docker.io` | | `volumePermissions.image.repository` | Bitnami Shell image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r74` | +| `volumePermissions.image.tag` | Bitnami Shell image tag (immutable tags are recommended) | `11-debian-11-r79` | | `volumePermissions.image.digest` | Bitnami Shell image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Bitnami Shell image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Bitnami Shell image pull secrets | `[]` | @@ -291,7 +291,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.enabled` | Start a sidecar prometheus exporter to expose metrics | `false` | | `metrics.image.registry` | Apache exporter image registry | `docker.io` | | `metrics.image.repository` | Apache exporter image repository | `bitnami/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.11.0-debian-11-r84` | +| `metrics.image.tag` | Apache exporter image tag (immutable tags are recommended) | `0.11.0-debian-11-r88` | | `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `metrics.image.pullPolicy` | Apache exporter image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Apache exporter image pull secrets | `[]` | @@ -633,7 +633,7 @@ $ kubectl delete statefulset wordpress-mariadb --cascade=false ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml index 18aaa8516..406efffe6 100644 --- a/charts/bitnami/wordpress/charts/mariadb/Chart.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/Chart.yaml @@ -28,4 +28,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/mariadb - https://github.com/prometheus/mysqld_exporter - https://mariadb.org -version: 11.4.4 +version: 11.4.5 diff --git a/charts/bitnami/wordpress/charts/mariadb/README.md b/charts/bitnami/wordpress/charts/mariadb/README.md index 381149316..d9236ee13 100644 --- a/charts/bitnami/wordpress/charts/mariadb/README.md +++ b/charts/bitnami/wordpress/charts/mariadb/README.md @@ -7,10 +7,10 @@ MariaDB is an open source, community-developed SQL database server that is widel [Overview of MariaDB](https://mariadb.org/) Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement. - + ## TL;DR -```bash +```console $ helm repo add my-repo https://charts.bitnami.com/bitnami $ helm install my-release my-repo/mariadb ``` @@ -33,7 +33,8 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment To install the chart with the release name `my-release`: -```bash +```console +$ helm repo add my-repo https://charts.bitnami.com/bitnami $ helm install my-release my-repo/mariadb ``` @@ -45,7 +46,7 @@ The command deploys MariaDB on the Kubernetes cluster in the default configurati To uninstall/delete the `my-release` deployment: -```bash +```console $ helm delete my-release ``` @@ -108,184 +109,188 @@ The command removes all the Kubernetes components associated with the chart and ### MariaDB Primary parameters -| Name | Description | Value | -| ----------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- | -| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | -| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` | -| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` | -| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` | -| `primary.hostAliases` | Add deployment host aliases | `[]` | -| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` | -| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` | -| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` | -| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` | -| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` | -| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` | -| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` | -| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | -| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` | -| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` | -| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` | -| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` | -| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` | -| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` | -| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` | -| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` | -| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | -| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | -| `primary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | -| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | -| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | -| `primary.startupProbe.enabled` | Enable startupProbe | `false` | -| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | -| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | -| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` | -| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` | -| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` | -| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` | -| `primary.extraFlags` | MariaDB primary additional command line flags | `""` | -| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` | -| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` | -| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` | -| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | -| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | -| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | -| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` | -| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` | -| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` | -| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` | -| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` | -| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` | -| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` | -| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` | -| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` | -| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` | -| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` | -| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` | -| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` | -| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` | -| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` | -| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` | -| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | +| Name | Description | Value | +| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------- | ------------------- | +| `primary.name` | Name of the primary database (eg primary, master, leader, ...) | `primary` | +| `primary.command` | Override default container command on MariaDB Primary container(s) (useful when using custom images) | `[]` | +| `primary.args` | Override default container args on MariaDB Primary container(s) (useful when using custom images) | `[]` | +| `primary.lifecycleHooks` | for the MariaDB Primary container(s) to automate configuration before or after startup | `{}` | +| `primary.hostAliases` | Add deployment host aliases | `[]` | +| `primary.configuration` | MariaDB Primary configuration to be injected as ConfigMap | `""` | +| `primary.existingConfigmap` | Name of existing ConfigMap with MariaDB Primary configuration. | `""` | +| `primary.updateStrategy.type` | MariaDB primary statefulset strategy type | `RollingUpdate` | +| `primary.rollingUpdatePartition` | Partition update strategy for Mariadb Primary statefulset | `""` | +| `primary.podAnnotations` | Additional pod annotations for MariaDB primary pods | `{}` | +| `primary.podLabels` | Extra labels for MariaDB primary pods | `{}` | +| `primary.podAffinityPreset` | MariaDB primary pod affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.podAntiAffinityPreset` | MariaDB primary pod anti-affinity preset. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `primary.nodeAffinityPreset.type` | MariaDB primary node affinity preset type. Ignored if `primary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `primary.nodeAffinityPreset.key` | MariaDB primary node label key to match Ignored if `primary.affinity` is set. | `""` | +| `primary.nodeAffinityPreset.values` | MariaDB primary node label values to match. Ignored if `primary.affinity` is set. | `[]` | +| `primary.affinity` | Affinity for MariaDB primary pods assignment | `{}` | +| `primary.nodeSelector` | Node labels for MariaDB primary pods assignment | `{}` | +| `primary.tolerations` | Tolerations for MariaDB primary pods assignment | `[]` | +| `primary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `primary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB primary pods | `""` | +| `primary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB primary pods assignment | `[]` | +| `primary.priorityClassName` | Priority class for MariaDB primary pods assignment | `""` | +| `primary.runtimeClassName` | Runtime Class for MariaDB primary pods | `""` | +| `primary.podSecurityContext.enabled` | Enable security context for MariaDB primary pods | `true` | +| `primary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `primary.containerSecurityContext.enabled` | MariaDB primary container securityContext | `true` | +| `primary.containerSecurityContext.runAsUser` | User ID for the MariaDB primary container | `1001` | +| `primary.containerSecurityContext.runAsNonRoot` | Set primary container's Security Context runAsNonRoot | `true` | +| `primary.containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | +| `primary.containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `primary.resources.limits` | The resources limits for MariaDB primary containers | `{}` | +| `primary.resources.requests` | The requested resources for MariaDB primary containers | `{}` | +| `primary.startupProbe.enabled` | Enable startupProbe | `false` | +| `primary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | +| `primary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | +| `primary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `primary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | +| `primary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `primary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `primary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `primary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `primary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `primary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `primary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `primary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `primary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `primary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `primary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `primary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `primary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `primary.customStartupProbe` | Override default startup probe for MariaDB primary containers | `{}` | +| `primary.customLivenessProbe` | Override default liveness probe for MariaDB primary containers | `{}` | +| `primary.customReadinessProbe` | Override default readiness probe for MariaDB primary containers | `{}` | +| `primary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB primary containers | `{}` | +| `primary.extraFlags` | MariaDB primary additional command line flags | `""` | +| `primary.extraEnvVars` | Extra environment variables to be set on MariaDB primary containers | `[]` | +| `primary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB primary containers | `""` | +| `primary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB primary containers | `""` | +| `primary.persistence.enabled` | Enable persistence on MariaDB primary replicas using a `PersistentVolumeClaim`. If false, use emptyDir | `true` | +| `primary.persistence.existingClaim` | Name of an existing `PersistentVolumeClaim` for MariaDB primary replicas | `""` | +| `primary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `primary.persistence.storageClass` | MariaDB primary persistent volume storage Class | `""` | +| `primary.persistence.annotations` | MariaDB primary persistent volume claim annotations | `{}` | +| `primary.persistence.accessModes` | MariaDB primary persistent volume access Modes | `["ReadWriteOnce"]` | +| `primary.persistence.size` | MariaDB primary persistent volume size | `8Gi` | +| `primary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `primary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB Primary pod(s) | `[]` | +| `primary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB Primary container(s) | `[]` | +| `primary.initContainers` | Add additional init containers for the MariaDB Primary pod(s) | `[]` | +| `primary.sidecars` | Add additional sidecar containers for the MariaDB Primary pod(s) | `[]` | +| `primary.service.type` | MariaDB Primary Kubernetes service type | `ClusterIP` | +| `primary.service.ports.mysql` | MariaDB Primary Kubernetes service port for MariaDB | `3306` | +| `primary.service.ports.metrics` | MariaDB Primary Kubernetes service port for metrics | `9104` | +| `primary.service.nodePorts.mysql` | MariaDB Primary Kubernetes service node port | `""` | +| `primary.service.clusterIP` | MariaDB Primary Kubernetes service clusterIP IP | `""` | +| `primary.service.loadBalancerIP` | MariaDB Primary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `primary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `primary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB Primary service is LoadBalancer | `[]` | +| `primary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `primary.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `primary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `primary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `primary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB primary pods | `false` | +| `primary.pdb.minAvailable` | Minimum number/percentage of MariaDB primary pods that must still be available after the eviction | `1` | +| `primary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB primary pods that can be unavailable after the eviction | `""` | +| `primary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | ### MariaDB Secondary parameters -| Name | Description | Value | -| ------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | -| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` | -| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` | -| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` | -| `secondary.hostAliases` | Add deployment host aliases | `[]` | -| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` | -| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` | -| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` | -| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` | -| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` | -| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` | -| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | -| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | -| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` | -| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` | -| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` | -| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` | -| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` | -| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` | -| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` | -| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` | -| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | -| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | -| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | -| `secondary.containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | -| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | -| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | -| `secondary.startupProbe.enabled` | Enable startupProbe | `false` | -| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | -| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | -| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | -| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` | -| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` | -| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` | -| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` | -| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` | -| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` | -| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` | -| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` | -| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` | -| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | -| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` | -| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` | -| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` | -| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` | -| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | -| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` | -| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` | -| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` | -| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` | -| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` | -| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` | -| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` | -| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` | -| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` | -| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` | -| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` | -| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` | -| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` | -| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` | -| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | +| Name | Description | Value | +| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `secondary.name` | Name of the secondary database (eg secondary, slave, ...) | `secondary` | +| `secondary.replicaCount` | Number of MariaDB secondary replicas | `1` | +| `secondary.command` | Override default container command on MariaDB Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.args` | Override default container args on MariaDB Secondary container(s) (useful when using custom images) | `[]` | +| `secondary.lifecycleHooks` | for the MariaDB Secondary container(s) to automate configuration before or after startup | `{}` | +| `secondary.hostAliases` | Add deployment host aliases | `[]` | +| `secondary.configuration` | MariaDB Secondary configuration to be injected as ConfigMap | `""` | +| `secondary.existingConfigmap` | Name of existing ConfigMap with MariaDB Secondary configuration. | `""` | +| `secondary.updateStrategy.type` | MariaDB secondary statefulset strategy type | `RollingUpdate` | +| `secondary.rollingUpdatePartition` | Partition update strategy for Mariadb Secondary statefulset | `""` | +| `secondary.podAnnotations` | Additional pod annotations for MariaDB secondary pods | `{}` | +| `secondary.podLabels` | Extra labels for MariaDB secondary pods | `{}` | +| `secondary.podAffinityPreset` | MariaDB secondary pod affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.podAntiAffinityPreset` | MariaDB secondary pod anti-affinity preset. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `secondary.nodeAffinityPreset.type` | MariaDB secondary node affinity preset type. Ignored if `secondary.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `secondary.nodeAffinityPreset.key` | MariaDB secondary node label key to match Ignored if `secondary.affinity` is set. | `""` | +| `secondary.nodeAffinityPreset.values` | MariaDB secondary node label values to match. Ignored if `secondary.affinity` is set. | `[]` | +| `secondary.affinity` | Affinity for MariaDB secondary pods assignment | `{}` | +| `secondary.nodeSelector` | Node labels for MariaDB secondary pods assignment | `{}` | +| `secondary.tolerations` | Tolerations for MariaDB secondary pods assignment | `[]` | +| `secondary.topologySpreadConstraints` | Topology Spread Constraints for MariaDB secondary pods assignment | `[]` | +| `secondary.priorityClassName` | Priority class for MariaDB secondary pods assignment | `""` | +| `secondary.runtimeClassName` | Runtime Class for MariaDB secondary pods | `""` | +| `secondary.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `secondary.podManagementPolicy` | podManagementPolicy to manage scaling operation of MariaDB secondary pods | `""` | +| `secondary.podSecurityContext.enabled` | Enable security context for MariaDB secondary pods | `true` | +| `secondary.podSecurityContext.fsGroup` | Group ID for the mounted volumes' filesystem | `1001` | +| `secondary.containerSecurityContext.enabled` | MariaDB secondary container securityContext | `true` | +| `secondary.containerSecurityContext.runAsUser` | User ID for the MariaDB secondary container | `1001` | +| `secondary.containerSecurityContext.runAsNonRoot` | Set secondary container's Security Context runAsNonRoot | `true` | +| `secondary.containerSecurityContext.privileged` | Set secondary container's Security Context privileged | `false` | +| `secondary.containerSecurityContext.allowPrivilegeEscalation` | Set secondary container's Security Context allowPrivilegeEscalation | `false` | +| `secondary.resources.limits` | The resources limits for MariaDB secondary containers | `{}` | +| `secondary.resources.requests` | The requested resources for MariaDB secondary containers | `{}` | +| `secondary.startupProbe.enabled` | Enable startupProbe | `false` | +| `secondary.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `120` | +| `secondary.startupProbe.periodSeconds` | Period seconds for startupProbe | `15` | +| `secondary.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `secondary.startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | +| `secondary.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `secondary.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `secondary.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `secondary.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `secondary.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `secondary.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `secondary.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `secondary.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `secondary.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `secondary.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `secondary.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `secondary.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `secondary.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `secondary.customStartupProbe` | Override default startup probe for MariaDB secondary containers | `{}` | +| `secondary.customLivenessProbe` | Override default liveness probe for MariaDB secondary containers | `{}` | +| `secondary.customReadinessProbe` | Override default readiness probe for MariaDB secondary containers | `{}` | +| `secondary.startupWaitOptions` | Override default builtin startup wait check options for MariaDB secondary containers | `{}` | +| `secondary.extraFlags` | MariaDB secondary additional command line flags | `""` | +| `secondary.extraEnvVars` | Extra environment variables to be set on MariaDB secondary containers | `[]` | +| `secondary.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for MariaDB secondary containers | `""` | +| `secondary.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for MariaDB secondary containers | `""` | +| `secondary.persistence.enabled` | Enable persistence on MariaDB secondary replicas using a `PersistentVolumeClaim` | `true` | +| `secondary.persistence.subPath` | Subdirectory of the volume to mount at | `""` | +| `secondary.persistence.storageClass` | MariaDB secondary persistent volume storage Class | `""` | +| `secondary.persistence.annotations` | MariaDB secondary persistent volume claim annotations | `{}` | +| `secondary.persistence.accessModes` | MariaDB secondary persistent volume access Modes | `["ReadWriteOnce"]` | +| `secondary.persistence.size` | MariaDB secondary persistent volume size | `8Gi` | +| `secondary.persistence.selector` | Selector to match an existing Persistent Volume | `{}` | +| `secondary.extraVolumes` | Optionally specify extra list of additional volumes to the MariaDB secondary pod(s) | `[]` | +| `secondary.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB secondary container(s) | `[]` | +| `secondary.initContainers` | Add additional init containers for the MariaDB secondary pod(s) | `[]` | +| `secondary.sidecars` | Add additional sidecar containers for the MariaDB secondary pod(s) | `[]` | +| `secondary.service.type` | MariaDB secondary Kubernetes service type | `ClusterIP` | +| `secondary.service.ports.mysql` | MariaDB secondary Kubernetes service port for MariaDB | `3306` | +| `secondary.service.ports.metrics` | MariaDB secondary Kubernetes service port for metrics | `9104` | +| `secondary.service.nodePorts.mysql` | MariaDB secondary Kubernetes service node port | `""` | +| `secondary.service.clusterIP` | MariaDB secondary Kubernetes service clusterIP IP | `""` | +| `secondary.service.loadBalancerIP` | MariaDB secondary loadBalancerIP if service type is `LoadBalancer` | `""` | +| `secondary.service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `secondary.service.loadBalancerSourceRanges` | Address that are allowed when MariaDB secondary service is LoadBalancer | `[]` | +| `secondary.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `secondary.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `secondary.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `secondary.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `secondary.pdb.create` | Enable/disable a Pod Disruption Budget creation for MariaDB secondary pods | `false` | +| `secondary.pdb.minAvailable` | Minimum number/percentage of MariaDB secondary pods that should remain scheduled | `1` | +| `secondary.pdb.maxUnavailable` | Maximum number/percentage of MariaDB secondary pods that may be made unavailable | `""` | +| `secondary.revisionHistoryLimit` | Maximum number of revisions that will be maintained in the StatefulSet | `10` | ### RBAC parameters @@ -316,47 +321,49 @@ The command removes all the Kubernetes components associated with the chart and ### Metrics parameters -| Name | Description | Value | -| -------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Exporter image registry | `docker.io` | -| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | -| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` | -| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.annotations` | Annotations for the Exporter pod | `{}` | -| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | -| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | -| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | -| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | -| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | -| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | -| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | -| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | -| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Exporter image registry | `docker.io` | +| `metrics.image.repository` | Exporter image repository | `bitnami/mysqld-exporter` | +| `metrics.image.tag` | Exporter image tag (immutable tags are recommended) | `0.14.0-debian-11-r77` | +| `metrics.image.digest` | Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.annotations` | Annotations for the Exporter pod | `{}` | +| `metrics.extraArgs` | Extra args to be passed to mysqld_exporter | `{}` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the MariaDB metrics container(s) | `{}` | +| `metrics.containerSecurityContext.enabled` | Enable security context for MariaDB metrics container | `false` | +| `metrics.containerSecurityContext.privileged` | Set metrics container's Security Context privileged | `false` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set metrics container's Security Context allowPrivilegeEscalation | `false` | +| `metrics.resources.limits` | The resources limits for MariaDB prometheus exporter containers | `{}` | +| `metrics.resources.requests` | The requested resources for MariaDB prometheus exporter containers | `{}` | +| `metrics.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `metrics.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `metrics.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `metrics.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `metrics.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `metrics.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `metrics.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `metrics.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `metrics.serviceMonitor.scrapeTimeout` | Specify the timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | ### NetworkPolicy parameters @@ -383,7 +390,7 @@ The above parameters map to the env variables defined in [bitnami/mariadb](https Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, -```bash +```console $ helm install my-release \ --set auth.rootPassword=secretpassword,auth.database=app_database \ my-repo/mariadb @@ -395,7 +402,7 @@ The above command sets the MariaDB `root` account password to `secretpassword`. Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, -```bash +```console $ helm install my-release -f values.yaml my-repo/mariadb ``` @@ -455,7 +462,7 @@ Find more information about how to deal with common errors related to Bitnami's It's necessary to set the `auth.rootPassword` parameter when upgrading for readiness/liveness probes to work properly. When you install this chart for the first time, some notes will be displayed providing the credentials you must use under the 'Administrator credentials' section. Please note down the password and run the command below to upgrade your chart: -```bash +```console $ helm upgrade my-release my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] ``` @@ -512,7 +519,7 @@ Backwards compatibility is not guaranteed. To upgrade to `8.0.0`, install a new - Create a backup of the database, and restore it on the new release using tools such as [mysqldump](https://mariadb.com/kb/en/mysqldump/). - Reuse the PVC used to hold the master data on your previous release. To do so, use the `primary.persistence.existingClaim` parameter. The following example assumes that the release name is `mariadb`: -```bash +```console $ helm install mariadb my-repo/mariadb --set auth.rootPassword=[ROOT_PASSWORD] --set primary.persistence.existingClaim=[EXISTING_PVC] ``` diff --git a/charts/bitnami/wordpress/charts/mariadb/values.yaml b/charts/bitnami/wordpress/charts/mariadb/values.yaml index 5050374c6..dc40d203b 100644 --- a/charts/bitnami/wordpress/charts/mariadb/values.yaml +++ b/charts/bitnami/wordpress/charts/mariadb/values.yaml @@ -313,12 +313,16 @@ primary: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param primary.containerSecurityContext.enabled MariaDB primary container securityContext ## @param primary.containerSecurityContext.runAsUser User ID for the MariaDB primary container - ## @param primary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot + ## @param primary.containerSecurityContext.runAsNonRoot Set primary container's Security Context runAsNonRoot + ## @param primary.containerSecurityContext.privileged Set primary container's Security Context privileged + ## @param primary.containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false ## MariaDB primary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -702,12 +706,16 @@ secondary: ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param secondary.containerSecurityContext.enabled MariaDB secondary container securityContext ## @param secondary.containerSecurityContext.runAsUser User ID for the MariaDB secondary container - ## @param secondary.containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot + ## @param secondary.containerSecurityContext.runAsNonRoot Set secondary container's Security Context runAsNonRoot + ## @param secondary.containerSecurityContext.privileged Set secondary container's Security Context privileged + ## @param secondary.containerSecurityContext.allowPrivilegeEscalation Set secondary container's Security Context allowPrivilegeEscalation ## containerSecurityContext: enabled: true runAsUser: 1001 runAsNonRoot: true + privileged: false + allowPrivilegeEscalation: false ## MariaDB secondary container's resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -1081,6 +1089,8 @@ metrics: ## MariaDB metrics container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container + ## @param metrics.containerSecurityContext.privileged Set metrics container's Security Context privileged + ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set metrics container's Security Context allowPrivilegeEscalation ## Example: ## containerSecurityContext: ## enabled: true @@ -1090,6 +1100,8 @@ metrics: ## containerSecurityContext: enabled: false + privileged: false + allowPrivilegeEscalation: false ## Mysqld Prometheus exporter resource requests and limits ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious diff --git a/charts/bitnami/wordpress/templates/tls-secrets.yaml b/charts/bitnami/wordpress/templates/tls-secrets.yaml index 0aa734a2d..0805d18eb 100644 --- a/charts/bitnami/wordpress/templates/tls-secrets.yaml +++ b/charts/bitnami/wordpress/templates/tls-secrets.yaml @@ -21,12 +21,13 @@ data: {{- end }} {{- end }} {{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $secretName := printf "%s-tls" .Values.ingress.hostname }} {{- $ca := genCA "wordpress-ca" 365 }} {{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-tls" .Values.ingress.hostname }} + name: {{ $secretName }} namespace: {{ .Release.Namespace | quote }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -37,8 +38,8 @@ metadata: {{- end }} type: kubernetes.io/tls data: - tls.crt: {{ $cert.Cert | b64enc | quote }} - tls.key: {{ $cert.Key | b64enc | quote }} - ca.crt: {{ $ca.Cert | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- end }} diff --git a/charts/bitnami/wordpress/values.yaml b/charts/bitnami/wordpress/values.yaml index d69fabb22..e6a3e5426 100644 --- a/charts/bitnami/wordpress/values.yaml +++ b/charts/bitnami/wordpress/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wordpress - tag: 6.1.1-debian-11-r34 + tag: 6.1.1-debian-11-r40 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -759,7 +759,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r74 + tag: 11-debian-11-r79 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -853,7 +853,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 0.11.0-debian-11-r84 + tag: 0.11.0-debian-11-r88 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/bitnami/zookeeper/Chart.yaml b/charts/bitnami/zookeeper/Chart.yaml index cf43bda42..b33976b57 100644 --- a/charts/bitnami/zookeeper/Chart.yaml +++ b/charts/bitnami/zookeeper/Chart.yaml @@ -4,10 +4,9 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: zookeeper category: Infrastructure - licenses: | - - Apache-2.0 + licenses: Apache-2.0 apiVersion: v2 -appVersion: 3.8.0 +appVersion: 3.8.1 dependencies: - name: common repository: file://./charts/common @@ -27,4 +26,4 @@ name: zookeeper sources: - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper - https://zookeeper.apache.org/ -version: 11.1.0 +version: 11.1.2 diff --git a/charts/bitnami/zookeeper/README.md b/charts/bitnami/zookeeper/README.md index 7a1c17ffb..a6714635f 100644 --- a/charts/bitnami/zookeeper/README.md +++ b/charts/bitnami/zookeeper/README.md @@ -84,7 +84,7 @@ The command removes all the Kubernetes components associated with the chart and | ----------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----------------------- | | `image.registry` | ZooKeeper image registry | `docker.io` | | `image.repository` | ZooKeeper image repository | `bitnami/zookeeper` | -| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.0-debian-11-r74` | +| `image.tag` | ZooKeeper image tag (immutable tags are recommended) | `3.8.1-debian-11-r0` | | `image.digest` | ZooKeeper image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `image.pullPolicy` | ZooKeeper image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | @@ -255,7 +255,7 @@ The command removes all the Kubernetes components associated with the chart and | `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image repository | `bitnami/bitnami-shell` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r69` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag (immutable tags are recommended) | `11-debian-11-r77` | | `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | | `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | @@ -518,7 +518,7 @@ $ kubectl delete statefulset zookeeper-zookeeper --cascade=false ## License -Copyright © 2022 Bitnami +Copyright © 2023 Bitnami Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/charts/bitnami/zookeeper/templates/tls-secrets.yaml b/charts/bitnami/zookeeper/templates/tls-secrets.yaml index a07480d55..3d7e15926 100644 --- a/charts/bitnami/zookeeper/templates/tls-secrets.yaml +++ b/charts/bitnami/zookeeper/templates/tls-secrets.yaml @@ -1,4 +1,5 @@ {{- if (include "zookeeper.client.createTlsSecret" .) }} +{{- $secretName := printf "%s-client-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "zookeeper-client-ca" 365 }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} @@ -6,11 +7,11 @@ {{- $serviceName := include "common.names.fullname" . }} {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) "127.0.0.1" "localhost" $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-client-crt + name: {{ $secretName }} namespace: {{ template "zookeeper.namespace" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -21,11 +22,12 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} {{- if (include "zookeeper.quorum.createTlsSecret" .) }} +{{- $secretName := printf "%s-quorum-crt" (include "common.names.fullname" .) }} {{- $ca := genCA "zookeeper-quorum-ca" 365 }} {{- $releaseNamespace := .Release.Namespace }} {{- $clusterDomain := .Values.clusterDomain }} @@ -33,12 +35,12 @@ data: {{- $serviceName := include "common.names.fullname" . }} {{- $headlessServiceName := printf "%s-headless" (include "common.names.fullname" .) }} {{- $altNames := list (printf "*.%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $headlessServiceName $releaseNamespace $clusterDomain) (printf "*.%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $serviceName $releaseNamespace $clusterDomain) $fullname }} -{{- $crt := genSignedCert $fullname nil $altNames 365 $ca }} +{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }} --- apiVersion: v1 kind: Secret metadata: - name: {{ include "common.names.fullname" . }}-quorum-crt + name: {{ $secretName }} namespace: {{ template "zookeeper.namespace" . }} labels: {{- include "common.labels.standard" . | nindent 4 }} {{- if .Values.commonLabels }} @@ -49,7 +51,7 @@ metadata: {{- end }} type: kubernetes.io/tls data: - ca.crt: {{ $ca.Cert | b64enc | quote }} - tls.crt: {{ $crt.Cert | b64enc | quote }} - tls.key: {{ $crt.Key | b64enc | quote }} + tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }} + tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }} + ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }} {{- end }} diff --git a/charts/bitnami/zookeeper/values.yaml b/charts/bitnami/zookeeper/values.yaml index b9d59000d..abfdf67ab 100644 --- a/charts/bitnami/zookeeper/values.yaml +++ b/charts/bitnami/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.0-debian-11-r74 + tag: 3.8.1-debian-11-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -660,7 +660,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/bitnami-shell - tag: 11-debian-11-r69 + tag: 11-debian-11-r77 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml index c638f45bf..c51b03e94 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=v1.16.0-0' catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller apiVersion: v2 -appVersion: 1.28.2 +appVersion: 1.29.5 description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running as sidecar. home: https://www.citrix.com @@ -18,4 +18,4 @@ maintainers: name: citrix-cpx-with-ingress-controller sources: - https://github.com/citrix/citrix-k8s-ingress-controller -version: 1.28.2 +version: 1.29.5 diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/README.md b/charts/citrix/citrix-cpx-with-ingress-controller/README.md index a5c39557e..accfd0af3 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/README.md +++ b/charts/citrix/citrix-cpx-with-ingress-controller/README.md @@ -455,7 +455,7 @@ The following table lists the configurable parameters of the Citrix ADC CPX with | daemonSet | Optional | False | Set this to true if Citrix ADC CPX needs to be deployed as DaemonSet. | | cic.imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry | | cic.imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository | -| cic.imageTag | Mandatory | `1.28.2` | The Citrix ingress controller image tag | +| cic.imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag | | cic.pullPolicy | Mandatory | IfNotPresent | The Citrix ingress controller image pull policy. | | cic.required | Mandatory | true | CIC to be run as sidecar with Citrix ADC CPX | | cic.resources | Optional | {} | CPU/Memory resource requests/limits for Citrix Ingress Controller container | @@ -475,6 +475,9 @@ The following table lists the configurable parameters of the Citrix ADC CPX with | nsHTTP2ServerSide | Optional | OFF | Set this argument to `ON` for enabling HTTP2 for Citrix ADC service group configurations. | | cpxLicenseAggregator | Optional | N/A | IP/FQDN of the CPX License Aggregator if it is being used to license the CPX. | | nsCookieVersion | Optional | 0 | Specify the persistence cookie version (0 or 1). | +| profileSslFrontend | Optional | N/A | Specify the frontend SSL profile. For Details see [Configuration using FRONTEND_SSL_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) | +| profileTcpFrontend | Optional | N/A | Specify the frontend TCP profile. For Details see [Configuration using FRONTEND_TCP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) | +| profileHttpFrontend | Optional | N/A | Specify the frontend HTTP profile. For Details see [Configuration using FRONTEND_HTTP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) | | logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. | | nsProtocol | Optional | http | Protocol http or https used for the communication between Citrix Ingress Controller and CPX | | cpxBgpRouter | Optional | false| If set to true, this CPX is deployed as daemonset in BGP controller mode wherein BGP advertisements are done for attracting external traffic to Kubernetes clusters | diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml index 6ff58466f..54c7c448d 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/cic_crds.yaml @@ -1815,7 +1815,7 @@ spec: description: 'Location of customized error page to respond when json violations are hit' type: string ip_reputation: - type: object + type: string x-kubernetes-preserve-unknown-fields: true description: 'Enabling IP reputation feature' target: diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml index 70ee6057b..815fe6bd3 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/citrix-k8s-cpx-ingress.yaml @@ -129,6 +129,8 @@ spec: name: shared-data - mountPath: /cpx/ name: cpx-volume + - mountPath: /cpx/conf + name: cpx-volume-conf {{- if .Values.cic.required }} # Add cic as a sidecar - name: cic @@ -301,6 +303,8 @@ spec: emptyDir: {} - name: cpx-volume emptyDir: {} + - name: cpx-volume-conf + emptyDir: {} {{- if and .Values.nodeSelector.key .Values.nodeSelector.value }} nodeSelector: {{ .Values.nodeSelector.key }}: {{ .Values.nodeSelector.value }} diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml index dff57083e..ac7aab2a2 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/templates/configmap.yaml @@ -69,3 +69,18 @@ data: hashFingers: {{ .Values.nsLbHashAlgo.hashFingers }} hashAlgorithm: {{ .Values.nsLbHashAlgo.hashAlgorithm | quote }} {{- end }} + +{{- if .Values.profileSslFrontend }} + FRONTEND_SSL_PROFILE: | + {{- toYaml .Values.profileSslFrontend | nindent 4 }} +{{- end }} + +{{- if .Values.profileTcpFrontend }} + FRONTEND_TCP_PROFILE: | + {{- toYaml .Values.profileTcpFrontend | nindent 4 }} +{{- end }} + +{{- if .Values.profileHttpFrontend }} + FRONTEND_HTTP_PROFILE: | + {{- toYaml .Values.profileHttpFrontend | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml index cc236087c..65a8dc2ef 100644 --- a/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml +++ b/charts/citrix/citrix-cpx-with-ingress-controller/values.yaml @@ -5,7 +5,7 @@ # Citrix ADC CPX config details imageRegistry: quay.io imageRepository: citrix/citrix-k8s-cpx-ingress -imageTag: 13.1-30.52 +imageTag: 13.1-37.38 image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}" pullPolicy: IfNotPresent imagePullSecrets: [] @@ -82,7 +82,7 @@ servicePorts: [] cic: imageRegistry: quay.io imageRepository: citrix/citrix-k8s-ingress-controller - imageTag: 1.28.2 + imageTag: 1.29.5 image: "{{ .Values.cic.imageRegistry }}/{{ .Values.cic.imageRepository }}:{{ .Values.cic.imageTag }}" pullPolicy: IfNotPresent required: true @@ -113,6 +113,25 @@ updateIngressStatus: False logProxy: kubernetesURL: disableOpenshiftRoutes: +profileSslFrontend: {} + # preconfigured: my_ssl_profile + # OR + # config: + # tls13: 'ENABLED' + # hsts: 'ENABLED' +profileHttpFrontend: {} + # preconfigured: my_http_profile + # OR + # config: + # dropinvalreqs: 'ENABLED' + # websocket: 'ENABLED' +profileTcpFrontend: {} + # preconfigured: my_tcp_profile + # OR + # config: + # sack: 'ENABLED' + # nagle: 'ENABLED' + # Citrix ADM/License Server config details ADMSettings: diff --git a/charts/citrix/citrix-ingress-controller/Chart.yaml b/charts/citrix/citrix-ingress-controller/Chart.yaml index 0ec97ad7f..ecd39f165 100644 --- a/charts/citrix/citrix-ingress-controller/Chart.yaml +++ b/charts/citrix/citrix-ingress-controller/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=v1.16.0-0' catalog.cattle.io/release-name: citrix-ingress-controller apiVersion: v2 -appVersion: 1.28.2 +appVersion: 1.29.5 description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX. home: https://www.citrix.com icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png @@ -17,4 +17,4 @@ maintainers: name: citrix-ingress-controller sources: - https://github.com/citrix/citrix-k8s-ingress-controller -version: 1.28.2 +version: 1.29.5 diff --git a/charts/citrix/citrix-ingress-controller/README.md b/charts/citrix/citrix-ingress-controller/README.md index 955301483..402ca6521 100644 --- a/charts/citrix/citrix-ingress-controller/README.md +++ b/charts/citrix/citrix-ingress-controller/README.md @@ -316,7 +316,7 @@ The following table lists the mandatory and optional parameters that you can con | license.accept | Mandatory | no | Set `yes` to accept the CIC end user license agreement. | | imageRegistry | Mandatory | `quay.io` | The Citrix ingress controller image registry | | imageRepository | Mandatory | `citrix/citrix-k8s-ingress-controller` | The Citrix ingress controller image repository | -| imageTag | Mandatory | `1.28.2` | The Citrix ingress controller image tag | +| imageTag | Mandatory | `1.29.5` | The Citrix ingress controller image tag | | pullPolicy | Mandatory | IfNotPresent | The CIC image pull policy. | | imagePullSecrets | Optional | N/A | Provide list of Kubernetes secrets to be used for pulling the images from a private Docker registry or repository. For more information on how to create this secret please see [Pull an Image from a Private Registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/). | | nameOverride | Optional | N/A | String to partially override deployment fullname template with a string (will prepend the release name) | @@ -351,6 +351,9 @@ The following table lists the mandatory and optional parameters that you can con | ignoreNodeExternalIP | Optional | False | While adding NodeIP, as Service group members for type LoadBalancer services or NodePort services, Citrix Ingress Controller has a selection criteria whereas it choose Node ExternalIP if available and Node InternalIP, if Node ExternalIP is not present. But some users may want to use Node InternalIP over Node ExternalIP even if Node ExternalIP is present. If this variable is set to `True`, then it prioritises the Node Internal IP to be used for service group members even if node ExternalIP is present | | nsHTTP2ServerSide | Optional | OFF | Set this argument to `ON` for enabling HTTP2 for Citrix ADC service group configurations. | | nsCookieVersion | Optional | 0 | Specify the persistence cookie version (0 or 1). | +| profileSslFrontend | Optional | N/A | Specify the frontend SSL profile. For Details see [Configuration using FRONTEND_SSL_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) | +| profileTcpFrontend | Optional | N/A | Specify the frontend TCP profile. For Details see [Configuration using FRONTEND_TCP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) | +| profileHttpFrontend | Optional | N/A | Specify the frontend HTTP profile. For Details see [Configuration using FRONTEND_HTTP_PROFILE](https://docs.citrix.com/en-us/citrix-k8s-ingress-controller/configure/profiles.html#global-front-end-profile-configuration-using-configmap-variables) | | ipam | Optional | False | Set this argument if you want to use the IPAM controller to automatically allocate an IP address to the service of type LoadBalancer. | | disableAPIServerCertVerify | Optional | False | Set this parameter to True for disabling API Server certificate verification. | | logProxy | Optional | N/A | Provide Elasticsearch or Kafka or Zipkin endpoint for Citrix observability exporter. | diff --git a/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml b/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml index 6ff58466f..54c7c448d 100644 --- a/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml +++ b/charts/citrix/citrix-ingress-controller/templates/cic_crds.yaml @@ -1815,7 +1815,7 @@ spec: description: 'Location of customized error page to respond when json violations are hit' type: string ip_reputation: - type: object + type: string x-kubernetes-preserve-unknown-fields: true description: 'Enabling IP reputation feature' target: diff --git a/charts/citrix/citrix-ingress-controller/templates/configmap.yaml b/charts/citrix/citrix-ingress-controller/templates/configmap.yaml index a765d0005..586906391 100644 --- a/charts/citrix/citrix-ingress-controller/templates/configmap.yaml +++ b/charts/citrix/citrix-ingress-controller/templates/configmap.yaml @@ -58,3 +58,18 @@ data: hashFingers: {{ .Values.nsLbHashAlgo.hashFingers }} hashAlgorithm: {{ .Values.nsLbHashAlgo.hashAlgorithm | quote }} {{- end }} + +{{- if .Values.profileSslFrontend }} + FRONTEND_SSL_PROFILE: | + {{- toYaml .Values.profileSslFrontend | nindent 4 }} +{{- end }} + +{{- if .Values.profileTcpFrontend }} + FRONTEND_TCP_PROFILE: | + {{- toYaml .Values.profileTcpFrontend | nindent 4 }} +{{- end }} + +{{- if .Values.profileHttpFrontend }} + FRONTEND_HTTP_PROFILE: | + {{- toYaml .Values.profileHttpFrontend | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/citrix/citrix-ingress-controller/values.yaml b/charts/citrix/citrix-ingress-controller/values.yaml index ba6cda298..480aab871 100644 --- a/charts/citrix/citrix-ingress-controller/values.yaml +++ b/charts/citrix/citrix-ingress-controller/values.yaml @@ -5,7 +5,7 @@ # Citrix Ingress Controller config details imageRegistry: quay.io imageRepository: citrix/citrix-k8s-ingress-controller -imageTag: 1.28.2 +imageTag: 1.29.5 image: "{{ .Values.imageRegistry }}/{{ .Values.imageRepository }}:{{ .Values.imageTag }}" pullPolicy: IfNotPresent imagePullSecrets: [] @@ -67,6 +67,24 @@ optimizeEndpointBinding: routeLabels: namespaceLabels: disableOpenshiftRoutes: +profileSslFrontend: {} + # preconfigured: my_ssl_profile + # OR + # config: + # tls13: 'ENABLED' + # hsts: 'ENABLED' +profileHttpFrontend: {} + # preconfigured: my_http_profile + # OR + # config: + # dropinvalreqs: 'ENABLED' + # websocket: 'ENABLED' +profileTcpFrontend: {} + # preconfigured: my_tcp_profile + # OR + # config: + # sack: 'ENABLED' + # nagle: 'ENABLED' # Exporter config details exporter: diff --git a/charts/clastix/kamaji/.helmignore b/charts/clastix/kamaji/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/charts/clastix/kamaji/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/clastix/kamaji/Chart.yaml b/charts/clastix/kamaji/Chart.yaml index a1c573761..aaf64a4cc 100644 --- a/charts/clastix/kamaji/Chart.yaml +++ b/charts/clastix/kamaji/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/release-name: kamaji apiVersion: v2 -appVersion: v0.1.1 +appVersion: v0.2.0 description: Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler. @@ -24,4 +24,4 @@ name: kamaji sources: - https://github.com/clastix/kamaji type: application -version: 0.10.2 +version: 0.11.0 diff --git a/charts/clastix/kamaji/README.md b/charts/clastix/kamaji/README.md index 00c6da844..cf4ccd621 100644 --- a/charts/clastix/kamaji/README.md +++ b/charts/clastix/kamaji/README.md @@ -1,6 +1,6 @@ # kamaji -![Version: 0.10.2](https://img.shields.io/badge/Version-0.10.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.1.1](https://img.shields.io/badge/AppVersion-v0.1.1-informational?style=flat-square) +![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v0.2.0](https://img.shields.io/badge/AppVersion-v0.2.0-informational?style=flat-square) Kamaji is a tool aimed to build and operate a Managed Kubernetes Service with a fraction of the operational burden. With Kamaji, you can deploy and operate hundreds of Kubernetes clusters as a hyper-scaler. @@ -67,7 +67,6 @@ Here the values you can override: | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | Kubernetes affinity rules to apply to Kamaji controller pods | -| configPath | string | `"./kamaji.yaml"` | Configuration file path alternative. (default "./kamaji.yaml") | | datastore.basicAuth.passwordSecret.keyPath | string | `nil` | The Secret key where the data is stored. | | datastore.basicAuth.passwordSecret.name | string | `nil` | The name of the Secret containing the password used to connect to the relational database. | | datastore.basicAuth.passwordSecret.namespace | string | `nil` | The namespace of the Secret containing the password used to connect to the relational database. | @@ -91,7 +90,7 @@ Here the values you can override: | datastore.tlsConfig.clientCertificate.privateKey.namespace | string | `nil` | Namespace of the Secret containing the client certificate private key required to establish the mandatory SSL/TLS connection to the datastore. | | etcd.compactionInterval | int | `0` | ETCD Compaction interval (e.g. "5m0s"). (default: "0" (disabled)) | | etcd.deploy | bool | `true` | Install an etcd with enabled multi-tenancy along with Kamaji | -| etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.4"}` | Install specific etcd image | +| etcd.image | object | `{"pullPolicy":"IfNotPresent","repository":"quay.io/coreos/etcd","tag":"v3.5.6"}` | Install specific etcd image | | etcd.livenessProbe | object | `{"failureThreshold":8,"httpGet":{"path":"/health?serializable=true","port":2381,"scheme":"HTTP"},"initialDelaySeconds":10,"periodSeconds":10,"timeoutSeconds":15}` | The livenessProbe for the etcd container | | etcd.overrides.caSecret.name | string | `"etcd-certs"` | Name of the secret which contains CA's certificate and private key. (default: "etcd-certs") | | etcd.overrides.caSecret.namespace | string | `"kamaji-system"` | Namespace of the secret which contains CA's certificate and private key. (default: "kamaji-system") | @@ -126,11 +125,10 @@ Here the values you can override: | resources.requests.cpu | string | `"100m"` | | | resources.requests.memory | string | `"20Mi"` | | | securityContext | object | `{"allowPrivilegeEscalation":false}` | The securityContext to apply to the Kamaji controller container only. It does not apply to the Kamaji RBAC proxy container. | -| service.port | int | `8443` | | -| service.type | string | `"ClusterIP"` | | | serviceAccount.annotations | object | `{}` | | | serviceAccount.create | bool | `true` | | | serviceAccount.name | string | `"kamaji-controller-manager"` | | +| serviceMonitor.enabled | bool | `false` | Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured | | temporaryDirectoryPath | string | `"/tmp/kamaji"` | Directory which will be used to work with temporary files. (default "/tmp/kamaji") | | tolerations | list | `[]` | Kubernetes node taints that the Kamaji controller pods would tolerate | diff --git a/charts/clastix/kamaji/crds/datastore.yaml b/charts/clastix/kamaji/crds/datastore.yaml index 2f51acca3..7a9ca2bde 100644 --- a/charts/clastix/kamaji/crds/datastore.yaml +++ b/charts/clastix/kamaji/crds/datastore.yaml @@ -3,8 +3,8 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null name: datastores.kamaji.clastix.io spec: group: kamaji.clastix.io @@ -15,254 +15,225 @@ spec: singular: datastore scope: Cluster versions: - - additionalPrinterColumns: - - description: Kamaji data store driver - jsonPath: .spec.driver - name: Driver - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: DataStore is the Schema for the datastores API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: DataStoreSpec defines the desired state of DataStore. - properties: - basicAuth: - description: In case of authentication enabled for the given data - store, specifies the username and password pair. This value is optional. - properties: - password: - properties: - content: - description: Bare content of the file, base64 encoded. It - has precedence over the SecretReference value. - format: byte - type: string - secretReference: - properties: - keyPath: - description: Name of the key for the given Secret reference - where the content is stored. This value is mandatory. - type: string - name: - description: name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: namespace defines the space within which - the secret name must be unique. - type: string - required: - - keyPath - type: object - x-kubernetes-map-type: atomic - type: object - username: - properties: - content: - description: Bare content of the file, base64 encoded. It - has precedence over the SecretReference value. - format: byte - type: string - secretReference: - properties: - keyPath: - description: Name of the key for the given Secret reference - where the content is stored. This value is mandatory. - type: string - name: - description: name is unique within a namespace to reference - a secret resource. - type: string - namespace: - description: namespace defines the space within which - the secret name must be unique. - type: string - required: - - keyPath - type: object - x-kubernetes-map-type: atomic - type: object - required: - - password - - username - type: object - driver: - description: The driver to use to connect to the shared datastore. - type: string - endpoints: - description: List of the endpoints to connect to the shared datastore. - No need for protocol, just bare IP/FQDN and port. - items: + - additionalPrinterColumns: + - description: Kamaji data store driver + jsonPath: .spec.driver + name: Driver + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DataStore is the Schema for the datastores API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DataStoreSpec defines the desired state of DataStore. + properties: + basicAuth: + description: In case of authentication enabled for the given data store, specifies the username and password pair. This value is optional. + properties: + password: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + minLength: 1 + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + username: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + minLength: 1 + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + required: + - password + - username + type: object + driver: + description: The driver to use to connect to the shared datastore. + enum: + - etcd + - MySQL + - PostgreSQL type: string - type: array - tlsConfig: - description: Defines the TLS/SSL configuration required to connect - to the data store in a secure way. - properties: - certificateAuthority: - description: Retrieve the Certificate Authority certificate and - private key, such as bare content of the file, or a SecretReference. - The key reference is required since etcd authentication is based - on certificates, and Kamaji is responsible in creating this. - properties: - certificate: - properties: - content: - description: Bare content of the file, base64 encoded. - It has precedence over the SecretReference value. - format: byte - type: string - secretReference: - properties: - keyPath: - description: Name of the key for the given Secret - reference where the content is stored. This value - is mandatory. - type: string - name: - description: name is unique within a namespace to - reference a secret resource. - type: string - namespace: - description: namespace defines the space within which - the secret name must be unique. - type: string - required: - - keyPath - type: object - x-kubernetes-map-type: atomic - type: object - privateKey: - properties: - content: - description: Bare content of the file, base64 encoded. - It has precedence over the SecretReference value. - format: byte - type: string - secretReference: - properties: - keyPath: - description: Name of the key for the given Secret - reference where the content is stored. This value - is mandatory. - type: string - name: - description: name is unique within a namespace to - reference a secret resource. - type: string - namespace: - description: namespace defines the space within which - the secret name must be unique. - type: string - required: - - keyPath - type: object - x-kubernetes-map-type: atomic - type: object - required: - - certificate - type: object - clientCertificate: - description: Specifies the SSL/TLS key and private key pair used - to connect to the data store. - properties: - certificate: - properties: - content: - description: Bare content of the file, base64 encoded. - It has precedence over the SecretReference value. - format: byte - type: string - secretReference: - properties: - keyPath: - description: Name of the key for the given Secret - reference where the content is stored. This value - is mandatory. - type: string - name: - description: name is unique within a namespace to - reference a secret resource. - type: string - namespace: - description: namespace defines the space within which - the secret name must be unique. - type: string - required: - - keyPath - type: object - x-kubernetes-map-type: atomic - type: object - privateKey: - properties: - content: - description: Bare content of the file, base64 encoded. - It has precedence over the SecretReference value. - format: byte - type: string - secretReference: - properties: - keyPath: - description: Name of the key for the given Secret - reference where the content is stored. This value - is mandatory. - type: string - name: - description: name is unique within a namespace to - reference a secret resource. - type: string - namespace: - description: namespace defines the space within which - the secret name must be unique. - type: string - required: - - keyPath - type: object - x-kubernetes-map-type: atomic - type: object - required: - - certificate - - privateKey - type: object - required: - - certificateAuthority - - clientCertificate - type: object - required: - - driver - - endpoints - - tlsConfig - type: object - status: - description: DataStoreStatus defines the observed state of DataStore. - properties: - usedBy: - description: List of the Tenant Control Planes, namespaced named, - using this data store. - items: - type: string - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} + endpoints: + description: List of the endpoints to connect to the shared datastore. No need for protocol, just bare IP/FQDN and port. + items: + type: string + minItems: 1 + type: array + tlsConfig: + description: Defines the TLS/SSL configuration required to connect to the data store in a secure way. + properties: + certificateAuthority: + description: Retrieve the Certificate Authority certificate and private key, such as bare content of the file, or a SecretReference. The key reference is required since etcd authentication is based on certificates, and Kamaji is responsible in creating this. + properties: + certificate: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + minLength: 1 + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + privateKey: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + minLength: 1 + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + required: + - certificate + type: object + clientCertificate: + description: Specifies the SSL/TLS key and private key pair used to connect to the data store. + properties: + certificate: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + minLength: 1 + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + privateKey: + properties: + content: + description: Bare content of the file, base64 encoded. It has precedence over the SecretReference value. + format: byte + type: string + secretReference: + properties: + keyPath: + description: Name of the key for the given Secret reference where the content is stored. This value is mandatory. + minLength: 1 + type: string + name: + description: name is unique within a namespace to reference a secret resource. + type: string + namespace: + description: namespace defines the space within which the secret name must be unique. + type: string + required: + - keyPath + type: object + x-kubernetes-map-type: atomic + type: object + required: + - certificate + - privateKey + type: object + required: + - certificateAuthority + - clientCertificate + type: object + required: + - driver + - endpoints + - tlsConfig + type: object + status: + description: DataStoreStatus defines the observed state of DataStore. + properties: + usedBy: + description: List of the Tenant Control Planes, namespaced named, using this data store. + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/clastix/kamaji/crds/tenantcontrolplane.yaml b/charts/clastix/kamaji/crds/tenantcontrolplane.yaml index 8c9948c62..c62768a4d 100644 --- a/charts/clastix/kamaji/crds/tenantcontrolplane.yaml +++ b/charts/clastix/kamaji/crds/tenantcontrolplane.yaml @@ -3,2511 +3,1736 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + cert-manager.io/inject-ca-from: kamaji-system/kamaji-serving-cert controller-gen.kubebuilder.io/version: v0.9.2 - creationTimestamp: null name: tenantcontrolplanes.kamaji.clastix.io spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: kamaji-webhook-service + namespace: kamaji-system + path: /convert + conversionReviewVersions: + - v1 group: kamaji.clastix.io names: kind: TenantControlPlane listKind: TenantControlPlaneList plural: tenantcontrolplanes shortNames: - - tcp + - tcp singular: tenantcontrolplane scope: Namespaced versions: - - additionalPrinterColumns: - - description: Kubernetes version - jsonPath: .spec.kubernetes.version - name: Version - type: string - - description: Kubernetes version - jsonPath: .status.kubernetesResources.version.status - name: Status - type: string - - description: Tenant Control Plane Endpoint (API server) - jsonPath: .status.controlPlaneEndpoint - name: Control-Plane-Endpoint - type: string - - description: Secret which contains admin kubeconfig - jsonPath: .status.kubeconfig.admin.secretName - name: Kubeconfig - type: string - - description: Age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: TenantControlPlane is the Schema for the tenantcontrolplanes - API. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TenantControlPlaneSpec defines the desired state of TenantControlPlane. - properties: - addons: - description: Addons contain which addons are enabled - properties: - coreDNS: - description: Enables the DNS addon in the Tenant Cluster. The - registry and the tag are configurable, the image is hard-coded - to `coredns`. - properties: - imageRepository: - description: ImageRepository sets the container registry to - pull images from. if not set, the default ImageRepository - will be used instead. - type: string - imageTag: - description: ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically - the version of the above components during upgrades. - type: string - type: object - konnectivity: - description: Enables the Konnectivity addon in the Tenant Cluster, - required if the worker nodes are in a different network. - properties: - agentImage: - default: registry.k8s.io/kas-network-proxy/proxy-agent - description: AgentImage defines the container image for Konnectivity's - agent. - type: string - proxyPort: - description: Port of Konnectivity proxy server. - format: int32 - type: integer - resources: - description: Resources define the amount of CPU and memory - to allocate to the Konnectivity server. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of - compute resources required. If Requests is omitted for - a container, it defaults to Limits if that is explicitly - specified, otherwise to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - serverImage: - default: registry.k8s.io/kas-network-proxy/proxy-server - description: ServerImage defines the container image for Konnectivity's - server. - type: string - version: - default: v0.0.32 - description: Version for Konnectivity server and agent. - type: string - required: - - proxyPort - type: object - kubeProxy: - description: Enables the kube-proxy addon in the Tenant Cluster. - The registry and the tag are configurable, the image is hard-coded - to `kube-proxy`. - properties: - imageRepository: - description: ImageRepository sets the container registry to - pull images from. if not set, the default ImageRepository - will be used instead. - type: string - imageTag: - description: ImageTag allows to specify a tag for the image. - In case this value is set, kubeadm does not change automatically - the version of the above components during upgrades. - type: string - type: object - type: object - controlPlane: - description: ControlPlane defines how the Tenant Control Plane Kubernetes - resources must be created in the Admin Cluster, such as the number - of Pod replicas, the Service resource, or the Ingress. - properties: - deployment: - description: Defining the options for the deployed Tenant Control - Plane as Deployment resource. - properties: - additionalMetadata: - description: AdditionalMetadata defines which additional metadata, - such as labels and annotations, must be attached to the - created resource. - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - affinity: - description: 'If specified, the Tenant Control Plane pod''s - scheduling constraints. More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/' - properties: - nodeAffinity: - description: Describes node affinity scheduling rules - for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node matches the corresponding matchExpressions; - the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term - matches all objects with implicit weight 0 (i.e. - it's a no-op). A null preferred scheduling term - matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated - with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - weight: - description: Weight associated with matching - the corresponding nodeSelectorTerm, in the - range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to an update), the system may or may not try - to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector - terms. The terms are ORed. - items: - description: A null or empty node selector term - matches no objects. The requirements of them - are ANDed. The TopologySelectorTerm type implements - a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: The label key that the - selector applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators - are In, NotIn, Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An array of string values. - If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. - If the operator is Gt or Lt, the - values array must have a single - element, which will be interpreted - as an integer. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - x-kubernetes-map-type: atomic - type: array - required: - - nodeSelectorTerms - type: object - x-kubernetes-map-type: atomic - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. - co-locate this pod in the same node, zone, etc. as some - other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling affinity expressions, - etc.), compute a sum by iterating through the elements - of this field and adding "weight" to the sum if - the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - affinity requirements specified by this field cease - to be met at some point during pod execution (e.g. - due to a pod label update), the system may or may - not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes - corresponding to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules - (e.g. avoid putting this pod in the same node, zone, - etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule - pods to nodes that satisfy the anti-affinity expressions - specified by this field, but it may choose a node - that violates one or more of the expressions. The - node that is most preferred is the one with the - greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource - request, requiredDuringScheduling anti-affinity - expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to - the sum if the node has pods which matches the corresponding - podAffinityTerm; the node(s) with the highest sum - are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred - node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, - associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of - resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set - of namespaces that the term applies to. - The term is applied to the union of the - namespaces selected by this field and - the ones listed in the namespaces field. - null selector and null or empty namespaces - list means "this pod's namespace". An - empty selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The - requirements are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to a set - of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array - of string values. If the operator - is In or NotIn, the values array - must be non-empty. If the operator - is Exists or DoesNotExist, the - values array must be empty. - This array is replaced during - a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of - {key,value} pairs. A single {key,value} - in the matchLabels map is equivalent - to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are - ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static - list of namespace names that the term - applies to. The term is applied to the - union of the namespaces listed in this - field and the ones selected by namespaceSelector. - null or empty namespaces list and null - namespaceSelector means "this pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located - (affinity) or not co-located (anti-affinity) - with the pods matching the labelSelector - in the specified namespaces, where co-located - is defined as running on a node whose - value of the label with key topologyKey - matches that of any node on which any - of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching - the corresponding podAffinityTerm, in the - range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified - by this field are not met at scheduling time, the - pod will not be scheduled onto the node. If the - anti-affinity requirements specified by this field - cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may - or may not try to eventually evict the pod from - its node. When there are multiple elements, the - lists of nodes corresponding to each podAffinityTerm - are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those - matching the labelSelector relative to the given - namespace(s)) that this pod should be co-located - (affinity) or not co-located (anti-affinity) with, - where co-located is defined as running on a node - whose value of the label with key - matches that of any node on which a pod of the - set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaceSelector: - description: A label query over the set of namespaces - that the term applies to. The term is applied - to the union of the namespaces selected by - this field and the ones listed in the namespaces - field. null selector and null or empty namespaces - list means "this pod's namespace". An empty - selector ({}) matches all namespaces. - properties: - matchExpressions: - description: matchExpressions is a list - of label selector requirements. The requirements - are ANDed. - items: - description: A label selector requirement - is a selector that contains values, - a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key - that the selector applies to. - type: string - operator: - description: operator represents a - key's relationship to a set of values. - Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of - string values. If the operator is - In or NotIn, the values array must - be non-empty. If the operator is - Exists or DoesNotExist, the values - array must be empty. This array - is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator - is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - namespaces: - description: namespaces specifies a static list - of namespace names that the term applies to. - The term is applied to the union of the namespaces - listed in this field and the ones selected - by namespaceSelector. null or empty namespaces - list and null namespaceSelector means "this - pod's namespace". - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the - pods matching the labelSelector in the specified - namespaces, where co-located is defined as - running on a node whose value of the label - with key topologyKey matches that of any node - on which any of the selected pods is running. - Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - extraArgs: - description: ExtraArgs allows adding additional arguments - to the Control Plane components, such as kube-apiserver, - controller-manager, and scheduler. - properties: - apiServer: - items: - type: string - type: array - controllerManager: - items: - type: string - type: array - kine: - description: Available only if Kamaji is running using - Kine as backing storage. - items: - type: string - type: array - scheduler: - items: - type: string - type: array - type: object - nodeSelector: - additionalProperties: + - additionalPrinterColumns: + - description: Kubernetes version + jsonPath: .spec.kubernetes.version + name: Version + type: string + - description: Status + jsonPath: .status.kubernetesResources.version.status + name: Status + type: string + - description: Tenant Control Plane Endpoint (API server) + jsonPath: .status.controlPlaneEndpoint + name: Control-Plane endpoint + type: string + - description: Secret which contains admin kubeconfig + jsonPath: .status.kubeconfig.admin.secretName + name: Kubeconfig + type: string + - description: DataStore actually used + jsonPath: .status.storage.dataStoreName + name: Datastore + type: string + - description: Age + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: TenantControlPlane is the Schema for the tenantcontrolplanes API. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TenantControlPlaneSpec defines the desired state of TenantControlPlane. + properties: + addons: + description: Addons contain which addons are enabled + properties: + coreDNS: + description: Enables the DNS addon in the Tenant Cluster. The registry and the tag are configurable, the image is hard-coded to `coredns`. + properties: + imageRepository: + description: ImageRepository sets the container registry to pull images from. if not set, the default ImageRepository will be used instead. type: string - description: 'NodeSelector is a selector which must be true - for the pod to fit on a node. Selector which must match - a node''s labels for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - replicas: - default: 2 - format: int32 - type: integer - resources: - description: Resources defines the amount of memory and CPU - to allocate to each component of the Control Plane (kube-apiserver, - controller-manager, and scheduler). - properties: - apiServer: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - controllerManager: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - scheduler: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - type: object - tolerations: - description: 'If specified, the Tenant Control Plane pod''s - tolerations. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/' - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . + imageTag: + description: ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + type: string + type: object + konnectivity: + description: Enables the Konnectivity addon in the Tenant Cluster, required if the worker nodes are in a different network. + properties: + agent: + default: + image: registry.k8s.io/kas-network-proxy/proxy-agent + version: v0.0.32 properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule and - NoExecute. - type: string - key: - description: Key is the taint key that the toleration - applies to. Empty means match all taint keys. If the - key is empty, operator must be Exists; this combination - means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship - to the value. Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate all taints of - a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period - of time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the - taint forever (do not evict). Zero and negative values - will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration - matches to. If the operator is Exists, the value should - be empty, otherwise just a regular string. - type: string - type: object - type: array - topologySpreadConstraints: - description: TopologySpreadConstraints describes how the Tenant - Control Plane pods ought to spread across topology domains. - Scheduler will schedule pods in a way which abides by the - constraints. In case of nil underlying LabelSelector, the - Kamaji one for the given Tenant Control Plane will be used. - All topologySpreadConstraints are ANDed. - items: - description: TopologySpreadConstraint specifies how to spread - matching pods among the given topology. - properties: - labelSelector: - description: LabelSelector is used to find matching - pods. Pods that match this label selector are counted - to determine the number of pods in their corresponding - topology domain. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a - selector that contains values, a key, and an - operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are - In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If the - operator is Exists or DoesNotExist, the - values array must be empty. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". The - requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - matchLabelKeys: - description: MatchLabelKeys is a set of pod label keys - to select the pods over which spreading will be calculated. - The keys are used to lookup values from the incoming - pod labels, those key-value labels are ANDed with - labelSelector to select the group of existing pods - over which spreading will be calculated for the incoming - pod. Keys that don't exist in the incoming pod labels - will be ignored. A null or empty list means only match - against labelSelector. + extraArgs: + description: ExtraArgs allows adding additional arguments to said component. items: type: string type: array - x-kubernetes-list-type: atomic - maxSkew: - description: 'MaxSkew describes the degree to which - pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, - it is the maximum permitted difference between the - number of matching pods in the target topology and - the global minimum. The global minimum is the minimum - number of matching pods in an eligible domain or zero - if the number of eligible domains is less than MinDomains. - For example, in a 3-zone cluster, MaxSkew is set to - 1, and pods with the same labelSelector spread as - 2/2/1: In this case, the global minimum is 1. | zone1 - | zone2 | zone3 | | P P | P P | P | - if MaxSkew - is 1, incoming pod can only be scheduled to zone3 - to become 2/2/2; scheduling it onto zone1(zone2) would - make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can be scheduled onto - any zone. When `whenUnsatisfiable=ScheduleAnyway`, - it is used to give higher precedence to topologies - that satisfy it. It''s a required field. Default value - is 1 and 0 is not allowed.' + image: + default: registry.k8s.io/kas-network-proxy/proxy-agent + description: AgentImage defines the container image for Konnectivity's agent. + type: string + version: + default: v0.0.32 + description: Version for Konnectivity agent. + type: string + type: object + server: + default: + image: registry.k8s.io/kas-network-proxy/proxy-server + port: 8132 + version: v0.0.32 + properties: + extraArgs: + description: ExtraArgs allows adding additional arguments to said component. + items: + type: string + type: array + image: + default: registry.k8s.io/kas-network-proxy/proxy-server + description: Container image used by the Konnectivity server. + type: string + port: + description: The port which Konnectivity server is listening to. format: int32 type: integer - minDomains: - description: "MinDomains indicates a minimum number - of eligible domains. When the number of eligible domains - with matching topology keys is less than minDomains, - Pod Topology Spread treats \"global minimum\" as 0, - and then the calculation of Skew is performed. And - when the number of eligible domains with matching - topology keys equals or greater than minDomains, this - value has no effect on scheduling. As a result, when - the number of eligible domains is less than minDomains, - scheduler won't schedule more than maxSkew Pods to - those domains. If value is nil, the constraint behaves - as if MinDomains is equal to 1. Valid values are integers - greater than 0. When value is not nil, WhenUnsatisfiable - must be DoNotSchedule. \n For example, in a 3-zone - cluster, MaxSkew is set to 2, MinDomains is set to - 5 and pods with the same labelSelector spread as 2/2/2: - | zone1 | zone2 | zone3 | | P P | P P | P P | - The number of domains is less than 5(MinDomains), - so \"global minimum\" is treated as 0. In this situation, - new pod with the same labelSelector cannot be scheduled, - because computed skew will be 3(3 - 0) if new Pod - is scheduled to any of the three zones, it will violate - MaxSkew. \n This is a beta field and requires the - MinDomainsInPodTopologySpread feature gate to be enabled - (enabled by default)." - format: int32 - type: integer - nodeAffinityPolicy: - description: "NodeAffinityPolicy indicates how we will - treat Pod's nodeAffinity/nodeSelector when calculating - pod topology spread skew. Options are: - Honor: only - nodes matching nodeAffinity/nodeSelector are included - in the calculations. - Ignore: nodeAffinity/nodeSelector - are ignored. All nodes are included in the calculations. - \n If this value is nil, the behavior is equivalent - to the Honor policy. This is a alpha-level feature - enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - nodeTaintsPolicy: - description: "NodeTaintsPolicy indicates how we will - treat node taints when calculating pod topology spread - skew. Options are: - Honor: nodes without taints, - along with tainted nodes for which the incoming pod - has a toleration, are included. - Ignore: node taints - are ignored. All nodes are included. \n If this value - is nil, the behavior is equivalent to the Ignore policy. - This is a alpha-level feature enabled by the NodeInclusionPolicyInPodTopologySpread - feature flag." - type: string - topologyKey: - description: TopologyKey is the key of node labels. - Nodes that have a label with this key and identical - values are considered to be in the same topology. - We consider each as a "bucket", and try - to put balanced number of pods into each bucket. We - define a domain as a particular instance of a topology. - Also, we define an eligible domain as a domain whose - nodes meet the requirements of nodeAffinityPolicy - and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", - each Node is a domain of that topology. And, if TopologyKey - is "topology.kubernetes.io/zone", each zone is a domain - of that topology. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal - with a pod if it doesn''t satisfy the spread constraint. - - DoNotSchedule (default) tells the scheduler not - to schedule it. - ScheduleAnyway tells the scheduler - to schedule the pod in any location, but giving higher - precedence to topologies that would help reduce the - skew. A constraint is considered "Unsatisfiable" for - an incoming pod if and only if every possible node - assignment for that pod would violate "MaxSkew" on - some topology. For example, in a 3-zone cluster, MaxSkew - is set to 1, and pods with the same labelSelector - spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P - | P | P | If WhenUnsatisfiable is set to DoNotSchedule, - incoming pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) - satisfies MaxSkew(1). In other words, the cluster - can still be imbalanced, but scheduler won''t make - it *more* imbalanced. It''s a required field.' + resources: + description: Resources define the amount of CPU and memory to allocate to the Konnectivity server. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + version: + default: v0.0.32 + description: Container image version of the Konnectivity server. type: string required: - - maxSkew - - topologyKey - - whenUnsatisfiable + - port type: object - type: array - type: object - ingress: - description: Defining the options for an Optional Ingress which - will expose API Server of the Tenant Control Plane - properties: - additionalMetadata: - description: AdditionalMetadata defines which additional metadata, - such as labels and annotations, must be attached to the - created resource. - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - hostname: - description: Hostname is an optional field which will be used - as Ingress's Host. If it is not defined, Ingress's host - will be "..", where domain is - specified under NetworkProfileSpec - type: string - ingressClassName: - type: string - type: object - service: - description: Defining the options for the Tenant Control Plane - Service resource. - properties: - additionalMetadata: - description: AdditionalMetadata defines which additional metadata, - such as labels and annotations, must be attached to the - created resource. - properties: - annotations: - additionalProperties: - type: string - type: object - labels: - additionalProperties: - type: string - type: object - type: object - serviceType: - description: ServiceType allows specifying how to expose the - Tenant Control Plane. - enum: - - ClusterIP - - NodePort - - LoadBalancer - type: string - required: - - serviceType - type: object - required: - - service - type: object - dataStore: - description: DataStore allows to specify a DataStore that should be - used to store the Kubernetes data for the given Tenant Control Plane. - This parameter is optional and acts as an override over the default - one which is used by the Kamaji Operator. Migration from a different - DataStore to another one is not yet supported and the reconciliation - will be blocked. - type: string - kubernetes: - description: Kubernetes specification for tenant control plane - properties: - admissionControllers: - default: - - CertificateApproval - - CertificateSigning - - CertificateSubjectRestriction - - DefaultIngressClass - - DefaultStorageClass - - DefaultTolerationSeconds - - LimitRanger - - MutatingAdmissionWebhook - - NamespaceLifecycle - - PersistentVolumeClaimResize - - Priority - - ResourceQuota - - RuntimeClass - - ServiceAccount - - StorageObjectInUseProtection - - TaintNodesByCondition - - ValidatingAdmissionWebhook - description: 'List of enabled Admission Controllers for the Tenant - cluster. Full reference available here: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers' - items: - enum: - - AlwaysAdmit - - AlwaysDeny - - AlwaysPullImages - - CertificateApproval - - CertificateSigning - - CertificateSubjectRestriction - - DefaultIngressClass - - DefaultStorageClass - - DefaultTolerationSeconds - - DenyEscalatingExec - - DenyExecOnPrivileged - - DenyServiceExternalIPs - - EventRateLimit - - ExtendedResourceToleration - - ImagePolicyWebhook - - LimitPodHardAntiAffinityTopology - - LimitRanger - - MutatingAdmissionWebhook - - NamespaceAutoProvision - - NamespaceExists - - NamespaceLifecycle - - NodeRestriction - - OwnerReferencesPermissionEnforcement - - PersistentVolumeClaimResize - - PersistentVolumeLabel - - PodNodeSelector - - PodSecurity - - PodSecurityPolicy - - PodTolerationRestriction - - Priority - - ResourceQuota - - RuntimeClass - - SecurityContextDeny - - ServiceAccount - - StorageObjectInUseProtection - - TaintNodesByCondition - - ValidatingAdmissionWebhook - type: string - type: array - kubelet: - properties: - cgroupfs: - description: CGroupFS defines the cgroup driver for Kubelet - https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/ - enum: - - systemd - - cgroupfs - type: string - type: object - version: - description: Kubernetes Version for the tenant control plane - type: string - required: - - kubelet - - version - type: object - networkProfile: - description: NetworkProfile specifies how the network is - properties: - address: - description: Address where API server of will be exposed. In case - of LoadBalancer Service, this can be empty in order to use the - exposed IP provided by the cloud controller manager. - type: string - allowAddressAsExternalIP: - description: AllowAddressAsExternalIP will include tenantControlPlane.Spec.NetworkProfile.Address - in the section of ExternalIPs of the Kubernetes Service (only - ClusterIP or NodePort) - type: boolean - certSANs: - description: CertSANs sets extra Subject Alternative Names (SANs) - for the API Server signing certificate. Use this field to add - additional hostnames when exposing the Tenant Control Plane - with third solutions. - items: - type: string - type: array - dnsServiceIPs: - default: - - 10.96.0.10 - items: - type: string - type: array - podCidr: - default: 10.244.0.0/16 - description: CIDR for Kubernetes Pods - type: string - port: - default: 6443 - description: Port where API server of will be exposed - format: int32 - type: integer - serviceCidr: - default: 10.96.0.0/16 - description: Kubernetes Service - type: string - type: object - required: - - controlPlane - - kubernetes - type: object - status: - description: TenantControlPlaneStatus defines the observed state of TenantControlPlane. - properties: - addons: - description: Addons contains the status of the different Addons - properties: - coreDNS: - description: AddonStatus defines the observed state of an Addon. - properties: - checksum: - type: string - enabled: - type: boolean - lastUpdate: - format: date-time - type: string - required: - - enabled - type: object - konnectivity: - description: KonnectivityStatus defines the status of Konnectivity - as Addon. - properties: - agent: - properties: - checksum: - type: string - lastUpdate: - description: Last time when k8s object was updated - format: date-time - type: string - name: - type: string - namespace: - type: string - type: object - certificate: - description: CertificatePrivateKeyPairStatus defines the status. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - clusterrolebinding: - properties: - checksum: - type: string - lastUpdate: - description: Last time when k8s object was updated - format: date-time - type: string - name: - type: string - namespace: - type: string - type: object - configMap: - properties: - checksum: - type: string - name: - type: string - type: object - enabled: - type: boolean - kubeconfig: - description: KubeconfigStatus contains information about the - generated kubeconfig. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - sa: - properties: - checksum: - type: string - lastUpdate: - description: Last time when k8s object was updated - format: date-time - type: string - name: - type: string - namespace: - type: string - type: object - service: - description: KubernetesServiceStatus defines the status for - the Tenant Control Plane Service in the management cluster. - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This - struct is intended for direct use as an array at the - field path .status.conditions. For example, \n type - FooStatus struct{ // Represents the observations of - a foo's current state. // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" - // +patchMergeKey=type // +patchStrategy=merge // - +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" - patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" + type: object + kubeProxy: + description: Enables the kube-proxy addon in the Tenant Cluster. The registry and the tag are configurable, the image is hard-coded to `kube-proxy`. + properties: + imageRepository: + description: ImageRepository sets the container registry to pull images from. if not set, the default ImageRepository will be used instead. + type: string + imageTag: + description: ImageTag allows to specify a tag for the image. In case this value is set, kubeadm does not change automatically the version of the above components during upgrades. + type: string + type: object + type: object + controlPlane: + description: ControlPlane defines how the Tenant Control Plane Kubernetes resources must be created in the Admin Cluster, such as the number of Pod replicas, the Service resource, or the Ingress. + properties: + deployment: + description: Defining the options for the deployed Tenant Control Plane as Deployment resource. + properties: + additionalMetadata: + description: AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + affinity: + description: 'If specified, the Tenant Control Plane pod''s scheduling constraints. More info: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/' + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the pod. properties: - lastTransitionTime: - description: lastTransitionTime is the last time - the condition transitioned from one status to - another. This should be when the underlying condition - changed. If that is not known, then using the - time when the API field changed is acceptable. - format: date-time + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. + items: + description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). + properties: + preference: + description: A node selector term, associated with the corresponding weight. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + weight: + description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. + properties: + nodeSelectorTerms: + description: Required. A list of node selector terms. The terms are ORed. + items: + description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. + properties: + matchExpressions: + description: A list of node selector requirements by node's labels. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + description: A list of node selector requirements by node's fields. + items: + description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: The label key that the selector applies to. + type: string + operator: + description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + x-kubernetes-map-type: atomic + type: array + required: + - nodeSelectorTerms + type: object + x-kubernetes-map-type: atomic + type: object + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. + items: + description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated with the corresponding weight. + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + weight: + description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. + items: + description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + properties: + labelSelector: + description: A label query over a set of resources, in this case pods. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaceSelector: + description: A label query over the set of namespaces that the term applies to. The term is applied to the union of the namespaces selected by this field and the ones listed in the namespaces field. null selector and null or empty namespaces list means "this pod's namespace". An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + namespaces: + description: namespaces specifies a static list of namespace names that the term applies to. The term is applied to the union of the namespaces listed in this field and the ones selected by namespaceSelector. null or empty namespaces list and null namespaceSelector means "this pod's namespace". + items: + type: string + type: array + topologyKey: + description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + extraArgs: + description: ExtraArgs allows adding additional arguments to the Control Plane components, such as kube-apiserver, controller-manager, and scheduler. + properties: + apiServer: + items: + type: string + type: array + controllerManager: + items: + type: string + type: array + kine: + description: Available only if Kamaji is running using Kine as backing storage. + items: + type: string + type: array + scheduler: + items: + type: string + type: array + type: object + nodeSelector: + additionalProperties: + type: string + description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' + type: object + replicas: + default: 2 + format: int32 + type: integer + resources: + description: Resources defines the amount of memory and CPU to allocate to each component of the Control Plane (kube-apiserver, controller-manager, and scheduler). + properties: + apiServer: + description: ComponentResourceRequirements describes the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + controllerManager: + description: ComponentResourceRequirements describes the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + scheduler: + description: ComponentResourceRequirements describes the compute resource requirements. + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + type: object + runtimeClassName: + description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run the Tenant Control Plane pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' + type: string + strategy: + default: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 0 + type: RollingUpdate + description: Strategy describes how to replace existing pods with new ones for the given Tenant Control Plane. Default value is set to Rolling Update, with a blue/green strategy. + properties: + rollingUpdate: + description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' + properties: + maxSurge: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' + x-kubernetes-int-or-string: true + maxUnavailable: + anyOf: + - type: integer + - type: string + description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' + x-kubernetes-int-or-string: true + type: object + type: + description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + type: string + type: object + tolerations: + description: 'If specified, the Tenant Control Plane pod''s tolerations. More info: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/' + items: + description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: TopologySpreadConstraints describes how the Tenant Control Plane pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. In case of nil underlying LabelSelector, the Kamaji one for the given Tenant Control Plane will be used. All topologySpreadConstraints are ANDed. + items: + description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + properties: + key: + description: key is the label key that the selector applies to. + type: string + operator: + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + matchLabelKeys: + description: MatchLabelKeys is a set of pod label keys to select the pods over which spreading will be calculated. The keys are used to lookup values from the incoming pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod. Keys that don't exist in the incoming pod labels will be ignored. A null or empty list means only match against labelSelector. + items: type: string - message: - description: message is a human readable message - indicating details about the transition. This - may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the - .status.conditions[x].observedGeneration is 9, - the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last - transition. Producers of specific condition types - may define expected values and meanings for this - field, and whether the values are considered a - guaranteed API. The value should be a CamelCase - string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: + type: array + x-kubernetes-list-type: atomic + maxSkew: + description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. The global minimum is the minimum number of matching pods in an eligible domain or zero if the number of eligible domains is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 2/2/1: In this case, the global minimum is 1. | zone1 | zone2 | zone3 | | P P | P P | P | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 2/2/2; scheduling it onto zone1(zone2) would make the ActualSkew(3-1) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' + format: int32 + type: integer + minDomains: + description: "MinDomains indicates a minimum number of eligible domains. When the number of eligible domains with matching topology keys is less than minDomains, Pod Topology Spread treats \"global minimum\" as 0, and then the calculation of Skew is performed. And when the number of eligible domains with matching topology keys equals or greater than minDomains, this value has no effect on scheduling. As a result, when the number of eligible domains is less than minDomains, scheduler won't schedule more than maxSkew Pods to those domains. If value is nil, the constraint behaves as if MinDomains is equal to 1. Valid values are integers greater than 0. When value is not nil, WhenUnsatisfiable must be DoNotSchedule. \n For example, in a 3-zone cluster, MaxSkew is set to 2, MinDomains is set to 5 and pods with the same labelSelector spread as 2/2/2: | zone1 | zone2 | zone3 | | P P | P P | P P | The number of domains is less than 5(MinDomains), so \"global minimum\" is treated as 0. In this situation, new pod with the same labelSelector cannot be scheduled, because computed skew will be 3(3 - 0) if new Pod is scheduled to any of the three zones, it will violate MaxSkew. \n This is a beta field and requires the MinDomainsInPodTopologySpread feature gate to be enabled (enabled by default)." + format: int32 + type: integer + nodeAffinityPolicy: + description: "NodeAffinityPolicy indicates how we will treat Pod's nodeAffinity/nodeSelector when calculating pod topology spread skew. Options are: - Honor: only nodes matching nodeAffinity/nodeSelector are included in the calculations. - Ignore: nodeAffinity/nodeSelector are ignored. All nodes are included in the calculations. \n If this value is nil, the behavior is equivalent to the Honor policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + nodeTaintsPolicy: + description: "NodeTaintsPolicy indicates how we will treat node taints when calculating pod topology spread skew. Options are: - Honor: nodes without taints, along with tainted nodes for which the incoming pod has a toleration, are included. - Ignore: node taints are ignored. All nodes are included. \n If this value is nil, the behavior is equivalent to the Ignore policy. This is a beta-level feature default enabled by the NodeInclusionPolicyInPodTopologySpread feature flag." + type: string + topologyKey: + description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. We define a domain as a particular instance of a topology. Also, we define an eligible domain as a domain whose nodes meet the requirements of nodeAffinityPolicy and nodeTaintsPolicy. e.g. If TopologyKey is "kubernetes.io/hostname", each Node is a domain of that topology. And, if TopologyKey is "topology.kubernetes.io/zone", each zone is a domain of that topology. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + ingress: + description: Defining the options for an Optional Ingress which will expose API Server of the Tenant Control Plane + properties: + additionalMetadata: + description: AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + hostname: + description: Hostname is an optional field which will be used as Ingress's Host. If it is not defined, Ingress's host will be "..", where domain is specified under NetworkProfileSpec + type: string + ingressClassName: + type: string + type: object + service: + description: Defining the options for the Tenant Control Plane Service resource. + properties: + additionalMetadata: + description: AdditionalMetadata defines which additional metadata, such as labels and annotations, must be attached to the created resource. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + serviceType: + description: ServiceType allows specifying how to expose the Tenant Control Plane. + enum: + - ClusterIP + - NodePort + - LoadBalancer + type: string + required: + - serviceType + type: object + required: + - service + type: object + dataStore: + description: DataStore allows to specify a DataStore that should be used to store the Kubernetes data for the given Tenant Control Plane. This parameter is optional and acts as an override over the default one which is used by the Kamaji Operator. Migration from a different DataStore to another one is not yet supported and the reconciliation will be blocked. + type: string + kubernetes: + description: Kubernetes specification for tenant control plane + properties: + admissionControllers: + default: + - CertificateApproval + - CertificateSigning + - CertificateSubjectRestriction + - DefaultIngressClass + - DefaultStorageClass + - DefaultTolerationSeconds + - LimitRanger + - MutatingAdmissionWebhook + - NamespaceLifecycle + - PersistentVolumeClaimResize + - Priority + - ResourceQuota + - RuntimeClass + - ServiceAccount + - StorageObjectInUseProtection + - TaintNodesByCondition + - ValidatingAdmissionWebhook + description: 'List of enabled Admission Controllers for the Tenant cluster. Full reference available here: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers' + items: + enum: + - AlwaysAdmit + - AlwaysDeny + - AlwaysPullImages + - CertificateApproval + - CertificateSigning + - CertificateSubjectRestriction + - DefaultIngressClass + - DefaultStorageClass + - DefaultTolerationSeconds + - DenyEscalatingExec + - DenyExecOnPrivileged + - DenyServiceExternalIPs + - EventRateLimit + - ExtendedResourceToleration + - ImagePolicyWebhook + - LimitPodHardAntiAffinityTopology + - LimitRanger + - MutatingAdmissionWebhook + - NamespaceAutoProvision + - NamespaceExists + - NamespaceLifecycle + - NodeRestriction + - OwnerReferencesPermissionEnforcement + - PersistentVolumeClaimResize + - PersistentVolumeLabel + - PodNodeSelector + - PodSecurity + - PodSecurityPolicy + - PodTolerationRestriction + - Priority + - ResourceQuota + - RuntimeClass + - SecurityContextDeny + - ServiceAccount + - StorageObjectInUseProtection + - TaintNodesByCondition + - ValidatingAdmissionWebhook + type: string + type: array + kubelet: + properties: + cgroupfs: + description: CGroupFS defines the cgroup driver for Kubelet https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/configure-cgroup-driver/ + enum: + - systemd + - cgroupfs + type: string + preferredAddressTypes: + default: + - Hostname + - InternalIP + - ExternalIP + description: Ordered list of the preferred NodeAddressTypes to use for kubelet connections. Default to Hostname, InternalIP, ExternalIP. + items: + enum: + - Hostname + - InternalIP + - ExternalIP + - InternalDNS + - ExternalDNS + type: string + minItems: 1 + type: array + type: object + version: + description: Kubernetes Version for the tenant control plane + type: string + required: + - kubelet + - version + type: object + networkProfile: + description: NetworkProfile specifies how the network is + properties: + address: + description: Address where API server of will be exposed. In case of LoadBalancer Service, this can be empty in order to use the exposed IP provided by the cloud controller manager. + type: string + allowAddressAsExternalIP: + description: AllowAddressAsExternalIP will include tenantControlPlane.Spec.NetworkProfile.Address in the section of ExternalIPs of the Kubernetes Service (only ClusterIP or NodePort) + type: boolean + certSANs: + description: CertSANs sets extra Subject Alternative Names (SANs) for the API Server signing certificate. Use this field to add additional hostnames when exposing the Tenant Control Plane with third solutions. + items: + type: string + type: array + dnsServiceIPs: + default: + - 10.96.0.10 + items: + type: string + type: array + podCidr: + default: 10.244.0.0/16 + description: CIDR for Kubernetes Pods + type: string + port: + default: 6443 + description: Port where API server of will be exposed + format: int32 + type: integer + serviceCidr: + default: 10.96.0.0/16 + description: Kubernetes Service + type: string + type: object + required: + - controlPlane + - kubernetes + type: object + status: + description: TenantControlPlaneStatus defines the observed state of TenantControlPlane. + properties: + addons: + description: Addons contains the status of the different Addons + properties: + coreDNS: + description: AddonStatus defines the observed state of an Addon. + properties: + enabled: + type: boolean + lastUpdate: + format: date-time + type: string + required: + - enabled + type: object + konnectivity: + description: KonnectivityStatus defines the status of Konnectivity as Addon. + properties: + agent: + properties: + lastUpdate: + description: Last time when k8s object was updated + format: date-time + type: string + name: + type: string + namespace: + type: string + type: object + certificate: + description: CertificatePrivateKeyPairStatus defines the status. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + clusterrolebinding: + properties: + lastUpdate: + description: Last time when k8s object was updated + format: date-time + type: string + name: + type: string + namespace: + type: string + type: object + configMap: + properties: + checksum: + type: string + name: + type: string + type: object + enabled: + type: boolean + kubeconfig: + description: KubeconfigStatus contains information about the generated kubeconfig. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + sa: + properties: + lastUpdate: + description: Last time when k8s object was updated + format: date-time + type: string + name: + type: string + namespace: + type: string + type: object + service: + description: KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster. + properties: + conditions: + description: Current service state + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + x-kubernetes-list-map-keys: + - type + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports If used, every port defined in the service should have an entry in it + items: + properties: + error: + description: 'Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + name: + description: The name of the Service for the given cluster. + type: string + namespace: + description: The namespace which the Service for the given cluster is deployed. + type: string + port: + description: The port where the service is running + format: int32 + type: integer + required: + - name + - namespace + - port + type: object + required: + - enabled + type: object + kubeProxy: + description: AddonStatus defines the observed state of an Addon. + properties: + enabled: + type: boolean + lastUpdate: + format: date-time + type: string + required: + - enabled + type: object + type: object + certificates: + description: Certificates contains information about the different certificates that are necessary to run a kubernetes control plane + properties: + apiServer: + description: CertificatePrivateKeyPairStatus defines the status. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + apiServerKubeletClient: + description: CertificatePrivateKeyPairStatus defines the status. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + ca: + description: CertificatePrivateKeyPairStatus defines the status. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + etcd: + description: ETCDCertificatesStatus defines the observed state of ETCD Certificate for API server. + properties: + apiServer: + description: APIServerCertificatesStatus defines the observed state of ETCD Certificate for API server. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + ca: + description: ETCDCertificateStatus defines the observed state of ETCD Certificate for API server. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + type: object + frontProxyCA: + description: CertificatePrivateKeyPairStatus defines the status. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + frontProxyClient: + description: CertificatePrivateKeyPairStatus defines the status. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + sa: + description: PublicKeyPrivateKeyPairStatus defines the status. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + type: object + controlPlaneEndpoint: + description: ControlPlaneEndpoint contains the status of the kubernetes control plane + type: string + kubeadmPhase: + description: KubeadmPhase contains the status of the kubeadm phases action + properties: + bootstrapToken: + description: KubeadmPhaseStatus contains the status of a kubeadm phase action. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + type: object + required: + - bootstrapToken + type: object + kubeadmconfig: + description: KubeadmConfig contains the status of the configuration required by kubeadm + properties: + checksum: + description: Checksum of the kubeadm configuration to detect changes + type: string + configmapName: + type: string + lastUpdate: + format: date-time + type: string + type: object + kubeconfig: + description: KubeConfig contains information about the kubenconfigs that control plane pieces need + properties: + admin: + description: KubeconfigStatus contains information about the generated kubeconfig. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + controllerManager: + description: KubeconfigStatus contains information about the generated kubeconfig. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + scheduler: + description: KubeconfigStatus contains information about the generated kubeconfig. + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + type: object + kubernetesResources: + description: Kubernetes contains information about the reconciliation of the required Kubernetes resources deployed in the admin cluster + properties: + deployment: + description: KubernetesDeploymentStatus defines the status for the Tenant Control Plane Deployment in the management cluster. + properties: + availableReplicas: + description: Total number of available pods (ready for at least minReadySeconds) targeted by this deployment. + format: int32 + type: integer + collisionCount: + description: Count of hash collisions for the Deployment. The Deployment controller uses this field as a collision avoidance mechanism when it needs to create the name for the newest ReplicaSet. + format: int32 + type: integer + conditions: + description: Represents the latest available observations of a deployment's current state. + items: + description: DeploymentCondition describes the state of a deployment at a certain point. + properties: + lastTransitionTime: + description: Last time the condition transitioned from one status to another. + format: date-time + type: string + lastUpdateTime: + description: The last time this condition was updated. + format: date-time + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of deployment condition. + type: string + required: + - status + - type + type: object + type: array + lastUpdate: + description: Last time when deployment was updated + format: date-time + type: string + name: + description: The name of the Deployment for the given cluster. + type: string + namespace: + description: The namespace which the Deployment for the given cluster is deployed. + type: string + observedGeneration: + description: The generation observed by the deployment controller. + format: int64 + type: integer + readyReplicas: + description: readyReplicas is the number of pods targeted by this Deployment with a Ready Condition. + format: int32 + type: integer + replicas: + description: Total number of non-terminated pods targeted by this deployment (their labels match the selector). + format: int32 + type: integer + selector: + description: Selector is the label selector used to group the Tenant Control Plane Pods used by the scale subresource. + type: string + unavailableReplicas: + description: Total number of unavailable pods targeted by this deployment. This is the total number of pods that are still required for the deployment to have 100% available capacity. They may either be pods that are running but not yet available or pods that still have not been created. + format: int32 + type: integer + updatedReplicas: + description: Total number of non-terminated pods targeted by this deployment that have the desired template spec. + format: int32 + type: integer + required: + - name + - namespace + - selector + type: object + ingress: + description: KubernetesIngressStatus defines the status for the Tenant Control Plane Ingress in the management cluster. + properties: + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer. + properties: + ingress: + description: Ingress is a list containing ingress points for the load-balancer. + items: + description: IngressLoadBalancerIngress represents the status of a load-balancer ingress point. + properties: + hostname: + description: Hostname is set for load-balancer ingress points that are DNS based. + type: string + ip: + description: IP is set for load-balancer ingress points that are IP based. + type: string + ports: + description: Ports provides information about the ports exposed by this LoadBalancer. + items: + description: IngressPortStatus represents the error condition of a service port + properties: + error: + description: 'Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the ingress port. + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the ingress port. The supported values are: "TCP", "UDP", "SCTP"' + type: string + required: + - port + - protocol + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + name: + description: The name of the Ingress for the given cluster. + type: string + namespace: + description: The namespace which the Ingress for the given cluster is deployed. + type: string + required: + - name + - namespace + type: object + service: + description: KubernetesServiceStatus defines the status for the Tenant Control Plane Service in the management cluster. + properties: + conditions: + description: Current service state + items: + description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: - "True" - "False" - Unknown - type: string - type: - description: type of condition in CamelCase or in - foo.example.com/CamelCase. --- Many .condition.type - values are consistent across resources like Available, - but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to - deconflict is important. The regex it matches - is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: - lastTransitionTime - message - reason - status - type - type: object - type: array - x-kubernetes-list-map-keys: + type: object + type: array + x-kubernetes-list-map-keys: - type - x-kubernetes-list-type: map - loadBalancer: - description: LoadBalancer contains the current status - of the load-balancer, if one is present. - properties: - ingress: - description: Ingress is a list containing ingress - points for the load-balancer. Traffic intended for - the service should be sent to these ingress points. - items: - description: 'LoadBalancerIngress represents the - status of a load-balancer ingress point: traffic - intended for the service should be sent to an - ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer - ingress points that are DNS based (typically - AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress - points that are IP based (typically GCE or - OpenStack load-balancers) - type: string - ports: - description: Ports is a list of records of service - ports If used, every port defined in the service - should have an entry in it - items: - properties: - error: - description: 'Error is to record the problem - with the service port The format of - the error shall comply with the following - rules: - built-in error values shall - be specified in this file and those - shall use CamelCase names - cloud provider - specific error values must have names - that comply with the format foo.example.com/CamelCase. - --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of - the service port of which status is - recorded here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol - of the service port of which status - is recorded here The supported values - are: "TCP", "UDP", "SCTP"' - type: string - required: + x-kubernetes-list-type: map + loadBalancer: + description: LoadBalancer contains the current status of the load-balancer, if one is present. + properties: + ingress: + description: Ingress is a list containing ingress points for the load-balancer. Traffic intended for the service should be sent to these ingress points. + items: + description: 'LoadBalancerIngress represents the status of a load-balancer ingress point: traffic intended for the service should be sent to an ingress point.' + properties: + hostname: + description: Hostname is set for load-balancer ingress points that are DNS based (typically AWS load-balancers) + type: string + ip: + description: IP is set for load-balancer ingress points that are IP based (typically GCE or OpenStack load-balancers) + type: string + ports: + description: Ports is a list of records of service ports If used, every port defined in the service should have an entry in it + items: + properties: + error: + description: 'Error is to record the problem with the service port The format of the error shall comply with the following rules: - built-in error values shall be specified in this file and those shall use CamelCase names - cloud provider specific error values must have names that comply with the format foo.example.com/CamelCase. --- The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + port: + description: Port is the port number of the service port of which status is recorded here + format: int32 + type: integer + protocol: + default: TCP + description: 'Protocol is the protocol of the service port of which status is recorded here The supported values are: "TCP", "UDP", "SCTP"' + type: string + required: - port - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - name: - description: The name of the Service for the given cluster. - type: string - namespace: - description: The namespace which the Service for the given - cluster is deployed. - type: string - port: - description: The port where the service is running - format: int32 - type: integer - required: + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: array + type: object + name: + description: The name of the Service for the given cluster. + type: string + namespace: + description: The namespace which the Service for the given cluster is deployed. + type: string + port: + description: The port where the service is running + format: int32 + type: integer + required: - name - namespace - port - type: object - required: - - enabled - type: object - kubeProxy: - description: AddonStatus defines the observed state of an Addon. - properties: - checksum: - type: string - enabled: - type: boolean - lastUpdate: - format: date-time - type: string - required: - - enabled - type: object - type: object - certificates: - description: Certificates contains information about the different - certificates that are necessary to run a kubernetes control plane - properties: - apiServer: - description: CertificatePrivateKeyPairStatus defines the status. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - apiServerKubeletClient: - description: CertificatePrivateKeyPairStatus defines the status. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - ca: - description: CertificatePrivateKeyPairStatus defines the status. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - etcd: - description: ETCDCertificatesStatus defines the observed state - of ETCD Certificate for API server. - properties: - apiServer: - description: APIServerCertificatesStatus defines the observed - state of ETCD Certificate for API server. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - ca: - description: ETCDCertificateStatus defines the observed state - of ETCD Certificate for API server. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - type: object - frontProxyCA: - description: CertificatePrivateKeyPairStatus defines the status. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - frontProxyClient: - description: CertificatePrivateKeyPairStatus defines the status. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - sa: - description: PublicKeyPrivateKeyPairStatus defines the status. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - type: object - controlPlaneEndpoint: - description: ControlPlaneEndpoint contains the status of the kubernetes - control plane - type: string - kubeadmPhase: - description: KubeadmPhase contains the status of the kubeadm phases - action - properties: - bootstrapToken: - description: KubeadmPhaseStatus contains the status of a kubeadm - phase action. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - type: object - uploadConfigKubeadm: - description: KubeadmPhaseStatus contains the status of a kubeadm - phase action. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - type: object - uploadConfigKubelet: - description: KubeadmPhaseStatus contains the status of a kubeadm - phase action. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - type: object - required: - - bootstrapToken - - uploadConfigKubeadm - - uploadConfigKubelet - type: object - kubeadmconfig: - description: KubeadmConfig contains the status of the configuration - required by kubeadm - properties: - checksum: - description: Checksum of the kubeadm configuration to detect changes - type: string - configmapName: - type: string - lastUpdate: - format: date-time - type: string - type: object - kubeconfig: - description: KubeConfig contains information about the kubenconfigs - that control plane pieces need - properties: - admin: - description: KubeconfigStatus contains information about the generated - kubeconfig. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - controllerManager: - description: KubeconfigStatus contains information about the generated - kubeconfig. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - scheduler: - description: KubeconfigStatus contains information about the generated - kubeconfig. - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - type: object - kubernetesResources: - description: Kubernetes contains information about the reconciliation - of the required Kubernetes resources deployed in the admin cluster - properties: - deployment: - description: KubernetesDeploymentStatus defines the status for - the Tenant Control Plane Deployment in the management cluster. - properties: - availableReplicas: - description: Total number of available pods (ready for at - least minReadySeconds) targeted by this deployment. - format: int32 - type: integer - collisionCount: - description: Count of hash collisions for the Deployment. - The Deployment controller uses this field as a collision - avoidance mechanism when it needs to create the name for - the newest ReplicaSet. - format: int32 - type: integer - conditions: - description: Represents the latest available observations - of a deployment's current state. - items: - description: DeploymentCondition describes the state of - a deployment at a certain point. - properties: - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. - format: date-time - type: string - lastUpdateTime: - description: The last time this condition was updated. - format: date-time - type: string - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of deployment condition. - type: string - required: - - status - - type - type: object - type: array - lastUpdate: - description: Last time when deployment was updated - format: date-time - type: string - name: - description: The name of the Deployment for the given cluster. - type: string - namespace: - description: The namespace which the Deployment for the given - cluster is deployed. - type: string - observedGeneration: - description: The generation observed by the deployment controller. - format: int64 - type: integer - readyReplicas: - description: readyReplicas is the number of pods targeted - by this Deployment with a Ready Condition. - format: int32 - type: integer - replicas: - description: Total number of non-terminated pods targeted - by this deployment (their labels match the selector). - format: int32 - type: integer - selector: - description: Selector is the label selector used to group - the Tenant Control Plane Pods used by the scale subresource. - type: string - unavailableReplicas: - description: Total number of unavailable pods targeted by - this deployment. This is the total number of pods that are - still required for the deployment to have 100% available - capacity. They may either be pods that are running but not - yet available or pods that still have not been created. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted - by this deployment that have the desired template spec. - format: int32 - type: integer - required: - - name - - namespace - - selector - type: object - ingress: - description: KubernetesIngressStatus defines the status for the - Tenant Control Plane Ingress in the management cluster. - properties: - loadBalancer: - description: LoadBalancer contains the current status of the - load-balancer. - properties: - ingress: - description: Ingress is a list containing ingress points - for the load-balancer. Traffic intended for the service - should be sent to these ingress points. - items: - description: 'LoadBalancerIngress represents the status - of a load-balancer ingress point: traffic intended - for the service should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress - points that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress - points that are IP based (typically GCE or OpenStack - load-balancers) - type: string - ports: - description: Ports is a list of records of service - ports If used, every port defined in the service - should have an entry in it - items: - properties: - error: - description: 'Error is to record the problem - with the service port The format of the - error shall comply with the following rules: - - built-in error values shall be specified - in this file and those shall use CamelCase - names - cloud provider specific error values - must have names that comply with the format - foo.example.com/CamelCase. --- The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the - service port of which status is recorded - here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of - the service port of which status is recorded - here The supported values are: "TCP", "UDP", - "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - name: - description: The name of the Ingress for the given cluster. - type: string - namespace: - description: The namespace which the Ingress for the given - cluster is deployed. - type: string - required: - - name - - namespace - type: object - service: - description: KubernetesServiceStatus defines the status for the - Tenant Control Plane Service in the management cluster. - properties: - conditions: - description: Current service state - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" - patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the API - field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to - the current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value - should be a CamelCase string. This field may not be - empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - loadBalancer: - description: LoadBalancer contains the current status of the - load-balancer, if one is present. - properties: - ingress: - description: Ingress is a list containing ingress points - for the load-balancer. Traffic intended for the service - should be sent to these ingress points. - items: - description: 'LoadBalancerIngress represents the status - of a load-balancer ingress point: traffic intended - for the service should be sent to an ingress point.' - properties: - hostname: - description: Hostname is set for load-balancer ingress - points that are DNS based (typically AWS load-balancers) - type: string - ip: - description: IP is set for load-balancer ingress - points that are IP based (typically GCE or OpenStack - load-balancers) - type: string - ports: - description: Ports is a list of records of service - ports If used, every port defined in the service - should have an entry in it - items: - properties: - error: - description: 'Error is to record the problem - with the service port The format of the - error shall comply with the following rules: - - built-in error values shall be specified - in this file and those shall use CamelCase - names - cloud provider specific error values - must have names that comply with the format - foo.example.com/CamelCase. --- The regex - it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)' - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - port: - description: Port is the port number of the - service port of which status is recorded - here - format: int32 - type: integer - protocol: - default: TCP - description: 'Protocol is the protocol of - the service port of which status is recorded - here The supported values are: "TCP", "UDP", - "SCTP"' - type: string - required: - - port - - protocol - type: object - type: array - x-kubernetes-list-type: atomic - type: object - type: array - type: object - name: - description: The name of the Service for the given cluster. - type: string - namespace: - description: The namespace which the Service for the given - cluster is deployed. - type: string - port: - description: The port where the service is running - format: int32 - type: integer - required: - - name - - namespace - - port - type: object - version: - description: KubernetesVersion contains the information regarding - the running Kubernetes version, and its upgrade status. - properties: - status: - default: Provisioning - description: Status returns the current status of the Kubernetes - version, such as its provisioning state, or completed upgrade. - enum: - - Provisioning - - Upgrading - - Ready - - NotReady - type: string - version: - description: Version is the running Kubernetes version of - the Tenant Control Plane. - type: string - type: object - type: object - storage: - description: Storage Status contains information about Kubernetes - storage system - properties: - certificate: - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - secretName: - type: string - type: object - config: - properties: - checksum: - type: string - secretName: - type: string - type: object - dataStoreName: - type: string - driver: - type: string - setup: - properties: - checksum: - type: string - lastUpdate: - format: date-time - type: string - schema: - type: string - user: - type: string - type: object - type: object - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.kubernetesResources.deployment.selector - specReplicasPath: .spec.controlPlane.deployment.replicas - statusReplicasPath: .status.kubernetesResources.deployment.replicas - status: {} + type: object + version: + description: KubernetesVersion contains the information regarding the running Kubernetes version, and its upgrade status. + properties: + status: + default: Provisioning + description: Status returns the current status of the Kubernetes version, such as its provisioning state, or completed upgrade. + enum: + - Provisioning + - CertificateAuthorityRotating + - Upgrading + - Migrating + - Ready + - NotReady + type: string + version: + description: Version is the running Kubernetes version of the Tenant Control Plane. + type: string + type: object + type: object + storage: + description: Storage Status contains information about Kubernetes storage system + properties: + certificate: + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + secretName: + type: string + type: object + config: + properties: + checksum: + type: string + secretName: + type: string + type: object + dataStoreName: + type: string + driver: + type: string + setup: + properties: + checksum: + type: string + lastUpdate: + format: date-time + type: string + schema: + type: string + user: + type: string + type: object + type: object + type: object + type: object + served: true + storage: true + subresources: + scale: + labelSelectorPath: .status.kubernetesResources.deployment.selector + specReplicasPath: .spec.controlPlane.deployment.replicas + statusReplicasPath: .status.kubernetesResources.deployment.replicas + status: {} diff --git a/charts/clastix/kamaji/templates/_helpers.tpl b/charts/clastix/kamaji/templates/_helpers.tpl index fdcc4650d..a879ea6de 100644 --- a/charts/clastix/kamaji/templates/_helpers.tpl +++ b/charts/clastix/kamaji/templates/_helpers.tpl @@ -61,3 +61,31 @@ Create the name of the service account to use {{- default "default" .Values.serviceAccount.name }} {{- end }} {{- end }} + +{{/* +Create the name of the Service to user for webhooks +*/}} +{{- define "kamaji.webhookServiceName" -}} +{{- printf "%s-webhook-service" (include "kamaji.fullname" .) }} +{{- end }} + +{{/* +Create the name of the Service to user for metrics +*/}} +{{- define "kamaji.metricsServiceName" -}} +{{- printf "%s-metrics-service" (include "kamaji.fullname" .) }} +{{- end }} + +{{/* +Create the name of the cert-manager secret +*/}} +{{- define "kamaji.webhookSecretName" -}} +{{- printf "%s-webhook-server-cert" (include "kamaji.fullname" .) }} +{{- end }} + +{{/* +Create the name of the cert-manager Certificate +*/}} +{{- define "kamaji.certificateName" -}} +{{- printf "%s-serving-cert" (include "kamaji.fullname" .) }} +{{- end }} diff --git a/charts/clastix/kamaji/templates/certmanager_certificate.yaml b/charts/clastix/kamaji/templates/certmanager_certificate.yaml new file mode 100644 index 000000000..044815f64 --- /dev/null +++ b/charts/clastix/kamaji/templates/certmanager_certificate.yaml @@ -0,0 +1,16 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + labels: + {{- include "kamaji.labels" . | nindent 4 }} + app.kubernetes.io/component: certificate + name: {{ include "kamaji.certificateName" . }} + namespace: {{ .Release.Namespace }} +spec: + dnsNames: + - {{ include "kamaji.webhookServiceName" . }}.{{ .Release.Namespace }}.svc + - {{ include "kamaji.webhookServiceName" . }}.{{ .Release.Namespace }}.svc.cluster.local + issuerRef: + kind: Issuer + name: kamaji-selfsigned-issuer + secretName: {{ include "kamaji.webhookSecretName" . }} \ No newline at end of file diff --git a/charts/clastix/kamaji/templates/certmanager_issuer.yaml b/charts/clastix/kamaji/templates/certmanager_issuer.yaml new file mode 100644 index 000000000..dfd7c8892 --- /dev/null +++ b/charts/clastix/kamaji/templates/certmanager_issuer.yaml @@ -0,0 +1,10 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + labels: + {{- include "kamaji.labels" . | nindent 4 }} + app.kubernetes.io/component: issuer + name: kamaji-selfsigned-issuer + namespace: {{ .Release.Namespace }} +spec: + selfSigned: {} \ No newline at end of file diff --git a/charts/clastix/kamaji/templates/controller.yaml b/charts/clastix/kamaji/templates/controller.yaml index a7a783531..82ddd5cba 100644 --- a/charts/clastix/kamaji/templates/controller.yaml +++ b/charts/clastix/kamaji/templates/controller.yaml @@ -28,18 +28,7 @@ spec: serviceAccountName: {{ include "kamaji.serviceAccountName" . }} containers: - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - protocol: TCP - - args: - - --config-file={{ .Values.configPath }} + - manager - --health-probe-bind-address={{ .Values.healthProbeBindAddress }} - --leader-elect - --metrics-bind-address={{ .Values.metricsBindAddress }} @@ -52,7 +41,16 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} command: - - /manager + - /kamaji + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- with .Values.livenessProbe }} @@ -61,6 +59,12 @@ spec: {{- end }} name: manager ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 8080 + name: metrics + protocol: TCP - containerPort: 8081 name: healthcheck protocol: TCP @@ -72,7 +76,21 @@ spec: {{- toYaml .Values.resources | nindent 12 }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + volumeMounts: + - mountPath: /tmp + name: tmp + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true terminationGracePeriodSeconds: 10 + volumes: + - name: tmp + emptyDir: + medium: Memory + - name: cert + secret: + defaultMode: 420 + secretName: {{ include "kamaji.webhookSecretName" . }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/clastix/kamaji/templates/datastore.yaml b/charts/clastix/kamaji/templates/datastore.yaml index 954a26856..60a84ffe3 100644 --- a/charts/clastix/kamaji/templates/datastore.yaml +++ b/charts/clastix/kamaji/templates/datastore.yaml @@ -2,6 +2,8 @@ apiVersion: kamaji.clastix.io/v1alpha1 kind: DataStore metadata: name: {{ include "datastore.fullname" . }} + annotations: + "helm.sh/hook": pre-install labels: {{- include "datastore.labels" . | nindent 4 }} spec: @@ -10,7 +12,12 @@ spec: {{- include "datastore.endpoints" . | indent 4 }} {{- if (and .Values.datastore.basicAuth.usernameSecret.name .Values.datastore.basicAuth.passwordSecret.name) }} basicAuth: - {{- .Values.datastore.basicAuth | toYaml | nindent 4 }} + username: + secretReference: + {{- .Values.datastore.basicAuth.usernameSecret | toYaml | nindent 8 }} + password: + secretReference: + {{- .Values.datastore.basicAuth.passwordSecret | toYaml | nindent 8 }} {{- end }} tlsConfig: certificateAuthority: diff --git a/charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml b/charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml new file mode 100644 index 000000000..36c280a45 --- /dev/null +++ b/charts/clastix/kamaji/templates/mutatingwebhookconfiguration.yaml @@ -0,0 +1,50 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }} + labels: + {{- include "kamaji.labels" . | nindent 4 }} + app.kubernetes.io/instance: mutating-webhook-configuration + name: kamaji-mutating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kamaji.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /mutate-kamaji-clastix-io-v1alpha1-datastore + failurePolicy: Fail + name: mdatastore.kb.io + rules: + - apiGroups: + - kamaji.clastix.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - datastores + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kamaji.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /mutate-kamaji-clastix-io-v1alpha1-tenantcontrolplane + failurePolicy: Fail + name: mtenantcontrolplane.kb.io + rules: + - apiGroups: + - kamaji.clastix.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - tenantcontrolplanes + sideEffects: None \ No newline at end of file diff --git a/charts/clastix/kamaji/templates/rbac.yaml b/charts/clastix/kamaji/templates/rbac.yaml index b82dfef49..8fb939c37 100644 --- a/charts/clastix/kamaji/templates/rbac.yaml +++ b/charts/clastix/kamaji/templates/rbac.yaml @@ -66,6 +66,16 @@ rules: - patch - update - watch +- apiGroups: + - batch + resources: + - jobs + verbs: + - create + - delete + - get + - list + - watch - apiGroups: - "" resources: @@ -114,12 +124,6 @@ rules: - patch - update - watch -- apiGroups: - - kamaji.clastix.io - resources: - - datastores/finalizers - verbs: - - update - apiGroups: - kamaji.clastix.io resources: diff --git a/charts/clastix/kamaji/templates/service.yaml b/charts/clastix/kamaji/templates/service_metrics.yaml similarity index 55% rename from charts/clastix/kamaji/templates/service.yaml rename to charts/clastix/kamaji/templates/service_metrics.yaml index 2509a0d90..a19b4abf2 100644 --- a/charts/clastix/kamaji/templates/service.yaml +++ b/charts/clastix/kamaji/templates/service_metrics.yaml @@ -1,16 +1,16 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "kamaji.fullname" . }} labels: {{- include "kamaji.labels" . | nindent 4 }} + app.kubernetes.io/component: metrics + name: {{ include "kamaji.metricsServiceName" . }} namespace: {{ .Release.Namespace }} spec: - type: {{ .Values.service.type }} ports: - - name: https - port: {{ .Values.service.port }} - protocol: TCP - targetPort: https + - port: 8080 + name: metrics + protocol: TCP + targetPort: metrics selector: {{- include "kamaji.selectorLabels" . | nindent 4 }} diff --git a/charts/clastix/kamaji/templates/service_webhook.yaml b/charts/clastix/kamaji/templates/service_webhook.yaml new file mode 100644 index 000000000..593f43037 --- /dev/null +++ b/charts/clastix/kamaji/templates/service_webhook.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + {{- include "kamaji.labels" . | nindent 4 }} + app.kubernetes.io/component: webhook + app.kubernetes.io/instance: webhook-service + name: {{ include "kamaji.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} +spec: + ports: + - port: 443 + protocol: TCP + name: webhook-server + targetPort: webhook-server + selector: + {{- include "kamaji.selectorLabels" . | nindent 4 }} diff --git a/charts/clastix/kamaji/templates/servicemonitor.yaml b/charts/clastix/kamaji/templates/servicemonitor.yaml new file mode 100644 index 000000000..73f5a6fd3 --- /dev/null +++ b/charts/clastix/kamaji/templates/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and (.Capabilities.APIVersions.Has "monitoring.coreos.com/v1") .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + {{- include "kamaji.labels" . | nindent 4 }} + app.kubernetes.io/component: servicemonitor + name: {{ include "kamaji.fullname" . }} + namespace: {{ .Release.Namespace }} +spec: + endpoints: + - path: /metrics + port: metrics + scheme: http + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "kamaji.name" . }} +{{- end }} diff --git a/charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml b/charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..06977892d --- /dev/null +++ b/charts/clastix/kamaji/templates/validatingwebhookconfiguration.yaml @@ -0,0 +1,70 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/{{ include "kamaji.certificateName" . }} + labels: + {{- include "kamaji.labels" . | nindent 4 }} + app.kubernetes.io/instance: validating-webhook-configuration + name: kamaji-validating-webhook-configuration +webhooks: + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kamaji.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate--v1-secret + failurePolicy: Ignore + name: vdatastoresecrets.kb.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - DELETE + resources: + - secrets + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kamaji.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate-kamaji-clastix-io-v1alpha1-datastore + failurePolicy: Fail + name: vdatastore.kb.io + rules: + - apiGroups: + - kamaji.clastix.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + - DELETE + resources: + - datastores + sideEffects: None + - admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ include "kamaji.webhookServiceName" . }} + namespace: {{ .Release.Namespace }} + path: /validate-kamaji-clastix-io-v1alpha1-tenantcontrolplane + failurePolicy: Fail + name: vtenantcontrolplane.kb.io + rules: + - apiGroups: + - kamaji.clastix.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - tenantcontrolplanes + sideEffects: None \ No newline at end of file diff --git a/charts/clastix/kamaji/values.yaml b/charts/clastix/kamaji/values.yaml index a80e3f4af..46a1876ed 100644 --- a/charts/clastix/kamaji/values.yaml +++ b/charts/clastix/kamaji/values.yaml @@ -15,8 +15,10 @@ image: # -- A list of extra arguments to add to the kamaji controller default ones extraArgs: [] -# -- Configuration file path alternative. (default "./kamaji.yaml") -configPath: "./kamaji.yaml" + +serviceMonitor: + # -- Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured + enabled: false etcd: # -- Install an etcd with enabled multi-tenancy along with Kamaji @@ -31,7 +33,7 @@ etcd: # -- Install specific etcd image image: repository: quay.io/coreos/etcd - tag: "v3.5.4" + tag: "v3.5.6" pullPolicy: IfNotPresent # -- The livenessProbe for the etcd container @@ -127,10 +129,6 @@ securityContext: # runAsNonRoot: true # runAsUser: 1000 -service: - type: ClusterIP - port: 8443 - resources: limits: cpu: 200m diff --git a/charts/crate/crate-operator/Chart.lock b/charts/crate/crate-operator/Chart.lock index caec122c6..59c636bad 100644 --- a/charts/crate/crate-operator/Chart.lock +++ b/charts/crate/crate-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: crate-operator-crds repository: file://../crate-operator-crds - version: 2.20.0 -digest: sha256:204873fcb33f361a558b333f431174c3b9bfcf6ea266c1f022cf5d11f24c66de -generated: "2022-12-15T15:11:32.447020049Z" + version: 2.22.0 +digest: sha256:ea59e13300da29acfb32097bfb382649618e7bf503248896fc5c9a66846ee36a +generated: "2023-01-31T14:30:10.49197227Z" diff --git a/charts/crate/crate-operator/Chart.yaml b/charts/crate/crate-operator/Chart.yaml index 41ce8f8a5..4d8ee0ecf 100644 --- a/charts/crate/crate-operator/Chart.yaml +++ b/charts/crate/crate-operator/Chart.yaml @@ -3,16 +3,16 @@ annotations: catalog.cattle.io/display-name: CrateDB Operator catalog.cattle.io/release-name: crate-operator apiVersion: v2 -appVersion: 2.20.0 +appVersion: 2.22.0 dependencies: - condition: crate-operator-crds.enabled name: crate-operator-crds repository: file://./charts/crate-operator-crds - version: 2.20.0 + version: 2.22.0 description: Crate Operator - Helm chart for installing and upgrading Crate Operator. icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg maintainers: - name: Crate.io name: crate-operator type: application -version: 2.20.0 +version: 2.22.0 diff --git a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml index 7d9e0268a..a33d3041a 100644 --- a/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml +++ b/charts/crate/crate-operator/charts/crate-operator-crds/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: 2.20.0 +appVersion: 2.22.0 description: Crate Operator CRDs - Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for the Crate Operator. maintainers: - name: Crate.io name: crate-operator-crds type: application -version: 2.20.0 +version: 2.22.0 diff --git a/charts/datadog/datadog/CHANGELOG.md b/charts/datadog/datadog/CHANGELOG.md index 91ec663f8..88f63f56b 100644 --- a/charts/datadog/datadog/CHANGELOG.md +++ b/charts/datadog/datadog/CHANGELOG.md @@ -1,5 +1,22 @@ # Datadog changelog +## 3.10.6 + +* Includes the imagePullPolicy key for the seccomp-setup container template + +## 3.10.5 + +* Only expose the shared volume for the auth-token in non autopilot environments. + +## 3.10.4 + +* Fix documentation for `agents.containers.traceAgent.env` and `agents.containers.securityAgent.env` + +## 3.10.3 + +* Fix default `hostPid` value set to true on Windows. +* Fix auth token path value on Windows. + ## 3.10.1 * Fix: add missing `DAC_READ_SEARCH` capability in agent PSP and SCC (openshift) diff --git a/charts/datadog/datadog/Chart.yaml b/charts/datadog/datadog/Chart.yaml index 47132ee87..0e334895e 100644 --- a/charts/datadog/datadog/Chart.yaml +++ b/charts/datadog/datadog/Chart.yaml @@ -19,4 +19,4 @@ name: datadog sources: - https://app.datadoghq.com/account/settings#agent/kubernetes - https://github.com/DataDog/datadog-agent -version: 3.10.1 +version: 3.10.6 diff --git a/charts/datadog/datadog/README.md b/charts/datadog/datadog/README.md index 22cd8ce05..5f4dd823e 100644 --- a/charts/datadog/datadog/README.md +++ b/charts/datadog/datadog/README.md @@ -1,6 +1,6 @@ # Datadog -![Version: 3.10.1](https://img.shields.io/badge/Version-3.10.1-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) +![Version: 3.10.6](https://img.shields.io/badge/Version-3.10.6-informational?style=flat-square) ![AppVersion: 7](https://img.shields.io/badge/AppVersion-7-informational?style=flat-square) [Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). @@ -153,7 +153,7 @@ See [0.18.1's README](https://github.com/helm/charts/blob/847f737479bb78d89f8fb6 To uninstall/delete the `` deployment: ```bash -helm delete --purge +helm uninstall ``` The command removes all the Kubernetes components associated with the chart and deletes the release. @@ -415,7 +415,7 @@ helm install \ | agents.containers.processAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | | agents.containers.processAgent.resources | object | `{}` | Resource requests and limits for the process-agent container | | agents.containers.processAgent.securityContext | object | `{}` | Allows you to overwrite the default container SecurityContext for the process-agent container. | -| agents.containers.securityAgent.env | string | `nil` | Additional environment variables for the security-agent container | +| agents.containers.securityAgent.env | list | `[]` | Additional environment variables for the security-agent container | | agents.containers.securityAgent.envFrom | list | `[]` | Set environment variables specific to security-agent from configMaps and/or secrets | | agents.containers.securityAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off. If not set, fall back to the value of datadog.logLevel. | | agents.containers.securityAgent.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | @@ -426,7 +426,7 @@ helm install \ | agents.containers.systemProbe.ports | list | `[]` | Allows to specify extra ports (hostPorts for instance) for this container | | agents.containers.systemProbe.resources | object | `{}` | Resource requests and limits for the system-probe container | | agents.containers.systemProbe.securityContext | object | `{"capabilities":{"add":["SYS_ADMIN","SYS_RESOURCE","SYS_PTRACE","NET_ADMIN","NET_BROADCAST","NET_RAW","IPC_LOCK","CHOWN","DAC_READ_SEARCH"]},"privileged":false}` | Allows you to overwrite the default container SecurityContext for the system-probe container. | -| agents.containers.traceAgent.env | string | `nil` | Additional environment variables for the trace-agent container | +| agents.containers.traceAgent.env | list | `[]` | Additional environment variables for the trace-agent container | | agents.containers.traceAgent.envFrom | list | `[]` | Set environment variables specific to trace-agent from configMaps and/or secrets | | agents.containers.traceAgent.livenessProbe | object | Every 15s | Override default agent liveness probe settings | | agents.containers.traceAgent.logLevel | string | `nil` | Set logging verbosity, valid log levels are: trace, debug, info, warn, error, critical, and off | diff --git a/charts/datadog/datadog/README.md.gotmpl b/charts/datadog/datadog/README.md.gotmpl index dc7c219b4..a9f20b2ba 100644 --- a/charts/datadog/datadog/README.md.gotmpl +++ b/charts/datadog/datadog/README.md.gotmpl @@ -148,7 +148,7 @@ See [0.18.1's README](https://github.com/helm/charts/blob/847f737479bb78d89f8fb6 To uninstall/delete the `` deployment: ```bash -helm delete --purge +helm uninstall ``` The command removes all the Kubernetes components associated with the chart and deletes the release. diff --git a/charts/datadog/datadog/templates/_container-agent.yaml b/charts/datadog/datadog/templates/_container-agent.yaml index 6193e2432..22340f446 100644 --- a/charts/datadog/datadog/templates/_container-agent.yaml +++ b/charts/datadog/datadog/templates/_container-agent.yaml @@ -154,8 +154,6 @@ subPath: install_info mountPath: /etc/datadog-agent/install_info readOnly: true - - name: auth-token - mountPath: /etc/datadog-agent/auth - name: logdatadog mountPath: /var/log/datadog - name: tmpdir @@ -165,6 +163,11 @@ {{- end }} - name: config mountPath: {{ template "datadog.confPath" . }} + {{- if (not .Values.providers.gke.autopilot) }} + - name: auth-token + mountPath: {{ template "datadog.confPath" . }}/auth + readOnly: false + {{- end }} {{- include "container-crisocket-volumemounts" . | nindent 4 }} {{- include "container-cloudinit-volumemounts" . | nindent 4 }} {{- if .Values.agents.useConfigMap }} diff --git a/charts/datadog/datadog/templates/_container-process-agent.yaml b/charts/datadog/datadog/templates/_container-process-agent.yaml index 800885cdd..0c30367fd 100644 --- a/charts/datadog/datadog/templates/_container-process-agent.yaml +++ b/charts/datadog/datadog/templates/_container-process-agent.yaml @@ -56,9 +56,11 @@ - name: config mountPath: {{ template "datadog.confPath" . }} {{- if eq .Values.targetSystem "linux" }} + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token - mountPath: /etc/datadog-agent/auth + mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} - name: logdatadog mountPath: /var/log/datadog - name: tmpdir diff --git a/charts/datadog/datadog/templates/_container-security-agent.yaml b/charts/datadog/datadog/templates/_container-security-agent.yaml index 63d7c98cd..c538cec3f 100644 --- a/charts/datadog/datadog/templates/_container-security-agent.yaml +++ b/charts/datadog/datadog/templates/_container-security-agent.yaml @@ -52,10 +52,12 @@ volumeMounts: - name: config mountPath: {{ template "datadog.confPath" . }} - {{- if eq .Values.targetSystem "linux" }} + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token - mountPath: /etc/datadog-agent/auth + mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true + {{- end }} + {{- if eq .Values.targetSystem "linux" }} - name: logdatadog mountPath: /var/log/datadog - name: tmpdir diff --git a/charts/datadog/datadog/templates/_container-system-probe.yaml b/charts/datadog/datadog/templates/_container-system-probe.yaml index e0ff591b3..2151414b3 100644 --- a/charts/datadog/datadog/templates/_container-system-probe.yaml +++ b/charts/datadog/datadog/templates/_container-system-probe.yaml @@ -30,7 +30,7 @@ {{ toYaml .Values.agents.containers.systemProbe.resources | indent 4 }} volumeMounts: - name: auth-token - mountPath: /etc/datadog-agent/auth + mountPath: {{ template "datadog.confPath" . }}/auth readOnly: true - name: logdatadog mountPath: /var/log/datadog diff --git a/charts/datadog/datadog/templates/_container-trace-agent.yaml b/charts/datadog/datadog/templates/_container-trace-agent.yaml index 98e8c6359..1a88d4f31 100644 --- a/charts/datadog/datadog/templates/_container-trace-agent.yaml +++ b/charts/datadog/datadog/templates/_container-trace-agent.yaml @@ -53,6 +53,11 @@ volumeMounts: - name: config mountPath: {{ template "datadog.confPath" . }} + {{- if (not .Values.providers.gke.autopilot) }} + - name: auth-token + mountPath: {{ template "datadog.confPath" . }}/auth + readOnly: true + {{- end }} {{- if .Values.agents.useConfigMap }} - name: datadog-yaml mountPath: {{ template "datadog.confPath" . }}/datadog.yaml @@ -69,9 +74,6 @@ mountPropagation: {{ .Values.datadog.hostVolumeMountPropagation }} readOnly: true {{- end }} - - name: auth-token - mountPath: /etc/datadog-agent/auth - readOnly: true - name: logdatadog mountPath: /var/log/datadog - name: tmpdir diff --git a/charts/datadog/datadog/templates/_containers-common-env.yaml b/charts/datadog/datadog/templates/_containers-common-env.yaml index 47a599d6b..b0dc966de 100644 --- a/charts/datadog/datadog/templates/_containers-common-env.yaml +++ b/charts/datadog/datadog/templates/_containers-common-env.yaml @@ -9,8 +9,10 @@ secretKeyRef: name: {{ template "datadog.apiSecretName" . }} key: api-key +{{- if (not .Values.providers.gke.autopilot) }} - name: DD_AUTH_TOKEN_FILE_PATH - value: /etc/datadog-agent/auth/token + value: {{ template "datadog.confPath" . }}/auth/token +{{- end }} {{ include "components-common-env" . }} {{- if .Values.datadog.kubelet.host }} - name: DD_KUBERNETES_KUBELET_HOST diff --git a/charts/datadog/datadog/templates/_helpers.tpl b/charts/datadog/datadog/templates/_helpers.tpl index a03bba937..b9be8459d 100644 --- a/charts/datadog/datadog/templates/_helpers.tpl +++ b/charts/datadog/datadog/templates/_helpers.tpl @@ -342,7 +342,9 @@ false Return true if the hostPid features should be enabled for the Agent pod. */}} {{- define "should-enable-host-pid" -}} -{{- if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} +{{- if eq .Values.targetSystem "windows" -}} +false +{{- else if and (not .Values.providers.gke.autopilot) (or (eq (include "should-enable-compliance" .) "true") .Values.datadog.dogstatsd.useHostPID .Values.datadog.useHostPID) -}} true {{- else -}} false diff --git a/charts/datadog/datadog/templates/_system-probe-init.yaml b/charts/datadog/datadog/templates/_system-probe-init.yaml index 646a7243d..0ff999710 100644 --- a/charts/datadog/datadog/templates/_system-probe-init.yaml +++ b/charts/datadog/datadog/templates/_system-probe-init.yaml @@ -1,6 +1,7 @@ {{- define "system-probe-init" -}} - name: seccomp-setup image: "{{ include "image-path" (dict "root" .Values "image" .Values.agents.image) }}" + imagePullPolicy: {{ .Values.agents.image.pullPolicy }} command: - cp - /etc/config/system-probe-seccomp.json diff --git a/charts/datadog/datadog/templates/daemonset.yaml b/charts/datadog/datadog/templates/daemonset.yaml index 462e4a32f..219adf002 100644 --- a/charts/datadog/datadog/templates/daemonset.yaml +++ b/charts/datadog/datadog/templates/daemonset.yaml @@ -132,8 +132,10 @@ spec: {{ include "system-probe-init" . | nindent 6 }} {{- end }} volumes: + {{- if (not .Values.providers.gke.autopilot) }} - name: auth-token emptyDir: {} + {{- end }} - name: installinfo configMap: name: {{ include "agents-install-info-configmap-name" . }} diff --git a/charts/datadog/datadog/values.yaml b/charts/datadog/datadog/values.yaml index 07ca4d05a..1df3096bd 100644 --- a/charts/datadog/datadog/values.yaml +++ b/charts/datadog/datadog/values.yaml @@ -1313,7 +1313,7 @@ agents: traceAgent: # agents.containers.traceAgent.env -- Additional environment variables for the trace-agent container - env: + env: [] # agents.containers.traceAgent.envFrom -- Set environment variables specific to trace-agent from configMaps and/or secrets envFrom: [] @@ -1384,7 +1384,7 @@ agents: securityAgent: # agents.containers.securityAgent.env -- Additional environment variables for the security-agent container - env: + env: [] # agents.containers.securityAgent.envFrom -- Set environment variables specific to security-agent from configMaps and/or secrets envFrom: [] diff --git a/charts/digitalis/vals-operator/Chart.yaml b/charts/digitalis/vals-operator/Chart.yaml index 56b84f306..26347d0a0 100644 --- a/charts/digitalis/vals-operator/Chart.yaml +++ b/charts/digitalis/vals-operator/Chart.yaml @@ -14,4 +14,4 @@ maintainers: name: Digitalis.IO name: vals-operator type: application -version: 0.7.1 +version: 0.7.0 diff --git a/charts/gitlab/gitlab/CHANGELOG.md b/charts/gitlab/gitlab/CHANGELOG.md index 18e345ae3..ceffda4bc 100644 --- a/charts/gitlab/gitlab/CHANGELOG.md +++ b/charts/gitlab/gitlab/CHANGELOG.md @@ -2,6 +2,10 @@ documentation](doc/development/changelog.md) for instructions on adding your own entry. +## 6.8.1 (2023-01-30) + +No changes. + ## 6.8.0 (2023-01-20) ### Added (4 changes) diff --git a/charts/gitlab/gitlab/Chart.yaml b/charts/gitlab/gitlab/Chart.yaml index c0207dd0f..e378aa304 100644 --- a/charts/gitlab/gitlab/Chart.yaml +++ b/charts/gitlab/gitlab/Chart.yaml @@ -3,7 +3,7 @@ annotations: catalog.cattle.io/display-name: GitLab catalog.cattle.io/release-name: gitlab apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: The One DevOps Platform home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png @@ -15,4 +15,4 @@ maintainers: name: gitlab sources: - https://gitlab.com/gitlab-org/charts/gitlab -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml index 4d12be815..45a2e9a68 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/geo-logcursor/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: GitLab Geo logcursor home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: geo-logcursor sources: - https://gitlab.com/charts/gitlab/tree/master/charts/gitlab/charts/geo-logcursor - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml index 01c4160fe..0409d89dd 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitaly/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: Git RPC service for handling all the git calls made by GitLab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitaly sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitaly - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml index 8201d3f34..b9b05f2ff 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-exporter/Chart.yaml @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-exporter - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-exporter - https://gitlab.com/gitlab-org/gitlab-exporter -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml index f0bfe6f7b..0ac621b2d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-grafana/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: Adapt the Grafana chart to interface to the GitLab App home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: gitlab-grafana sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-grafana - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-grafana -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml index 1022812dc..47cb17dc7 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-pages/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: Daemon for serving static websites from GitLab projects home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-pages - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-pages - https://gitlab.com/gitlab-org/gitlab-pages -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml index 9119fd2eb..56f6b494d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/gitlab-shell/Chart.yaml @@ -14,4 +14,4 @@ name: gitlab-shell sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-shell - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-shell -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml index 8996fadeb..8fe68eb86 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/kas/Chart.yaml @@ -17,4 +17,4 @@ name: kas sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/gitlab-kas - https://gitlab.com/gitlab-org/cluster-integration/gitlab-agent -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml index 92fd174af..b7cc6d800 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/mailroom/Chart.yaml @@ -13,4 +13,4 @@ name: mailroom sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/mailroom - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-mailroom -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml index fe1ca3d6c..b879453d9 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/migrations/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: Database migrations and other versioning tasks for upgrading Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -12,4 +12,4 @@ name: migrations sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/migrations - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-rails -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml index 025ffe32d..e7f16f78c 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/praefect/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: Praefect is a router and transaction manager for Gitaly, and a required component for running a Gitaly Cluster. home: https://about.gitlab.com/ @@ -16,4 +16,4 @@ sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/praefect - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitaly - https://gitlab.com/gitlab-org/gitaly/-/tree/master/cmd/praefect -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml index 9fe1f9a3d..b881de0c8 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/sidekiq/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: Gitlab Sidekiq for asynchronous task processing in rails home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: sidekiq sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/sidekiq - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-sidekiq -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml index 9085ef4ee..95a42323f 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/spamcheck/Chart.yaml @@ -14,4 +14,4 @@ name: spamcheck sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/spamcheck - https://gitlab.com/gitlab-org/spamcheck -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml index 4280919ad..3faf4e51d 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/toolbox/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: For manually running rake tasks through kubectl home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -13,4 +13,4 @@ name: toolbox sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/toolbox - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-toolbox -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml index 817a85b99..d7d95569b 100644 --- a/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml +++ b/charts/gitlab/gitlab/charts/gitlab/charts/webservice/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 15.8.0 +appVersion: 15.8.1 description: HTTP server for Gitlab home: https://about.gitlab.com/ icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.svg @@ -14,4 +14,4 @@ name: webservice sources: - https://gitlab.com/gitlab-org/charts/gitlab/tree/master/charts/gitlab/charts/webservice - https://gitlab.com/gitlab-org/build/CNG/tree/master/gitlab-webservice -version: 6.8.0 +version: 6.8.1 diff --git a/charts/gitlab/gitlab/requirements.lock b/charts/gitlab/gitlab/requirements.lock index aa6e51848..19440d32e 100644 --- a/charts/gitlab/gitlab/requirements.lock +++ b/charts/gitlab/gitlab/requirements.lock @@ -33,4 +33,4 @@ dependencies: repository: "" version: '*.*.*' digest: sha256:c875719651c62cf5fd5d202fc90cb3519c6268e4fe37d68eddf247da2c7c317f -generated: "2023-01-22T13:24:31.4249885Z" +generated: "2023-01-31T12:08:44.946412334Z" diff --git a/charts/haproxy/haproxy/Chart.yaml b/charts/haproxy/haproxy/Chart.yaml index 85a596b51..1cee806ed 100644 --- a/charts/haproxy/haproxy/Chart.yaml +++ b/charts/haproxy/haproxy/Chart.yaml @@ -1,12 +1,12 @@ annotations: artifacthub.io/changes: | - - Additional internal-only service for metrics scraping + - Use Ingress Controller 1.9.1 version for base image catalog.cattle.io/certified: partner catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller catalog.cattle.io/kube-version: '>=1.19.0-0' catalog.cattle.io/release-name: haproxy apiVersion: v2 -appVersion: 1.9.0 +appVersion: 1.9.1 description: A Helm chart for HAProxy Kubernetes Ingress Controller home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png @@ -21,4 +21,4 @@ name: haproxy sources: - https://github.com/haproxytech/kubernetes-ingress type: application -version: 1.27.0 +version: 1.27.1 diff --git a/charts/hashicorp/consul/Chart.yaml b/charts/hashicorp/consul/Chart.yaml index 505066e5f..d8552fc1c 100644 --- a/charts/hashicorp/consul/Chart.yaml +++ b/charts/hashicorp/consul/Chart.yaml @@ -1,11 +1,11 @@ annotations: artifacthub.io/images: | - name: consul - image: hashicorp/consul:1.14.2 + image: hashicorp/consul:1.14.4 - name: consul-k8s-control-plane - image: hashicorp/consul-k8s-control-plane:1.0.2 + image: hashicorp/consul-k8s-control-plane:1.0.3 - name: consul-dataplane - image: hashicorp/consul-dataplane:1.0.0 + image: hashicorp/consul-dataplane:1.0.1 - name: envoy image: envoyproxy/envoy:v1.23.1 artifacthub.io/license: MPL-2.0 @@ -25,7 +25,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21.0-0' catalog.cattle.io/release-name: consul apiVersion: v2 -appVersion: 1.14.2 +appVersion: 1.14.4 description: Official HashiCorp Consul Chart home: https://www.consul.io icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png @@ -34,4 +34,4 @@ name: consul sources: - https://github.com/hashicorp/consul - https://github.com/hashicorp/consul-k8s -version: 1.0.2 +version: 1.0.3 diff --git a/charts/hashicorp/consul/README.md b/charts/hashicorp/consul/README.md index 79b3fc4a6..e7d7fd928 100644 --- a/charts/hashicorp/consul/README.md +++ b/charts/hashicorp/consul/README.md @@ -42,7 +42,7 @@ by contacting us at [security@hashicorp.com](mailto:security@hashicorp.com). The following pre-requisites must be met before installing Consul on Kubernetes. - * **Kubernetes 1.22.x - 1.25.x** - This represents the earliest versions of Kubernetes tested. + * **Kubernetes 1.23.x - 1.26.x** - This represents the earliest versions of Kubernetes tested. It is possible that this chart works with earlier versions, but it is untested. * Helm install diff --git a/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml b/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml index c548b63e4..ec64bc363 100644 --- a/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml +++ b/charts/hashicorp/consul/templates/api-gateway-controller-deployment.yaml @@ -15,6 +15,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: api-gateway-controller + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.apiGateway.controller.replicas }} selector: @@ -46,6 +49,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: api-gateway-controller + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} spec: serviceAccountName: {{ template "consul.fullname" . }}-api-gateway-controller containers: diff --git a/charts/hashicorp/consul/templates/client-daemonset.yaml b/charts/hashicorp/consul/templates/client-daemonset.yaml index 59252301f..91af3821f 100644 --- a/charts/hashicorp/consul/templates/client-daemonset.yaml +++ b/charts/hashicorp/consul/templates/client-daemonset.yaml @@ -24,6 +24,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: client + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: {{- if .Values.client.updateStrategy }} updateStrategy: @@ -47,6 +50,9 @@ spec: {{- if .Values.client.extraLabels }} {{- toYaml .Values.client.extraLabels | nindent 8 }} {{- end }} + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: {{- if .Values.global.secretsBackend.vault.enabled }} "vault.hashicorp.com/agent-inject": "true" diff --git a/charts/hashicorp/consul/templates/cni-daemonset.yaml b/charts/hashicorp/consul/templates/cni-daemonset.yaml index e9a680733..ae04d9e65 100644 --- a/charts/hashicorp/consul/templates/cni-daemonset.yaml +++ b/charts/hashicorp/consul/templates/cni-daemonset.yaml @@ -11,6 +11,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: cni + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: {{- if .Values.connectInject.cni.updateStrategy }} updateStrategy: @@ -29,6 +32,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: cni + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: consul.hashicorp.com/connect-inject: "false" spec: diff --git a/charts/hashicorp/consul/templates/connect-inject-deployment.yaml b/charts/hashicorp/consul/templates/connect-inject-deployment.yaml index e6b467587..2b52c1b81 100644 --- a/charts/hashicorp/consul/templates/connect-inject-deployment.yaml +++ b/charts/hashicorp/consul/templates/connect-inject-deployment.yaml @@ -23,6 +23,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: connect-injector + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.connectInject.replicas }} selector: @@ -41,6 +44,9 @@ spec: {{- if .Values.connectInject.extraLabels }} {{- toYaml .Values.connectInject.extraLabels | nindent 8 }} {{- end }} + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" {{- if .Values.connectInject.annotations }} diff --git a/charts/hashicorp/consul/templates/create-federation-secret-job.yaml b/charts/hashicorp/consul/templates/create-federation-secret-job.yaml index 40b81957d..4f83a1f82 100644 --- a/charts/hashicorp/consul/templates/create-federation-secret-job.yaml +++ b/charts/hashicorp/consul/templates/create-federation-secret-job.yaml @@ -15,6 +15,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: create-federation-secret + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": post-install,post-upgrade {{- /* Hook weight needs to be 1 so that the service account is provisioned first */}} @@ -29,6 +32,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: create-federation-secret + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/charts/hashicorp/consul/templates/enterprise-license-job.yaml b/charts/hashicorp/consul/templates/enterprise-license-job.yaml index 02921db3b..012269010 100644 --- a/charts/hashicorp/consul/templates/enterprise-license-job.yaml +++ b/charts/hashicorp/consul/templates/enterprise-license-job.yaml @@ -15,6 +15,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: license + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "100" @@ -31,6 +34,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: license + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/charts/hashicorp/consul/templates/gossip-encryption-autogenerate-job.yaml b/charts/hashicorp/consul/templates/gossip-encryption-autogenerate-job.yaml index e1a6e4982..9d296478a 100644 --- a/charts/hashicorp/consul/templates/gossip-encryption-autogenerate-job.yaml +++ b/charts/hashicorp/consul/templates/gossip-encryption-autogenerate-job.yaml @@ -14,6 +14,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: gossip-encryption-autogenerate + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "1" @@ -27,6 +30,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: gossip-encryption-autogenerate + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/charts/hashicorp/consul/templates/ingress-gateways-deployment.yaml b/charts/hashicorp/consul/templates/ingress-gateways-deployment.yaml index 139055b81..4f7203185 100644 --- a/charts/hashicorp/consul/templates/ingress-gateways-deployment.yaml +++ b/charts/hashicorp/consul/templates/ingress-gateways-deployment.yaml @@ -46,6 +46,9 @@ metadata: release: {{ $root.Release.Name }} component: ingress-gateway ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} + {{- if $root.Values.global.extraLabels }} + {{- toYaml $root.Values.global.extraLabels | nindent 4 }} + {{- end }} spec: replicas: {{ default $defaults.replicas .replicas }} selector: @@ -66,6 +69,9 @@ spec: component: ingress-gateway ingress-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller + {{- if $root.Values.global.extraLabels }} + {{- toYaml $root.Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/gateway-kind": "ingress-gateway" diff --git a/charts/hashicorp/consul/templates/mesh-gateway-deployment.yaml b/charts/hashicorp/consul/templates/mesh-gateway-deployment.yaml index 0ba66dbde..2b2bdc8c2 100644 --- a/charts/hashicorp/consul/templates/mesh-gateway-deployment.yaml +++ b/charts/hashicorp/consul/templates/mesh-gateway-deployment.yaml @@ -19,6 +19,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: mesh-gateway + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.meshGateway.replicas }} selector: @@ -35,6 +38,9 @@ spec: release: {{ .Release.Name }} component: mesh-gateway consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/gateway-kind": "mesh-gateway" diff --git a/charts/hashicorp/consul/templates/partition-init-job.yaml b/charts/hashicorp/consul/templates/partition-init-job.yaml index 082c48447..db73ef783 100644 --- a/charts/hashicorp/consul/templates/partition-init-job.yaml +++ b/charts/hashicorp/consul/templates/partition-init-job.yaml @@ -15,6 +15,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: partition-init + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": pre-install "helm.sh/hook-weight": "2" @@ -28,6 +31,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: partition-init + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" {{- if (and .Values.global.secretsBackend.vault.enabled (or .Values.global.tls.enabled .Values.global.acls.manageSystemACLs)) }} diff --git a/charts/hashicorp/consul/templates/server-acl-init-cleanup-job.yaml b/charts/hashicorp/consul/templates/server-acl-init-cleanup-job.yaml index 697427ab5..35b0877ab 100644 --- a/charts/hashicorp/consul/templates/server-acl-init-cleanup-job.yaml +++ b/charts/hashicorp/consul/templates/server-acl-init-cleanup-job.yaml @@ -23,6 +23,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: server-acl-init-cleanup + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": post-install,post-upgrade "helm.sh/hook-weight": "0" @@ -39,6 +42,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: server-acl-init-cleanup + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/charts/hashicorp/consul/templates/server-acl-init-job.yaml b/charts/hashicorp/consul/templates/server-acl-init-job.yaml index 88a16b047..440ab8bee 100644 --- a/charts/hashicorp/consul/templates/server-acl-init-job.yaml +++ b/charts/hashicorp/consul/templates/server-acl-init-job.yaml @@ -29,6 +29,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: server-acl-init + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: template: metadata: @@ -38,6 +41,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: server-acl-init + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" {{- if .Values.global.secretsBackend.vault.enabled }} diff --git a/charts/hashicorp/consul/templates/server-statefulset.yaml b/charts/hashicorp/consul/templates/server-statefulset.yaml index 23894c4a0..8b73306fd 100644 --- a/charts/hashicorp/consul/templates/server-statefulset.yaml +++ b/charts/hashicorp/consul/templates/server-statefulset.yaml @@ -31,6 +31,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: server + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: serviceName: {{ template "consul.fullname" . }}-server podManagementPolicy: Parallel @@ -59,6 +62,9 @@ spec: {{- if .Values.server.extraLabels }} {{- toYaml .Values.server.extraLabels | nindent 8 }} {{- end }} + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: {{- if .Values.global.secretsBackend.vault.enabled }} "vault.hashicorp.com/agent-inject": "true" diff --git a/charts/hashicorp/consul/templates/sync-catalog-deployment.yaml b/charts/hashicorp/consul/templates/sync-catalog-deployment.yaml index 26de14306..f2815d962 100644 --- a/charts/hashicorp/consul/templates/sync-catalog-deployment.yaml +++ b/charts/hashicorp/consul/templates/sync-catalog-deployment.yaml @@ -14,6 +14,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: sync-catalog + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: replicas: 1 selector: @@ -32,6 +35,9 @@ spec: {{- if .Values.syncCatalog.extraLabels }} {{- toYaml .Values.syncCatalog.extraLabels | nindent 8 }} {{- end }} + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" {{- if .Values.syncCatalog.annotations }} diff --git a/charts/hashicorp/consul/templates/terminating-gateways-deployment.yaml b/charts/hashicorp/consul/templates/terminating-gateways-deployment.yaml index 3efa78952..2f2cb9a92 100644 --- a/charts/hashicorp/consul/templates/terminating-gateways-deployment.yaml +++ b/charts/hashicorp/consul/templates/terminating-gateways-deployment.yaml @@ -48,6 +48,9 @@ metadata: release: {{ $root.Release.Name }} component: terminating-gateway terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} + {{- if $root.Values.global.extraLabels }} + {{- toYaml $root.Values.global.extraLabels | nindent 4 }} + {{- end }} spec: replicas: {{ default $defaults.replicas .replicas }} selector: @@ -68,6 +71,9 @@ spec: component: terminating-gateway terminating-gateway-name: {{ template "consul.fullname" $root }}-{{ .name }} consul.hashicorp.com/connect-inject-managed-by: consul-k8s-endpoints-controller + {{- if $root.Values.global.extraLabels }} + {{- toYaml $root.Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/gateway-kind": "terminating-gateway" diff --git a/charts/hashicorp/consul/templates/tls-init-cleanup-job.yaml b/charts/hashicorp/consul/templates/tls-init-cleanup-job.yaml index 9a8898cc1..ba29bb84a 100644 --- a/charts/hashicorp/consul/templates/tls-init-cleanup-job.yaml +++ b/charts/hashicorp/consul/templates/tls-init-cleanup-job.yaml @@ -13,6 +13,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: tls-init-cleanup + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded @@ -27,6 +30,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: tls-init-cleanup + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/charts/hashicorp/consul/templates/tls-init-job.yaml b/charts/hashicorp/consul/templates/tls-init-job.yaml index 47dd6462b..d002ae7a7 100644 --- a/charts/hashicorp/consul/templates/tls-init-job.yaml +++ b/charts/hashicorp/consul/templates/tls-init-job.yaml @@ -14,6 +14,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: tls-init + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} annotations: "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-weight": "1" @@ -27,6 +30,9 @@ spec: chart: {{ template "consul.chart" . }} release: {{ .Release.Name }} component: tls-init + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" spec: diff --git a/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml b/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml index 557cc0219..a2913dd92 100644 --- a/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml +++ b/charts/hashicorp/consul/templates/webhook-cert-manager-deployment.yaml @@ -11,6 +11,9 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: webhook-cert-manager + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 4 }} + {{- end }} spec: replicas: 1 selector: @@ -28,6 +31,9 @@ spec: heritage: {{ .Release.Service }} release: {{ .Release.Name }} component: webhook-cert-manager + {{- if .Values.global.extraLabels }} + {{- toYaml .Values.global.extraLabels | nindent 8 }} + {{- end }} annotations: "consul.hashicorp.com/connect-inject": "false" "consul.hashicorp.com/config-checksum": {{ include (print $.Template.BasePath "/webhook-cert-manager-configmap.yaml") . | sha256sum }} diff --git a/charts/hashicorp/consul/values.yaml b/charts/hashicorp/consul/values.yaml index 1d24ae005..6760d7afd 100644 --- a/charts/hashicorp/consul/values.yaml +++ b/charts/hashicorp/consul/values.yaml @@ -63,7 +63,7 @@ global: # image: "hashicorp/consul-enterprise:1.10.0-ent" # ``` # @default: hashicorp/consul: - image: "hashicorp/consul:1.14.2" + image: "hashicorp/consul:1.14.4" # Array of objects containing image pull secret names that will be applied to each service account. # This can be used to reference image pull secrets if using a custom consul or consul-k8s-control-plane Docker image. @@ -83,7 +83,7 @@ global: # image that is used for functionality such as catalog sync. # This can be overridden per component. # @default: hashicorp/consul-k8s-control-plane: - imageK8S: hashicorp/consul-k8s-control-plane:1.0.2 + imageK8S: hashicorp/consul-k8s-control-plane:1.0.3 # The name of the datacenter that the agents should # register as. This can't be changed once the Consul cluster is up and running @@ -261,7 +261,7 @@ global: secretName: null connectInject: - # Configuration to the Vault Secret that Kubernetes will use on + # Configuration to the Vault Secret that Kubernetes uses on # Kubernetes pod creation, deletion, and update, to get CA certificates # used issued from vault to send webhooks to the ConnectInject. caCert: @@ -270,7 +270,7 @@ global: # @type: string secretName: null - # Configuration to the Vault Secret that Kubernetes will use on + # Configuration to the Vault Secret that Kubernetes uses on # Kubernetes pod creation, deletion, and update, to get TLS certificates # used issued from vault to send webhooks to the ConnectInject. tlsCert: @@ -325,7 +325,7 @@ global: # If true, the Helm chart will enable TLS for Consul # servers and clients and all consul-k8s-control-plane components, as well as generate certificate # authority (optional) and server and client certificates. - # This setting is required for [Cluster Peering](/docs/connect/cluster-peering/k8s). + # This setting is required for [Cluster Peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s). enabled: false # If true, turns on the auto-encrypt feature on clients and servers. @@ -567,7 +567,7 @@ global: # The name (and tag) of the consul-dataplane Docker image used for the # connect-injected sidecar proxies and mesh, terminating, and ingress gateways. # @default: hashicorp/consul-dataplane: - imageConsulDataplane: "hashicorp/consul-dataplane:1.0.0" + imageConsulDataplane: "hashicorp/consul-dataplane:1.0.1" # Configuration for running this Helm chart on the Red Hat OpenShift platform. # This Helm chart currently supports OpenShift v4.x+. @@ -647,6 +647,19 @@ global: # @type: string secretKey: null + # Extra labels to attach to all pods, deployments, daemonsets, statefulsets, and jobs. This should be a YAML map. + # + # Example: + # + # ```yaml + # extraLabels: + # labelKey: label-value + # anotherLabelKey: another-label-value + # ``` + # + # @type: map + extraLabels: {} + # Server, when enabled, configures a server cluster to run. This should # be disabled if you plan on connecting to a Consul cluster external to # the Kube cluster. @@ -844,9 +857,9 @@ server: # This configures the PodDisruptionBudget (https://kubernetes.io/docs/tasks/run-application/configure-pdb/) # for the server cluster. disruptionBudget: - # This will enable/disable registering a PodDisruptionBudget for the server - # cluster. If this is enabled, it will only register the budget so long as - # the server cluster is enabled. + # Enables registering a PodDisruptionBudget for the server + # cluster. If enabled, it only registers the budget so long as + # the server cluster is enabled. To disable, set to `false`. enabled: true # The maximum number of unavailable pods. By default, this will be @@ -1936,7 +1949,7 @@ connectInject: # Configures consul-cni plugin for Consul Service mesh services cni: - # If true, then all traffic redirection setup will use the consul-cni plugin. + # If true, then all traffic redirection setup uses the consul-cni plugin. # Requires connectInject.enabled to also be true. # @type: boolean enabled: false @@ -2330,11 +2343,11 @@ connectInject: memory: "150Mi" cpu: "50m" -# [Mesh Gateways](/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters. +# [Mesh Gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) enable Consul Connect to work across Consul datacenters. meshGateway: - # If [mesh gateways](/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs + # If [mesh gateways](https://developer.hashicorp.com/consul/docs/connect/gateways/mesh-gateway) are enabled, a Deployment will be created that runs # gateways and Consul Connect will be configured to use gateways. - # This setting is required for [Cluster Peering](/docs/connect/cluster-peering/k8s). + # This setting is required for [Cluster Peering](https://developer.hashicorp.com/consul/docs/connect/cluster-peering/k8s). # Requirements: consul 1.6.0+ if using `global.acls.manageSystemACLs``. enabled: false @@ -2883,9 +2896,9 @@ apiGateway: # @type: string nodeSelector: null - # This value defines the tolerations that will be assigned to a gateway pod. + # Toleration settings for gateway pods created with the managed gateway class. # This should be a multi-line string matching the - # Tolerations (https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. + # [Tolerations](https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/) array in a Pod spec. # # @type: string tolerations: null diff --git a/charts/instana/instana-agent/Chart.yaml b/charts/instana/instana-agent/Chart.yaml index 8e7351321..e3109793d 100644 --- a/charts/instana/instana-agent/Chart.yaml +++ b/charts/instana/instana-agent/Chart.yaml @@ -9,7 +9,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.21-0' catalog.cattle.io/release-name: instana-agent apiVersion: v2 -appVersion: 1.239.0 +appVersion: 1.241.0 description: Instana Agent for Kubernetes home: https://www.instana.com/ icon: https://agents.instana.io/helm/stan-logo-2020.png @@ -23,4 +23,4 @@ maintainers: name: instana-agent sources: - https://github.com/instana/instana-agent-docker -version: 1.2.50 +version: 1.2.52 diff --git a/charts/instana/instana-agent/README.md b/charts/instana/instana-agent/README.md index 726beb35f..e0fb5aa96 100644 --- a/charts/instana/instana-agent/README.md +++ b/charts/instana/instana-agent/README.md @@ -45,7 +45,7 @@ As described by the [Install Using the Helm Chart](https://www.instana.com/docs/ * `agent.endpointPort` * `agent.key` -_Note:_ You can find the options mentioned in the [configuration section below](#configuration) +_Note:_ You can find the options mentioned in the [configuration section below](#Configuration-Reference) If your agents report into a self-managed Instana unit (also known as "on-prem"), you will also need to configure a "download key", which allows the agent to fetch its components from the Instana repository. The download key is set via the following value: @@ -77,7 +77,7 @@ The following table lists the configurable parameters of the Instana chart and t | Parameter | Description | Default | |-----------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------| -| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#agent) for more details | +| `agent.configuration_yaml` | Custom content for the agent configuration.yaml file | `nil` See [below](#Agent-Configuration) for more details | | `agent.configuration.autoMountConfigEntries` | (Experimental, needs Helm 3.1+) Automatically look up the entries of the default `instana-agent` ConfigMap, and mount as agent configuration files in the `instana-agent` container under the `/opt/instana/agent/etc/instana` directory all ConfigMap entries with keys that match the `configuration-*.yaml` scheme. | `false` | | `agent.configuration.hotreloadEnabled` | Enables hot-reload of a configuration.yaml upon changes in the `instana-agent` ConfigMap without requiring a restart of a pod | `false` | | `agent.endpointHost` | Instana Agent backend endpoint host | `ingress-red-saas.instana.io` (US and ROW). If in Europe, please override with `ingress-blue-saas.instana.io` | @@ -121,25 +121,26 @@ The following table lists the configurable parameters of the Instana chart and t | `leaderElector.image.name` | The elector image name to pull | `instana/leader-elector` | | `leaderElector.image.digest` | The image digest to pull; if specified, it causes `leaderElector.image.tag` to be ignored | `nil` | | `leaderElector.image.tag` | The image tag to pull; this property is ignored if `leaderElector.image.digest` is specified | `latest` | -| `k8s_sensor.deployment.enabled` | Isolate k8sensor with a deployment (tech preview) | `false` | -| `k8s_sensor.image.name` | The k8sensor image name to pull | `gcr.io/instana/k8sensor` | -| `k8s_sensor.image.digest` | The image digest to pull; if specified, it causes `k8s_sensor.image.tag` to be ignored | `nil` | -| `k8s_sensor.image.tag` | The image tag to pull; this property is ignored if `k8s_sensor.image.digest` is specified | `latest` | -| `k8s_sensor.deployment.pod.limits.cpu` | CPU request for the `k8sensor` pods (tech preview) | `4` | -| `k8s_sensor.deployment.pod.limits.memory` | Memory request limits for the `k8sensor` pods (tech preview) | `6144Mi` | -| `k8s_sensor.deployment.pod.requests.cpu` | CPU limit for the `k8sensor` pods (tech preview) | `1.5` | -| `k8s_sensor.deployment.pod.requests.memory` | Memory limit for the `k8sensor` pods (tech preview) | `1024Mi` | +| `k8s_sensor.deployment.enabled` | Isolate k8sensor with a deployment (tech preview) | `false` | +| `k8s_sensor.image.name` | The k8sensor image name to pull | `gcr.io/instana/k8sensor` | +| `k8s_sensor.image.digest` | The image digest to pull; if specified, it causes `k8s_sensor.image.tag` to be ignored | `nil` | +| `k8s_sensor.image.tag` | The image tag to pull; this property is ignored if `k8s_sensor.image.digest` is specified | `latest` | +| `k8s_sensor.deployment.pod.limits.cpu` | CPU request for the `k8sensor` pods (tech preview) | `4` | +| `k8s_sensor.deployment.pod.limits.memory` | Memory request limits for the `k8sensor` pods (tech preview) | `6144Mi` | +| `k8s_sensor.deployment.pod.requests.cpu` | CPU limit for the `k8sensor` pods (tech preview) | `1.5` | +| `k8s_sensor.deployment.pod.requests.memory` | Memory limit for the `k8sensor` pods (tech preview) | `1024Mi` | | `podSecurityPolicy.enable` | Whether a PodSecurityPolicy should be authorized for the Instana Agent pods. Requires `rbac.create` to be `true` as well. | `false` See [PodSecurityPolicy](https://docs.instana.io/setup_and_manage/host_agent/on/kubernetes/#podsecuritypolicy) for more details. | | `podSecurityPolicy.name` | Name of an _existing_ PodSecurityPolicy to authorize for the Instana Agent pods. If not provided and `podSecurityPolicy.enable` is `true`, a PodSecurityPolicy will be created for you. | `nil` | | `rbac.create` | Whether RBAC resources should be created | `true` | | `openshift` | Whether to install the Helm chart as needed in OpenShift; this setting implies `rbac.create=true` | `false` | -| `opentelemetry.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` | -| `prometheus.remoteWrite.enabled` | Whether to configure the agent to accept metrics over its implementation of the `remote_write` Prometheus endpoint. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` | -| `service.create` | Whether to create a service that exposes the agents' Prometheus, OpenTelemetry and other APIs inside the cluster. Requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. The `ServiceInternalTrafficPolicy` feature gate needs to be enabled (default: enabled). | `false` | +| `opentelemetry.grpc.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications via gRPC. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` | +| `opentelemetry.http.enabled` | Whether to configure the agent to accept telemetry from OpenTelemetry applications via HTTP. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` | +| `prometheus.remoteWrite.enabled` | Whether to configure the agent to accept metrics over its implementation of the `remote_write` Prometheus endpoint. This option also implies `service.create=true`, and requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. | `false` | +| `service.create` | Whether to create a service that exposes the agents' Prometheus, OpenTelemetry and other APIs inside the cluster. Requires Kubernetes 1.21+, as it relies on `internalTrafficPolicy`. The `ServiceInternalTrafficPolicy` feature gate needs to be enabled (default: enabled). | `false` | | `serviceAccount.create` | Whether a ServiceAccount should be created | `true` | | `serviceAccount.name` | Name of the ServiceAccount to use | `instana-agent` | -| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#installing-the-chart) for details | -| `zones` | Multi-zone daemonset configuration. | `nil` see [below](#multiple-zones) for details | +| `zone.name` | Zone that detected technologies will be assigned to | `nil` You must provide either `zone.name` or `cluster.name`, see [above](#Installation) for details | +| `zones` | Multi-zone daemonset configuration. | `nil` see [below](#multiple-zones) for details | ### Agent Modes @@ -156,7 +157,7 @@ Besides the settings listed above, there are many more settings that can be appl An overview of the settings that can be applied is provided in the [Agent Configuration File](https://www.instana.com/docs/setup_and_manage/host_agent/configuration#agent-configuration-file) documentation. To configure the agent, you can either: -* edit the [config map](templates/configmap.yaml), or +* edit the [config map](templates/agent-configmap.yaml), or * provide the configuration via the `agent.configuration_yaml` parameter in [values.yaml](values.yaml) This configuration will be used for all Instana Agents on all nodes. Visit the [agent configuration documentation](https://docs.instana.io/setup_and_manage/host_agent/#agent-configuration-file) for more details on configuration options. diff --git a/charts/instana/instana-agent/templates/_helpers.tpl b/charts/instana/instana-agent/templates/_helpers.tpl index e555eaf67..0df653d03 100644 --- a/charts/instana/instana-agent/templates/_helpers.tpl +++ b/charts/instana/instana-agent/templates/_helpers.tpl @@ -329,3 +329,11 @@ failureThreshold: 3 value: {{ $value | quote }} {{- end }} {{- end -}} + +{{/*NOTE: These are nested templates not functions, if I format this to make it readable then it won't work the way */}} +{{/*we need it to since all of the newlines and spaces will be included into the output. Helm is */}} +{{/*not fundamentally designed to do what we are doing here.*/}} + +{{- define "instana-agent.opentelemetry.grpc.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "grpc" }}{{ if hasKey .Values.opentelemetry.grpc "enabled" }}{{ .Values.opentelemetry.grpc.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ if hasKey .Values.opentelemetry "enabled" }}{{ .Values.opentelemetry.enabled }}{{ else }}{{ false }}{{ end }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}} + +{{- define "instana-agent.opentelemetry.http.isEnabled" -}}{{ if hasKey .Values "opentelemetry" }}{{ if hasKey .Values.opentelemetry "http" }}{{ if hasKey .Values.opentelemetry.http "enabled" }}{{ .Values.opentelemetry.http.enabled }}{{ else }}{{ true }}{{ end }}{{ else }}{{ false }}{{ end }}{{ else }}{{ false }}{{ end }}{{- end -}} diff --git a/charts/instana/instana-agent/templates/agent-configmap.yaml b/charts/instana/instana-agent/templates/agent-configmap.yaml index 9a7479083..e6b396855 100644 --- a/charts/instana/instana-agent/templates/agent-configmap.yaml +++ b/charts/instana/instana-agent/templates/agent-configmap.yaml @@ -16,11 +16,10 @@ data: {{ .Values.agent.configuration_yaml | nindent 4 }} {{- end }} - {{- if .Values.opentelemetry.enabled }} + {{ if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }} configuration-opentelemetry.yaml: | - com.instana.plugin.opentelemetry: - enabled: true - {{- end }} + com.instana.plugin.opentelemetry: {{ toYaml .Values.opentelemetry | nindent 6 }} + {{ end }} {{- if .Values.prometheus.remoteWrite.enabled }} configuration-prometheus-remote-write.yaml: | diff --git a/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml b/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml index ccd433836..2253cdb18 100644 --- a/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml +++ b/charts/instana/instana-agent/templates/agent-daemonset-with-zones.yaml @@ -129,7 +129,7 @@ spec: subPath: configuration-disable-kubernetes-sensor.yaml mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml {{- end }} - {{- if $.Values.opentelemetry.enabled }} + {{- if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }} - name: configuration subPath: configuration-opentelemetry.yaml mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml diff --git a/charts/instana/instana-agent/templates/agent-daemonset.yaml b/charts/instana/instana-agent/templates/agent-daemonset.yaml index c24254db8..c056c8a99 100644 --- a/charts/instana/instana-agent/templates/agent-daemonset.yaml +++ b/charts/instana/instana-agent/templates/agent-daemonset.yaml @@ -123,7 +123,7 @@ spec: subPath: configuration-disable-kubernetes-sensor.yaml mountPath: /opt/instana/agent/etc/instana/configuration-disable-kubernetes-sensor.yaml {{- end }} - {{- if .Values.opentelemetry.enabled }} + {{- if or (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) }} - name: configuration subPath: configuration-opentelemetry.yaml mountPath: /opt/instana/agent/etc/instana/configuration-opentelemetry.yaml diff --git a/charts/instana/instana-agent/templates/service.yaml b/charts/instana/instana-agent/templates/service.yaml index b507c8c89..f4957a46f 100644 --- a/charts/instana/instana-agent/templates/service.yaml +++ b/charts/instana/instana-agent/templates/service.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.service.create (or .Values.opentelemetry.enabled .Values.prometheus.remoteWrite.enabled ) -}} +{{- if or .Values.service.create (eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .)) (eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .)) .Values.prometheus.remoteWrite.enabled -}} --- apiVersion: v1 kind: Service @@ -16,7 +16,7 @@ spec: protocol: TCP port: 42699 targetPort: 42699 - {{- if .Values.opentelemetry.enabled }} + {{ if eq "true" (include "instana-agent.opentelemetry.grpc.isEnabled" .) }} # OpenTelemetry original default port - name: opentelemetry protocol: TCP @@ -28,6 +28,13 @@ spec: port: 4317 targetPort: 4317 {{- end -}} + {{ if eq "true" (include "instana-agent.opentelemetry.http.isEnabled" .) }} + # OpenTelemetry HTTP port + - name: opentelemetry-http + protocol: TCP + port: 4318 + targetPort: 4318 + {{- end -}} {{- $kubeVersion := .Capabilities.KubeVersion.Version -}} {{- if (regexMatch "\\d+\\.\\d+\\.\\d+-(?:eks|gke).+" $kubeVersion) -}} diff --git a/charts/instana/instana-agent/values.yaml b/charts/instana/instana-agent/values.yaml index d017c6028..f30bc3e93 100644 --- a/charts/instana/instana-agent/values.yaml +++ b/charts/instana/instana-agent/values.yaml @@ -198,8 +198,12 @@ service: # Note: Requires Kubernetes 1.17+, as it uses topologyKeys create: false -opentelemetry: - enabled: false # If true, it will also apply `service.create=true` +#opentelemetry: +# enabled: false # legacy setting, will only enable grpc, defaults to false +# grpc: +# enabled: false # takes precedence over legacy settings above, defaults to true if "grpc:" is present +# http: +# enabled: false # allows to enable http endpoints, defaults to true if "http:" is present prometheus: remoteWrite: @@ -251,6 +255,7 @@ k8s_sensor: memory: 1536Mi # k8s_sensor.deployment.pod.limits.cpu sets the CPU units allocation limits for the agent pods. cpu: 500m + kubernetes: # Configures use of a Deployment for the Kubernetes sensor rather than as a potential member of the DaemonSet. Is only accepted if k8s_sensor.deployment.enabled=false deployment: diff --git a/charts/intel/intel-device-plugins-operator/Chart.yaml b/charts/intel/intel-device-plugins-operator/Chart.yaml index 6a03422e1..7bccd76b4 100644 --- a/charts/intel/intel-device-plugins-operator/Chart.yaml +++ b/charts/intel/intel-device-plugins-operator/Chart.yaml @@ -4,9 +4,9 @@ annotations: catalog.cattle.io/kube-version: '>=1.19-0' catalog.cattle.io/release-name: intel-device-plugins-operator apiVersion: v2 -appVersion: 0.25.1 +appVersion: 0.26.0 description: A Helm chart for Intel Device Plugins Operator for Kubernetes icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4 name: intel-device-plugins-operator type: application -version: 0.25.1 +version: 0.26.0 diff --git a/charts/intel/intel-device-plugins-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml b/charts/intel/intel-device-plugins-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml index 8bf3668e7..9eec3210f 100644 --- a/charts/intel/intel-device-plugins-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml +++ b/charts/intel/intel-device-plugins-operator/crds/deviceplugin.intel.com_qatdeviceplugins.yaml @@ -102,6 +102,10 @@ spec: - balanced - packed type: string + provisioningConfig: + description: ProvisioningConfig is a ConfigMap used to pass the configuration + of QAT devices into qat initcontainer. + type: string type: object status: description: 'QatDevicePluginStatus defines the observed state of QatDevicePlugin. diff --git a/charts/jenkins/jenkins/Chart.yaml b/charts/jenkins/jenkins/Chart.yaml index aee1e7893..acbcdd430 100644 --- a/charts/jenkins/jenkins/Chart.yaml +++ b/charts/jenkins/jenkins/Chart.yaml @@ -41,4 +41,4 @@ sources: - https://github.com/jenkinsci/docker-inbound-agent - https://github.com/maorfr/kube-tasks - https://github.com/jenkinsci/configuration-as-code-plugin -version: 4.3.0 +version: 4.3.1 diff --git a/charts/jenkins/jenkins/README.md b/charts/jenkins/jenkins/README.md index 359eca82b..e2a4e06cd 100644 --- a/charts/jenkins/jenkins/README.md +++ b/charts/jenkins/jenkins/README.md @@ -209,6 +209,51 @@ controller: Further JCasC examples can be found [here](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos). +#### Breaking out large Config as Code scripts + +Jenkins Config as Code scripts can become quite large, and maintaining all of your scripts within one yaml file can be difficult. The Config as Code plugin itself suggests updating the `CASC_JENKINS_CONFIG` environment variable to be a comma seperated list of paths for the plugin to traverse, picking up the yaml files as needed. +However, under the Jenkins helm chart, this `CASC_JENKINS_CONFIG` value is maintained through the templates. A better solution is to split your `controller.JCasC.configScripts` into seperate values files, and provide each file during the helm install. + +For example, you can have a values file (e.g values_main.yaml) that defines the values described in the `VALUES_SUMMARY.md` for your Jenkins configuration: + +```yaml +jenkins: + controller: + jenkinsUrlProtocol: https + installPlugins: false + ... +``` + +In a second file (e.g values_jenkins_casc.yaml), you can define a section of your config scripts: + +```yaml +jenkins: + controller: + JCasC: + configScripts: + jenkinsCasc: | + jenkins: + disableRememberMe: false + mode: NORMAL + ... +``` + +And keep extending your config scripts by creating more files (so not all config scripts are located in one yaml file for better maintenance): + +values_jenkins_unclassified.yaml + +```yaml +jenkins: + controller: + JCasC: + configScripts: + unclassifiedCasc: | + unclassified: + ... +``` + +When installing, you provide all relevant yaml files (e.g `helm install -f values_main.yaml -f values_jenkins_casc.yaml -f values_jenkins_unclassified.yaml ...`). Instead of updating the `CASC_JENKINS_CONFIG` environment variable to include multiple paths, multiple CasC yaml files will be created in the same path `var/jenkins_home/casc_configs`. + #### Config as Code With or Without Auto-Reload Config as Code changes (to `controller.JCasC.configScripts`) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly. diff --git a/charts/jfrog/artifactory-ha/CHANGELOG.md b/charts/jfrog/artifactory-ha/CHANGELOG.md index 5c33c3061..4750ee067 100644 --- a/charts/jfrog/artifactory-ha/CHANGELOG.md +++ b/charts/jfrog/artifactory-ha/CHANGELOG.md @@ -1,11 +1,15 @@ # JFrog Artifactory-ha Chart Changelog All changes to this chart will be documented in this file -## [107.49.5] - Dec 16, 2022 +## [107.49.6] - Jan 20, 2023 * Updated postgresql tag version to `13.9.0-debian-11-r11` +* Fixed make lint issue on artifactory-ha chart [GH-1714](https://github.com/jfrog/charts/issues/1714) +* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049` +* Fixed an issue for capabilities check of ingress +* Updated jfrogUrl text path in migrate.sh file +* Added a note that from 107.46.x chart versions, `copyOnEveryStartup` is not needed for binarystore.xml, it is always copied via initContainers. For more Info, Refer [GH-1723](https://github.com/jfrog/charts/issues/1723) -## [107.49.0] - Dec 14, 2022 -* Updated initContainerImage and logger image to `ubi8/ubi-micro:8.7.1` +## [107.49.0] - Jan 16, 2023 * Changed logic in wait-for-primary container to use /dev/tcp instead of curl * Added support for setting `seLinuxOptions` in `securityContext` [GH-1700](https://github.com/jfrog/charts/pull/1700) * Added option to enable/disable proxy_request_buffering and proxy_buffering_off [GH-1686](https://github.com/jfrog/charts/pull/1686) diff --git a/charts/jfrog/artifactory-ha/Chart.yaml b/charts/jfrog/artifactory-ha/Chart.yaml index 44af8054a..6f33c054b 100644 --- a/charts/jfrog/artifactory-ha/Chart.yaml +++ b/charts/jfrog/artifactory-ha/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-ha apiVersion: v2 -appVersion: 7.49.5 +appVersion: 7.49.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -26,4 +26,4 @@ name: artifactory-ha sources: - https://github.com/jfrog/charts type: application -version: 107.49.5 +version: 107.49.6 diff --git a/charts/jfrog/artifactory-ha/files/migrate.sh b/charts/jfrog/artifactory-ha/files/migrate.sh index 8997fd5d5..c07985b26 100644 --- a/charts/jfrog/artifactory-ha/files/migrate.sh +++ b/charts/jfrog/artifactory-ha/files/migrate.sh @@ -186,7 +186,7 @@ PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" + echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Administration > User Management > Settings > Connection details)" } PROMPT_JFROGURL="JFrog URL" KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml new file mode 100644 index 000000000..2c1eeac1a --- /dev/null +++ b/charts/jfrog/artifactory-ha/templates/artifactory-primary-service.yaml @@ -0,0 +1,51 @@ +{{- if gt (.Values.artifactory.node.replicaCount | int) 0 -}} +# Internal service for Artifactory primary node only! +# Used by member nodes to check readiness of primary node before starting up +apiVersion: v1 +kind: Service +metadata: + name: {{ template "artifactory-ha.primary.name" . }} + labels: + app: {{ template "artifactory-ha.name" . }} + chart: {{ template "artifactory-ha.chart" . }} + component: {{ .Values.artifactory.name }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + {{- with .Values.artifactory.primary.labels }} +{{ toYaml . | indent 4 }} + {{- end }} +spec: + # Statically setting service type to ClusterIP since this is an internal only service + type: ClusterIP + {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} + clusterIP: {{ .Values.artifactory.service.clusterIP }} + {{- end }} + ports: + - port: {{ .Values.artifactory.externalPort }} + targetPort: {{ .Values.artifactory.internalPort }} + protocol: TCP + name: http-router + - port: {{ .Values.artifactory.externalArtifactoryPort }} + targetPort: {{ .Values.artifactory.internalArtifactoryPort }} + protocol: TCP + name: http-artifactory + {{- if .Values.artifactory.ssh.enabled }} + - port: {{ .Values.artifactory.ssh.externalPort }} + targetPort: {{ .Values.artifactory.ssh.internalPort }} + protocol: TCP + name: tcp-ssh + {{- end }} + {{- with .Values.artifactory.primary.javaOpts.jmx }} + {{- if .enabled }} + - port: {{ .port }} + targetPort: {{ .port }} + protocol: TCP + name: tcp-jmx + {{- end }} + {{- end }} + selector: + role: {{ template "artifactory-ha.primary.name" . }} + app: {{ template "artifactory-ha.name" . }} + component: "{{ .Values.artifactory.name }}" + release: {{ .Release.Name }} +{{- end -}} \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml b/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml index 4caa82a71..5e294a8f3 100644 --- a/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml +++ b/charts/jfrog/artifactory-ha/templates/artifactory-service.yaml @@ -60,55 +60,3 @@ spec: app: {{ template "artifactory-ha.name" . }} component: "{{ .Values.artifactory.name }}" release: {{ .Release.Name }} ---- -{{- if gt (.Values.artifactory.node.replicaCount | int) 0 -}} -# Internal service for Artifactory primary node only! -# Used by member nodes to check readiness of primary node before starting up -apiVersion: v1 -kind: Service -metadata: - name: {{ template "artifactory-ha.primary.name" . }} - labels: - app: {{ template "artifactory-ha.name" . }} - chart: {{ template "artifactory-ha.chart" . }} - component: {{ .Values.artifactory.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - {{- with .Values.artifactory.primary.labels }} -{{ toYaml . | indent 4 }} - {{- end }} -spec: - # Statically setting service type to ClusterIP since this is an internal only service - type: ClusterIP - {{- if and (eq .Values.artifactory.service.type "ClusterIP") .Values.artifactory.service.clusterIP }} - clusterIP: {{ .Values.artifactory.service.clusterIP }} - {{- end }} - ports: - - port: {{ .Values.artifactory.externalPort }} - targetPort: {{ .Values.artifactory.internalPort }} - protocol: TCP - name: http-router - - port: {{ .Values.artifactory.externalArtifactoryPort }} - targetPort: {{ .Values.artifactory.internalArtifactoryPort }} - protocol: TCP - name: http-artifactory - {{- if .Values.artifactory.ssh.enabled }} - - port: {{ .Values.artifactory.ssh.externalPort }} - targetPort: {{ .Values.artifactory.ssh.internalPort }} - protocol: TCP - name: tcp-ssh - {{- end }} - {{- with .Values.artifactory.primary.javaOpts.jmx }} - {{- if .enabled }} - - port: {{ .port }} - targetPort: {{ .port }} - protocol: TCP - name: tcp-jmx - {{- end }} - {{- end }} - selector: - role: {{ template "artifactory-ha.primary.name" . }} - app: {{ template "artifactory-ha.name" . }} - component: "{{ .Values.artifactory.name }}" - release: {{ .Release.Name }} -{{- end -}} \ No newline at end of file diff --git a/charts/jfrog/artifactory-ha/templates/ingress.yaml b/charts/jfrog/artifactory-ha/templates/ingress.yaml index 26a8459cd..cc98dac1a 100644 --- a/charts/jfrog/artifactory-ha/templates/ingress.yaml +++ b/charts/jfrog/artifactory-ha/templates/ingress.yaml @@ -3,7 +3,7 @@ {{- $servicePort := .Values.artifactory.externalPort -}} {{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} {{- $ingressName := default ( include "artifactory-ha.fullname" . ) .Values.ingress.name -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} apiVersion: networking.k8s.io/v1 {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} apiVersion: networking.k8s.io/v1beta1 @@ -30,7 +30,7 @@ spec: ingressClassName: {{ .Values.ingress.className }} {{- end }} {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} defaultBackend: service: name: {{ $serviceName }} @@ -44,7 +44,7 @@ spec: {{- end }} rules: {{- if .Values.ingress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- range $host := .Values.ingress.hosts }} - host: {{ $host | quote }} http: @@ -90,7 +90,7 @@ spec: {{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }} --- {{- $replicationIngressName := default ( include "artifactory-ha.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} apiVersion: networking.k8s.io/v1 {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} apiVersion: networking.k8s.io/v1beta1 @@ -114,7 +114,7 @@ spec: ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }} {{- end }} {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} defaultBackend: service: name: {{ $serviceName }} @@ -128,7 +128,7 @@ spec: {{- end }} rules: {{- if .Values.artifactory.replicator.ingress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - host: {{ $host | quote }} http: @@ -172,7 +172,7 @@ spec: {{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} --- {{- $replicatorTrackerIngressName := default ( include "artifactory-ha.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} apiVersion: networking.k8s.io/v1 {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} apiVersion: networking.k8s.io/v1beta1 @@ -196,7 +196,7 @@ spec: ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }} {{- end }} {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} defaultBackend: service: name: {{ $serviceName }} @@ -210,7 +210,7 @@ spec: {{- end }} rules: {{- if .Values.artifactory.replicator.trackerIngress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - host: {{ $host | quote }} http: diff --git a/charts/jfrog/artifactory-ha/values.yaml b/charts/jfrog/artifactory-ha/values.yaml index 829e4eacd..ac00deb91 100644 --- a/charts/jfrog/artifactory-ha/values.yaml +++ b/charts/jfrog/artifactory-ha/values.yaml @@ -41,7 +41,7 @@ global: ## String to fully override artifactory-ha.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi8/ubi-micro:8.7.1 +initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049 installer: type: platform: @@ -201,8 +201,8 @@ database: logger: image: registry: releases-docker.jfrog.io - repository: ubi8/ubi-micro - tag: 8.7.1 + repository: ubi8/ubi-minimal + tag: 8.7.1049 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -359,12 +359,9 @@ artifactory: enabled: false path: # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup + # Note : From 107.46.x chart versions, copyOnEveryStartup is not needed for binarystore.xml, it is always copied via initContainers copyOnEveryStartup: # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path # - source: /artifactory_bootstrap/artifactory.cluster.license # # Relative to ARTIFACTORY_HOME/ # target: etc/artifactory/ diff --git a/charts/jfrog/artifactory-jcr/CHANGELOG.md b/charts/jfrog/artifactory-jcr/CHANGELOG.md index e3d5044ba..8f2e9f1d5 100644 --- a/charts/jfrog/artifactory-jcr/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/CHANGELOG.md @@ -1,7 +1,7 @@ # JFrog Container Registry Chart Changelog All changes to this chart will be documented in this file. -## [107.49.5] - Aug 25, 2022 +## [107.49.6] - Aug 25, 2022 * Included event service as mandatory and remove the flag from values.yaml ## [107.41.0] - Jul 22, 2022 diff --git a/charts/jfrog/artifactory-jcr/Chart.yaml b/charts/jfrog/artifactory-jcr/Chart.yaml index 83dec913c..388bee279 100644 --- a/charts/jfrog/artifactory-jcr/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/Chart.yaml @@ -4,11 +4,11 @@ annotations: catalog.cattle.io/kube-version: '>= 1.14.0-0' catalog.cattle.io/release-name: artifactory-jcr apiVersion: v2 -appVersion: 7.49.5 +appVersion: 7.49.6 dependencies: - name: artifactory repository: file://./charts/artifactory - version: 107.49.5 + version: 107.49.6 description: JFrog Container Registry home: https://jfrog.com/container-registry/ icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png @@ -27,4 +27,4 @@ name: artifactory-jcr sources: - https://github.com/jfrog/charts type: application -version: 107.49.5 +version: 107.49.6 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md index 7ee48c6ab..d997b27f3 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/CHANGELOG.md @@ -1,11 +1,14 @@ # JFrog Artifactory Chart Changelog All changes to this chart will be documented in this file. -## [107.49.5] - Dec 16, 2022 +## [107.49.6] - Jan 20, 2023 * Updated postgresql tag version to `13.9.0-debian-11-11` +* Updated initContainerImage and logger image to `ubi8/ubi-minimal:8.7.1049` +* Fixed an issue for capabilities check of ingress +* Updated jfrogUrl text path in migrate.sh file +* Added a note that from 107.46.x chart versions, `copyOnEveryStartup` is not needed for binarystore.xml, it is always copied via initContainers. For more Info, Refer [GH-1723](https://github.com/jfrog/charts/issues/1723) -## [107.49.0] - Dec 14, 2022 -* Updated initContainerImage and logger image to `ubi8/ubi-micro:8.7.1` +## [107.49.0] - Jan 16, 2023 * Added support for setting `seLinuxOptions` in `securityContext` [GH-1699](https://github.com/jfrog/charts/pull/1699) * Added option to enable/disable proxy_request_buffering and proxy_buffering_off [GH-1686](https://github.com/jfrog/charts/pull/1686) diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml index b38e34163..50b52ad1a 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 7.49.5 +appVersion: 7.49.6 dependencies: - condition: postgresql.enabled name: postgresql @@ -21,4 +21,4 @@ name: artifactory sources: - https://github.com/jfrog/charts type: application -version: 107.49.5 +version: 107.49.6 diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh b/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh index 8997fd5d5..c07985b26 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/files/migrate.sh @@ -186,7 +186,7 @@ PROMPT_RABBITMQ_ACTIVE_NODE_IP="${RABBITMQ_LABEL} active node ip" KEY_RABBITMQ_ACTIVE_NODE_IP="$SYS_KEY_RABBITMQ_ACTIVE_NODE_IP" MESSAGE_JFROGURL(){ - echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Admin > Security > Settings)" + echo -e "The JFrog URL allows ${PRODUCT_NAME} to connect to a JFrog Platform Instance.\n(You can copy the JFrog URL from Administration > User Management > Settings > Connection details)" } PROMPT_JFROGURL="JFrog URL" KEY_JFROGURL="$SYS_KEY_SHARED_JFROGURL" diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml index 8af7a9f9c..a19c05047 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/templates/ingress.yaml @@ -3,7 +3,7 @@ {{- $servicePort := .Values.artifactory.externalPort -}} {{- $artifactoryServicePort := .Values.artifactory.externalArtifactoryPort -}} {{- $ingressName := default ( include "artifactory.fullname" . ) .Values.ingress.name -}} -{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} +{{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} apiVersion: networking.k8s.io/v1 {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} apiVersion: networking.k8s.io/v1beta1 @@ -30,7 +30,7 @@ spec: ingressClassName: {{ .Values.ingress.className }} {{- end }} {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} defaultBackend: service: name: {{ $serviceName }} @@ -44,7 +44,7 @@ spec: {{- end }} rules: {{- if .Values.ingress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- range $host := .Values.ingress.hosts }} - host: {{ $host | quote }} http: @@ -91,7 +91,7 @@ spec: {{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.ingress.enabled }} --- {{- $replicatorIngressName := default ( include "artifactory.replicator.fullname" . ) .Values.artifactory.replicator.ingress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} apiVersion: networking.k8s.io/v1 {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} apiVersion: networking.k8s.io/v1beta1 @@ -115,7 +115,7 @@ spec: ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.ingress.className }} {{- end }} {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} defaultBackend: service: name: {{ $serviceName }} @@ -129,7 +129,7 @@ spec: {{- end }} rules: {{- if .Values.artifactory.replicator.ingress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- range $host := .Values.artifactory.replicator.ingress.hosts }} - host: {{ $host | quote }} http: @@ -173,7 +173,7 @@ spec: {{- if and .Values.artifactory.replicator.enabled .Values.artifactory.replicator.trackerIngress.enabled }} --- {{- $replicatorTrackerIngressName := default ( include "artifactory.replicator.tracker.fullname" . ) .Values.artifactory.replicator.trackerIngress.name -}} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} apiVersion: networking.k8s.io/v1 {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" }} apiVersion: networking.k8s.io/v1beta1 @@ -197,7 +197,7 @@ spec: ingressClassName: {{ default .Values.ingress.className .Values.artifactory.replicator.trackerIngress.className }} {{- end }} {{- if .Values.ingress.defaultBackend.enabled }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} defaultBackend: service: name: {{ $serviceName }} @@ -211,7 +211,7 @@ spec: {{- end }} rules: {{- if .Values.artifactory.replicator.trackerIngress.hosts }} - {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + {{- if .Capabilities.APIVersions.Has "networking.k8s.io/v1" }} {{- range $host := .Values.artifactory.replicator.trackerIngress.hosts }} - host: {{ $host | quote }} http: diff --git a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml index 97461688f..de51ecd35 100644 --- a/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml +++ b/charts/jfrog/artifactory-jcr/charts/artifactory/values.yaml @@ -42,7 +42,7 @@ global: ## String to fully override artifactory.fullname template ## # fullnameOverride: -initContainerImage: releases-docker.jfrog.io/ubi8/ubi-micro:8.7.1 +initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049 # Init containers initContainers: resources: @@ -160,8 +160,8 @@ autoscaling: logger: image: registry: releases-docker.jfrog.io - repository: ubi8/ubi-micro - tag: 8.7.1 + repository: ubi8/ubi-minimal + tag: 8.7.1049 ## You can use a pre-existing secret with keys license_token and iam_role by specifying licenseConfigSecretName ## Example : Create a generic secret using `kubectl create secret generic --from-literal=license_token=${TOKEN} --from-literal=iam_role=${ROLE_ARN}` aws: @@ -335,12 +335,9 @@ artifactory: enabled: false path: # Files to copy to ARTIFACTORY_HOME/ on each Artifactory startup + # Note : From 107.46.x chart versions, copyOnEveryStartup is not needed for binarystore.xml, it is always copied via initContainers copyOnEveryStartup: # # Absolute path - # - source: /artifactory_bootstrap/binarystore.xml - # # Relative to ARTIFACTORY_HOME/ - # target: etc/artifactory/ - # # Absolute path # - source: /artifactory_bootstrap/artifactory.lic # # Relative to ARTIFACTORY_HOME/ # target: etc/artifactory/ diff --git a/charts/jfrog/artifactory-jcr/values.yaml b/charts/jfrog/artifactory-jcr/values.yaml index 17d2b8d9d..b26042c5f 100644 --- a/charts/jfrog/artifactory-jcr/values.yaml +++ b/charts/jfrog/artifactory-jcr/values.yaml @@ -70,5 +70,5 @@ router: tag: 7.56.0 logger: image: - tag: 8.7.1 -initContainerImage: releases-docker.jfrog.io/ubi8/ubi-micro:8.7.1 + tag: 8.7.1049 +initContainerImage: releases-docker.jfrog.io/ubi8/ubi-minimal:8.7.1049 diff --git a/charts/k10/k10/charts/grafana/templates/_definitions.tpl b/charts/k10/k10/charts/grafana/templates/_definitions.tpl deleted file mode 100644 index dd43c099c..000000000 --- a/charts/k10/k10/charts/grafana/templates/_definitions.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Autogenerated, do NOT modify */}} -{{- define "k10.grafanaImageTag" -}}9.1.5{{- end -}} -{{- define "k10.grafanaInitContainerImageTag" -}}8.7-923{{- end -}} diff --git a/charts/k10/k10/charts/prometheus/templates/_definitions.tpl b/charts/k10/k10/charts/prometheus/templates/_definitions.tpl deleted file mode 100644 index 67f989898..000000000 --- a/charts/k10/k10/charts/prometheus/templates/_definitions.tpl +++ /dev/null @@ -1,3 +0,0 @@ -{{/* Autogenerated, do NOT modify */}} -{{- define "k10.prometheusImageTag" -}}v2.34.0{{- end -}} -{{- define "k10.prometheusConfigMapReloaderImageTag" -}}v0.5.0{{- end -}} diff --git a/charts/kasten/k10/Chart.lock b/charts/kasten/k10/Chart.lock new file mode 100644 index 000000000..ec9ffbfae --- /dev/null +++ b/charts/kasten/k10/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: grafana + repository: "" + version: 6.32.9 +- name: prometheus + repository: "" + version: 15.8.5 +digest: sha256:4399c78f4e445e4fbb26151707c9b481fece2002ac02ae20612d9f26e6b66643 +generated: "2023-01-30T15:49:57.609147621Z" diff --git a/charts/k10/k10/Chart.yaml b/charts/kasten/k10/Chart.yaml similarity index 61% rename from charts/k10/k10/Chart.yaml rename to charts/kasten/k10/Chart.yaml index 878b5d94c..c4dbcf4cd 100644 --- a/charts/k10/k10/Chart.yaml +++ b/charts/kasten/k10/Chart.yaml @@ -2,15 +2,22 @@ annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: K10 catalog.cattle.io/featured: "1" + catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: k10 apiVersion: v2 -appVersion: 5.5.1 +appVersion: 5.5.4 +dependencies: +- name: grafana + repository: file://./charts/grafana + version: 6.32.9 +- name: prometheus + repository: file://./charts/prometheus + version: 15.8.5 description: Kasten’s K10 Data Management Platform home: https://kasten.io/ icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png -kubeVersion: '>= 1.17.0-0' maintainers: - email: contact@kasten.io name: kastenIO name: k10 -version: 5.5.100 +version: 5.5.401 diff --git a/charts/k10/k10/README.md b/charts/kasten/k10/README.md similarity index 82% rename from charts/k10/k10/README.md rename to charts/kasten/k10/README.md index e8eeb8c1a..31a0ad352 100644 --- a/charts/k10/k10/README.md +++ b/charts/kasten/k10/README.md @@ -176,14 +176,39 @@ Parameter | Description | Default `injectKanisterSidecar.webhookServer.port` | Port number on which the mutating webhook server accepts request | `8080` `gateway.insecureDisableSSLVerify` | Specifies whether to disable SSL verification for gateway pods | `false` `gateway.exposeAdminPort` | Specifies whether to expose Admin port for gateway service | `true` +`gateway.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for gateway pod | `{}` `genericVolumeSnapshot.resources.[requests\|limits].[cpu\|memory]` | Resource requests and limits for Generic Volume Snapshot restore pods | `{}` -`prometheus.server.enabled` | If false, K10's Prometheus server will not be created, reducing the dashboard's functionality. | `true` -`prometheus.server.persistentVolume.enabled` | If true, K10 Prometheus server will create a Persistent Volume Claim | `true` -`prometheus.server.persistentVolume.size` | K10 Prometheus server data Persistent Volume size | `30Gi` -`prometheus.server.persistentVolume.storageClass` | StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value | `""` +`prometheus.k10image.registry` | (optional) Set Prometheus image registry. | `gcr.io` +`prometheus.k10image.repository` | (optional) Set Prometheus image repository. | `kasten-images` +`prometheus.initChownData.enabled` | (optional) Prometheus init container configuration. Enable `initChownData` init container | `false` +`prometheus.rbac.create` | (optional) Whether to create Prometheus RBAC configuration. Warning - this action will allow prometheus to scrape pods in all k8s namespaces | `false` +`prometheus.alertmanager.enabled` | (optional) Enable Prometheus `alertmanager` service | `false` +`prometheus.kubeStateMetrics.enabled` | (optional) Enable Prometheus `kubeStateMetrics` service | `false` +`prometheus.networkPolicy.enabled` | (optional) Enable Prometheus `networkPolicy` | `false` +`prometheus.nodeExporter.enabled` | (optional) Enable Prometheus `nodeExporter` | `false` +`prometheus.pushgateway.enabled` | (optional) Enable Prometheus `pushgateway` | `false` +`prometheus.scrapeCAdvisor` | (optional) Enable Prometheus ScrapeCAdvisor | `false` +`prometheus.server.enabled` | (optional) If false, K10's Prometheus server will not be created, reducing the dashboard's functionality. | `true` +`prometheus.server.securityContext.runAsUser` | (optional) Set security context `runAsUser` ID for Prometheus server pod | `65534` +`prometheus.server.securityContext.runAsNonRoot` | (optional) Enable security context `runAsNonRoot` for Prometheus server pod | `true` +`prometheus.server.securityContext.runAsGroup` | (optional) Set security context `runAsGroup` ID for Prometheus server pod | `65534` +`prometheus.server.securityContext.fsGroup` | (optional) Set security context `fsGroup` ID for Prometheus server pod | `65534` `prometheus.server.retention` | (optional) K10 Prometheus data retention | `"30d"` +`prometheus.server.strategy.rollingUpdate.maxSurge` | (optional) The number of Prometheus server pods that can be created above the desired amount of pods during an update | `"100%"` +`prometheus.server.strategy.rollingUpdate.maxUnavailable` | (optional) The number of Prometheus server pods that can be unavailable during the upgrade process | `"100%"` +`prometheus.server.strategy.type` | (optional) Change default deployment strategy for Prometheus server | `"RollingUpdate"` +`prometheus.server.persistentVolume.enabled` | (optional) If true, K10 Prometheus server will create a Persistent Volume Claim | `true` +`prometheus.server.persistentVolume.size` | (optional) K10 Prometheus server data Persistent Volume size | `30Gi` +`prometheus.server.persistentVolume.storageClass` | (optional) StorageClassName used to create Prometheus PVC. Setting this option overwrites global StorageClass value | `""` +`prometheus.server.configMapOverrideName` | (optional) Prometheus configmap name to override default generated name| `k10-prometheus-config` +`prometheus.server.fullnameOverride` | (optional) Prometheus deployment name to override default generated name| `prometheus-server` `prometheus.server.baseURL` | (optional) K10 Prometheus external url path at which the server can be accessed | `/k10/prometheus/` `prometheus.server.prefixURL` | (optional) K10 Prometheus prefix slug at which the server can be accessed | `/k10/prometheus/` +`prometheus.server.serviceAccounts.alertmanager.create` | (optional) Set true to create ServiceAccount for Prometheus `Alertmanager` service | `false` +`prometheus.server.serviceAccounts.kubeStateMetrics.create` | (optional) Set true to create ServiceAccount for Prometheus `kubeStateMetrics` service | `false` +`prometheus.server.serviceAccounts.nodeExporter.create` | (optional) Set true to create ServiceAccount for Prometheus `nodeExporter` service | `false` +`prometheus.server.serviceAccounts.pushgateway.create` | (optional) Set true to create ServiceAccount for Prometheus `pushgateway` service | `false` +`prometheus.server.serviceAccounts.server.create` | (optional) Set true to create ServiceAccount for Prometheus server service | `true` `grafana.enabled` | (optional) If false Grafana will not be available | `true` `grafana.prometheusPrefixURL` | (optional) URL for Prometheus datasource in Grafana (must match `prometheus.server.prefixURL`) | `/k10/prometheus/` `resources...[requests\|limits].[cpu\|memory]` | Overwrite default K10 [container resource requests and limits](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) | varies by container @@ -218,6 +243,7 @@ Parameter | Description | Default `garbagecollector.importRunActions.enabled` | Enables ``importRunActions`` collector | `false` `garbagecollector.retireActions.enabled` | Enables ``retireActions`` collector | `false` `kubeVirtVMs.snapshot.unfreezeTimeout` | Defines the time duration within which the the VMs must be unfrozen while backing them up. To know more about format [go doc](https://pkg.go.dev/time#ParseDuration) can be followed | `5m` +`excludedApps` | Specifies a list of applications to be excluded from the dashboard & compliance considerations. Format should be a :ref:`YAML array` | `None` ## Helm tips and tricks diff --git a/charts/k10/k10/app-readme.md b/charts/kasten/k10/app-readme.md similarity index 100% rename from charts/k10/k10/app-readme.md rename to charts/kasten/k10/app-readme.md diff --git a/charts/k10/k10/charts/grafana/.helmignore b/charts/kasten/k10/charts/grafana/.helmignore similarity index 100% rename from charts/k10/k10/charts/grafana/.helmignore rename to charts/kasten/k10/charts/grafana/.helmignore diff --git a/charts/k10/k10/charts/grafana/Chart.yaml b/charts/kasten/k10/charts/grafana/Chart.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/Chart.yaml rename to charts/kasten/k10/charts/grafana/Chart.yaml diff --git a/charts/k10/k10/charts/grafana/README.md b/charts/kasten/k10/charts/grafana/README.md similarity index 100% rename from charts/k10/k10/charts/grafana/README.md rename to charts/kasten/k10/charts/grafana/README.md diff --git a/charts/k10/k10/charts/grafana/ci/default-values.yaml b/charts/kasten/k10/charts/grafana/ci/default-values.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/ci/default-values.yaml rename to charts/kasten/k10/charts/grafana/ci/default-values.yaml diff --git a/charts/k10/k10/charts/grafana/ci/with-affinity-values.yaml b/charts/kasten/k10/charts/grafana/ci/with-affinity-values.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/ci/with-affinity-values.yaml rename to charts/kasten/k10/charts/grafana/ci/with-affinity-values.yaml diff --git a/charts/k10/k10/charts/grafana/ci/with-dashboard-json-values.yaml b/charts/kasten/k10/charts/grafana/ci/with-dashboard-json-values.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/ci/with-dashboard-json-values.yaml rename to charts/kasten/k10/charts/grafana/ci/with-dashboard-json-values.yaml diff --git a/charts/k10/k10/charts/grafana/ci/with-dashboard-values.yaml b/charts/kasten/k10/charts/grafana/ci/with-dashboard-values.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/ci/with-dashboard-values.yaml rename to charts/kasten/k10/charts/grafana/ci/with-dashboard-values.yaml diff --git a/charts/k10/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml b/charts/kasten/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml rename to charts/kasten/k10/charts/grafana/ci/with-extraconfigmapmounts-values.yaml diff --git a/charts/k10/k10/charts/grafana/ci/with-image-renderer-values.yaml b/charts/kasten/k10/charts/grafana/ci/with-image-renderer-values.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/ci/with-image-renderer-values.yaml rename to charts/kasten/k10/charts/grafana/ci/with-image-renderer-values.yaml diff --git a/charts/k10/k10/charts/grafana/ci/with-persistence.yaml b/charts/kasten/k10/charts/grafana/ci/with-persistence.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/ci/with-persistence.yaml rename to charts/kasten/k10/charts/grafana/ci/with-persistence.yaml diff --git a/charts/k10/k10/charts/grafana/dashboards/custom-dashboard.json b/charts/kasten/k10/charts/grafana/dashboards/custom-dashboard.json similarity index 100% rename from charts/k10/k10/charts/grafana/dashboards/custom-dashboard.json rename to charts/kasten/k10/charts/grafana/dashboards/custom-dashboard.json diff --git a/charts/k10/k10/charts/grafana/templates/NOTES.txt b/charts/kasten/k10/charts/grafana/templates/NOTES.txt similarity index 100% rename from charts/k10/k10/charts/grafana/templates/NOTES.txt rename to charts/kasten/k10/charts/grafana/templates/NOTES.txt diff --git a/charts/kasten/k10/charts/grafana/templates/_definitions.tpl b/charts/kasten/k10/charts/grafana/templates/_definitions.tpl new file mode 100644 index 000000000..e2dffc5bb --- /dev/null +++ b/charts/kasten/k10/charts/grafana/templates/_definitions.tpl @@ -0,0 +1,4 @@ +{{/* Autogenerated, do NOT modify */}} +{{- define "k10.grafanaImageTag" -}}9.1.5{{- end -}} +{{- define "k10.grafanaInitContainerImageRepo" -}}registry.access.redhat.com/ubi9/ubi-minimal{{- end -}} +{{- define "k10.grafanaInitContainerImageTag" -}}9.1.0-1656.1669627757{{- end -}} diff --git a/charts/k10/k10/charts/grafana/templates/_helpers.tpl b/charts/kasten/k10/charts/grafana/templates/_helpers.tpl similarity index 97% rename from charts/k10/k10/charts/grafana/templates/_helpers.tpl rename to charts/kasten/k10/charts/grafana/templates/_helpers.tpl index d8ee8b1a2..6f6985452 100644 --- a/charts/k10/k10/charts/grafana/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/grafana/templates/_helpers.tpl @@ -253,10 +253,17 @@ based on the value of global.airgapped.repository {{- if .Values.global.upstreamCertifiedImages }} {{- printf "%s/%s/ubi-minimal" .Values.k10image.registry .Values.k10image.repository }} {{- else }} -{{- print .Values.ubi.image.repository }} +{{- include "k10.grafanaInitContainerImageRepo" . }} {{- end }} {{- end }} +{{/* +Figure out the Grafana init image +*/}} +{{- define "get.grafanaInitImage" }} +{{- .Values.global.images.init | default (include "get.grafanaInitContainerImage" .) }} +{{- end }} + {{/* Figure out the config based on the value of airgapped.repository diff --git a/charts/k10/k10/charts/grafana/templates/_pod.tpl b/charts/kasten/k10/charts/grafana/templates/_pod.tpl similarity index 99% rename from charts/k10/k10/charts/grafana/templates/_pod.tpl rename to charts/kasten/k10/charts/grafana/templates/_pod.tpl index 6d6973114..09c8b27b2 100644 --- a/charts/k10/k10/charts/grafana/templates/_pod.tpl +++ b/charts/kasten/k10/charts/grafana/templates/_pod.tpl @@ -21,8 +21,8 @@ initContainers: {{- end }} {{- if ( and .Values.global.persistence.enabled .Values.initChownData.enabled ) }} - name: init-chown-data - image: "{{ include "get.grafanaInitContainerImage" . }}" - imagePullPolicy: {{ .Values.ubi.image.pullPolicy }} + image: "{{ include "get.grafanaInitImage" . }}" + imagePullPolicy: {{ .Values.initChownData.image.pullPolicy }} securityContext: runAsNonRoot: false runAsUser: 0 @@ -41,7 +41,7 @@ initContainers: {{- if .Values.downloadDashboardsImage.sha }} image: "{{ .Values.downloadDashboardsImage.repository }}:{{ .Values.downloadDashboardsImage.tag }}@sha256:{{ .Values.downloadDashboardsImage.sha }}" {{- else }} - image: "{{ include "get.grafanaInitContainerImage" . }}" + image: "{{ include "get.grafanaInitImage" . }}" {{- end }} imagePullPolicy: {{ .Values.downloadDashboardsImage.pullPolicy }} command: ["/bin/sh"] diff --git a/charts/k10/k10/charts/grafana/templates/clusterrole.yaml b/charts/kasten/k10/charts/grafana/templates/clusterrole.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/clusterrole.yaml rename to charts/kasten/k10/charts/grafana/templates/clusterrole.yaml diff --git a/charts/k10/k10/charts/grafana/templates/clusterrolebinding.yaml b/charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/clusterrolebinding.yaml rename to charts/kasten/k10/charts/grafana/templates/clusterrolebinding.yaml diff --git a/charts/k10/k10/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kasten/k10/charts/grafana/templates/configmap-dashboard-provider.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/configmap-dashboard-provider.yaml rename to charts/kasten/k10/charts/grafana/templates/configmap-dashboard-provider.yaml diff --git a/charts/k10/k10/charts/grafana/templates/configmap.yaml b/charts/kasten/k10/charts/grafana/templates/configmap.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/configmap.yaml rename to charts/kasten/k10/charts/grafana/templates/configmap.yaml diff --git a/charts/k10/k10/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/dashboards-json-configmap.yaml rename to charts/kasten/k10/charts/grafana/templates/dashboards-json-configmap.yaml diff --git a/charts/k10/k10/charts/grafana/templates/deployment.yaml b/charts/kasten/k10/charts/grafana/templates/deployment.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/deployment.yaml rename to charts/kasten/k10/charts/grafana/templates/deployment.yaml diff --git a/charts/k10/k10/charts/grafana/templates/extra-manifests.yaml b/charts/kasten/k10/charts/grafana/templates/extra-manifests.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/extra-manifests.yaml rename to charts/kasten/k10/charts/grafana/templates/extra-manifests.yaml diff --git a/charts/k10/k10/charts/grafana/templates/headless-service.yaml b/charts/kasten/k10/charts/grafana/templates/headless-service.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/headless-service.yaml rename to charts/kasten/k10/charts/grafana/templates/headless-service.yaml diff --git a/charts/k10/k10/charts/grafana/templates/hpa.yaml b/charts/kasten/k10/charts/grafana/templates/hpa.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/hpa.yaml rename to charts/kasten/k10/charts/grafana/templates/hpa.yaml diff --git a/charts/k10/k10/charts/grafana/templates/image-renderer-deployment.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/image-renderer-deployment.yaml rename to charts/kasten/k10/charts/grafana/templates/image-renderer-deployment.yaml diff --git a/charts/k10/k10/charts/grafana/templates/image-renderer-network-policy.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-network-policy.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/image-renderer-network-policy.yaml rename to charts/kasten/k10/charts/grafana/templates/image-renderer-network-policy.yaml diff --git a/charts/k10/k10/charts/grafana/templates/image-renderer-service.yaml b/charts/kasten/k10/charts/grafana/templates/image-renderer-service.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/image-renderer-service.yaml rename to charts/kasten/k10/charts/grafana/templates/image-renderer-service.yaml diff --git a/charts/k10/k10/charts/grafana/templates/ingress.yaml b/charts/kasten/k10/charts/grafana/templates/ingress.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/ingress.yaml rename to charts/kasten/k10/charts/grafana/templates/ingress.yaml diff --git a/charts/k10/k10/charts/grafana/templates/networkpolicy.yaml b/charts/kasten/k10/charts/grafana/templates/networkpolicy.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/networkpolicy.yaml rename to charts/kasten/k10/charts/grafana/templates/networkpolicy.yaml diff --git a/charts/k10/k10/charts/grafana/templates/poddisruptionbudget.yaml b/charts/kasten/k10/charts/grafana/templates/poddisruptionbudget.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/poddisruptionbudget.yaml rename to charts/kasten/k10/charts/grafana/templates/poddisruptionbudget.yaml diff --git a/charts/k10/k10/charts/grafana/templates/podsecuritypolicy.yaml b/charts/kasten/k10/charts/grafana/templates/podsecuritypolicy.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/podsecuritypolicy.yaml rename to charts/kasten/k10/charts/grafana/templates/podsecuritypolicy.yaml diff --git a/charts/k10/k10/charts/grafana/templates/pvc.yaml b/charts/kasten/k10/charts/grafana/templates/pvc.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/pvc.yaml rename to charts/kasten/k10/charts/grafana/templates/pvc.yaml diff --git a/charts/k10/k10/charts/grafana/templates/role.yaml b/charts/kasten/k10/charts/grafana/templates/role.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/role.yaml rename to charts/kasten/k10/charts/grafana/templates/role.yaml diff --git a/charts/k10/k10/charts/grafana/templates/rolebinding.yaml b/charts/kasten/k10/charts/grafana/templates/rolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/rolebinding.yaml rename to charts/kasten/k10/charts/grafana/templates/rolebinding.yaml diff --git a/charts/k10/k10/charts/grafana/templates/secret-env.yaml b/charts/kasten/k10/charts/grafana/templates/secret-env.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/secret-env.yaml rename to charts/kasten/k10/charts/grafana/templates/secret-env.yaml diff --git a/charts/k10/k10/charts/grafana/templates/secret.yaml b/charts/kasten/k10/charts/grafana/templates/secret.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/secret.yaml rename to charts/kasten/k10/charts/grafana/templates/secret.yaml diff --git a/charts/k10/k10/charts/grafana/templates/service.yaml b/charts/kasten/k10/charts/grafana/templates/service.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/service.yaml rename to charts/kasten/k10/charts/grafana/templates/service.yaml diff --git a/charts/k10/k10/charts/grafana/templates/serviceaccount.yaml b/charts/kasten/k10/charts/grafana/templates/serviceaccount.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/serviceaccount.yaml rename to charts/kasten/k10/charts/grafana/templates/serviceaccount.yaml diff --git a/charts/k10/k10/charts/grafana/templates/servicemonitor.yaml b/charts/kasten/k10/charts/grafana/templates/servicemonitor.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/servicemonitor.yaml rename to charts/kasten/k10/charts/grafana/templates/servicemonitor.yaml diff --git a/charts/k10/k10/charts/grafana/templates/statefulset.yaml b/charts/kasten/k10/charts/grafana/templates/statefulset.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/statefulset.yaml rename to charts/kasten/k10/charts/grafana/templates/statefulset.yaml diff --git a/charts/k10/k10/charts/grafana/templates/tests/test-configmap.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-configmap.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/tests/test-configmap.yaml rename to charts/kasten/k10/charts/grafana/templates/tests/test-configmap.yaml diff --git a/charts/k10/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml rename to charts/kasten/k10/charts/grafana/templates/tests/test-podsecuritypolicy.yaml diff --git a/charts/k10/k10/charts/grafana/templates/tests/test-role.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-role.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/tests/test-role.yaml rename to charts/kasten/k10/charts/grafana/templates/tests/test-role.yaml diff --git a/charts/k10/k10/charts/grafana/templates/tests/test-rolebinding.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-rolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/tests/test-rolebinding.yaml rename to charts/kasten/k10/charts/grafana/templates/tests/test-rolebinding.yaml diff --git a/charts/k10/k10/charts/grafana/templates/tests/test-serviceaccount.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test-serviceaccount.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/tests/test-serviceaccount.yaml rename to charts/kasten/k10/charts/grafana/templates/tests/test-serviceaccount.yaml diff --git a/charts/k10/k10/charts/grafana/templates/tests/test.yaml b/charts/kasten/k10/charts/grafana/templates/tests/test.yaml similarity index 100% rename from charts/k10/k10/charts/grafana/templates/tests/test.yaml rename to charts/kasten/k10/charts/grafana/templates/tests/test.yaml diff --git a/charts/k10/k10/charts/grafana/values.yaml b/charts/kasten/k10/charts/grafana/values.yaml similarity index 99% rename from charts/k10/k10/charts/grafana/values.yaml rename to charts/kasten/k10/charts/grafana/values.yaml index aa7b9175f..20599946c 100644 --- a/charts/k10/k10/charts/grafana/values.yaml +++ b/charts/kasten/k10/charts/grafana/values.yaml @@ -5,13 +5,6 @@ enabled: true prometheusName: prometheus-server prometheusPrefixURL: /k10/prometheus -#general purpose image for init container -ubi: - image: - repository: registry.access.redhat.com/ubi8/ubi-minimal - tag: 8.7-923 - pullPolicy: IfNotPresent - k10image: registry: gcr.io repository: kasten-images @@ -336,11 +329,11 @@ initChownData: ## initChownData container image ## -# image: -# repository: busybox -# tag: "1.31.1" -# sha: "" -# pullPolicy: IfNotPresent + image: + pullPolicy: IfNotPresent +# repository: busybox +# tag: "1.31.1" +# sha: "" ## initChownData resource requests and limits ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/charts/k10/k10/charts/prometheus/Chart.yaml b/charts/kasten/k10/charts/prometheus/Chart.yaml similarity index 97% rename from charts/k10/k10/charts/prometheus/Chart.yaml rename to charts/kasten/k10/charts/prometheus/Chart.yaml index 315edf4d4..bbf372867 100644 --- a/charts/k10/k10/charts/prometheus/Chart.yaml +++ b/charts/kasten/k10/charts/prometheus/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 2.34.0 +appVersion: 5.5.4 dependencies: - condition: kubeStateMetrics.enabled name: kube-state-metrics diff --git a/charts/k10/k10/charts/prometheus/README.md b/charts/kasten/k10/charts/prometheus/README.md similarity index 100% rename from charts/k10/k10/charts/prometheus/README.md rename to charts/kasten/k10/charts/prometheus/README.md diff --git a/charts/k10/k10/charts/prometheus/templates/NOTES.txt b/charts/kasten/k10/charts/prometheus/templates/NOTES.txt similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/NOTES.txt rename to charts/kasten/k10/charts/prometheus/templates/NOTES.txt diff --git a/charts/kasten/k10/charts/prometheus/templates/_definitions.tpl b/charts/kasten/k10/charts/prometheus/templates/_definitions.tpl new file mode 100644 index 000000000..c72568d1a --- /dev/null +++ b/charts/kasten/k10/charts/prometheus/templates/_definitions.tpl @@ -0,0 +1 @@ +{{/* Autogenerated, do NOT modify */}} diff --git a/charts/k10/k10/charts/prometheus/templates/_helpers.tpl b/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl similarity index 78% rename from charts/k10/k10/charts/prometheus/templates/_helpers.tpl rename to charts/kasten/k10/charts/prometheus/templates/_helpers.tpl index 287ed192a..c7630e6ac 100644 --- a/charts/k10/k10/charts/prometheus/templates/_helpers.tpl +++ b/charts/kasten/k10/charts/prometheus/templates/_helpers.tpl @@ -84,101 +84,59 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{/* -Figure out the config based on -the value of airgapped.repository + Get the ConfigMap Reload image */}} {{- define "get.cmreloadimage" }} -{{- if not .Values.global.rhMarketPlace }} -{{- if .Values.global.airgapped.repository }} -{{- printf "%s/configmap-reload:%s" .Values.global.airgapped.repository (include "get.cmReloadImageTag" .) }} -{{- else }} -{{- printf "%s:%s" (include "get.cmReloadImageRepo" .) (include "get.cmReloadImageTag" .) }} -{{- end }} -{{- else }} -{{- printf "%s" (get .Values.global.images "configmap-reload") }} -{{- end -}} + {{- (get .Values.global.images (include "prometheus.cmreloadImageName" .)) | default (include "prometheus.cmreloadImage" .) }} {{- end }} +{{- define "prometheus.cmreloadImage" }} + {{- printf "%s:%s" (include "prometheus.cmreloadImageRepo" .) (include "prometheus.cmreloadImageTag" .) }} +{{- end -}} + +{{- define "prometheus.cmreloadImageRepo" -}} + {{- if .Values.global.airgapped.repository }} + {{- printf "%s/%s" .Values.global.airgapped.repository (include "prometheus.cmreloadImageName" .) }} + {{- else }} + {{- printf "%s/%s" .Values.global.image.registry (include "prometheus.cmreloadImageName" .) }} + {{- end }} +{{- end -}} + +{{- define "prometheus.cmreloadImageName" -}} + {{- printf "configmap-reload" }} +{{- end -}} + +{{- define "prometheus.cmreloadImageTag" -}} + {{- .Values.global.image.tag | default .Chart.AppVersion }} +{{- end -}} + {{/* -Figure out the config based on -the value of airgapped.repository + Get the Prometheus image */}} + {{- define "get.serverimage" }} -{{- if not .Values.global.rhMarketPlace }} -{{- if .Values.global.airgapped.repository }} -{{- printf "%s/prometheus:%s" .Values.global.airgapped.repository (include "get.promImageTag" .) }} -{{- else }} -{{- printf "%s:%s" (include "get.promImageRepo" .) (include "get.promImageTag" .) }} -{{- end }} -{{- else }} -{{- printf "%s" (get .Values.global.images "prometheus") }} + {{- (get .Values.global.images (include "prometheus.prometheusImageName" .)) | default (include "prometheus.prometheusImage" .) }} {{- end -}} -{{- end }} +{{- define "prometheus.prometheusImage" }} + {{- printf "%s:%s" (include "prometheus.prometheusImageRepo" .) (include "prometheus.prometheusImageTag" .) }} +{{- end -}} -{{/* -Figure out the configmap-reload image tag -based on the value of global.upstreamCertifiedImages -*/}} -{{- define "get.cmReloadImageTag"}} -{{- if .Values.global.upstreamCertifiedImages }} -{{- if .Values.global.airgapped.repository }} -{{- printf "k10-%s-rh-ubi" (include "k10.prometheusConfigMapReloaderImageTag" .) }} -{{- else }} -{{- printf "%s-rh-ubi" (include "k10.prometheusConfigMapReloaderImageTag" .) }} -{{- end }} -{{- else }} -{{- if .Values.global.airgapped.repository }} -{{- printf "k10-%s" (include "k10.prometheusConfigMapReloaderImageTag" .) }} -{{- else }} -{{- printf "%s" (include "k10.prometheusConfigMapReloaderImageTag" .) }} -{{- end }} -{{- end }} -{{- end }} +{{- define "prometheus.prometheusImageRepo" -}} + {{- if .Values.global.airgapped.repository }} + {{- printf "%s/%s" .Values.global.airgapped.repository (include "prometheus.prometheusImageName" .) }} + {{- else }} + {{- printf "%s/%s" .Values.global.image.registry (include "prometheus.prometheusImageName" .) }} + {{- end }} +{{- end -}} -{{/* -Figure out the prometheus image tag -based on the value of global.upstreamCertifiedImages -*/}} -{{- define "get.promImageTag"}} -{{- if .Values.global.upstreamCertifiedImages }} -{{- if .Values.global.airgapped.repository }} -{{- printf "k10-%s-rh-ubi" (include "k10.prometheusImageTag" .) }} -{{- else }} -{{- printf "%s-rh-ubi" (include "k10.prometheusImageTag" .) }} -{{- end }} -{{- else }} -{{- if .Values.global.airgapped.repository }} -{{- printf "k10-%s" (include "k10.prometheusImageTag" .) }} -{{- else }} -{{- printf "%s" (include "k10.prometheusImageTag" .) }} -{{- end }} -{{- end }} -{{- end }} +{{- define "prometheus.prometheusImageName" -}} + {{- printf "prometheus" }} +{{- end -}} -{{/* -Figure out the configmap-reload image repo -based on the value of global.upstreamCertifiedImages -*/}} -{{- define "get.cmReloadImageRepo" }} -{{- if .Values.global.upstreamCertifiedImages }} -{{- printf "%s/%s/configmap-reload" .Values.k10image.registry .Values.k10image.repository }} -{{- else }} -{{- print .Values.configmapReload.prometheus.image.repository }} -{{- end }} -{{- end }} - -{{/* -Figure out the prom image repo -based on the value of global.upstreamCertifiedImages -*/}} -{{- define "get.promImageRepo" }} -{{- if .Values.global.upstreamCertifiedImages }} -{{- printf "%s/%s/prometheus" .Values.k10image.registry .Values.k10image.repository }} -{{- else }} -{{- print .Values.server.image.repository }} -{{- end }} -{{- end }} +{{- define "prometheus.prometheusImageTag" -}} + {{- .Values.global.image.tag | default .Chart.AppVersion }} +{{- end -}} {{/* Create a fully qualified alertmanager name. diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/clusterrole.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/clusterrole.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/clusterrole.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/clusterrole.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/clusterrolebinding.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/cm.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/cm.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/cm.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/cm.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/deploy.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/deploy.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/deploy.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/deploy.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/headless-svc.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/headless-svc.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/headless-svc.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/headless-svc.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/ingress.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/ingress.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/ingress.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/ingress.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/netpol.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/netpol.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/netpol.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/netpol.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/pdb.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/pdb.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/pdb.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/pdb.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/psp.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/psp.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/psp.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/psp.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/pvc.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/pvc.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/pvc.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/pvc.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/role.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/role.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/role.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/role.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/rolebinding.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/rolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/rolebinding.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/rolebinding.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/service.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/service.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/service.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/service.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/serviceaccount.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/serviceaccount.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/serviceaccount.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/serviceaccount.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/alertmanager/sts.yaml b/charts/kasten/k10/charts/prometheus/templates/alertmanager/sts.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/alertmanager/sts.yaml rename to charts/kasten/k10/charts/prometheus/templates/alertmanager/sts.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/node-exporter/daemonset.yaml b/charts/kasten/k10/charts/prometheus/templates/node-exporter/daemonset.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/node-exporter/daemonset.yaml rename to charts/kasten/k10/charts/prometheus/templates/node-exporter/daemonset.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/node-exporter/psp.yaml b/charts/kasten/k10/charts/prometheus/templates/node-exporter/psp.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/node-exporter/psp.yaml rename to charts/kasten/k10/charts/prometheus/templates/node-exporter/psp.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/node-exporter/role.yaml b/charts/kasten/k10/charts/prometheus/templates/node-exporter/role.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/node-exporter/role.yaml rename to charts/kasten/k10/charts/prometheus/templates/node-exporter/role.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/node-exporter/rolebinding.yaml b/charts/kasten/k10/charts/prometheus/templates/node-exporter/rolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/node-exporter/rolebinding.yaml rename to charts/kasten/k10/charts/prometheus/templates/node-exporter/rolebinding.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/node-exporter/serviceaccount.yaml b/charts/kasten/k10/charts/prometheus/templates/node-exporter/serviceaccount.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/node-exporter/serviceaccount.yaml rename to charts/kasten/k10/charts/prometheus/templates/node-exporter/serviceaccount.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/node-exporter/svc.yaml b/charts/kasten/k10/charts/prometheus/templates/node-exporter/svc.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/node-exporter/svc.yaml rename to charts/kasten/k10/charts/prometheus/templates/node-exporter/svc.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/clusterrole.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/clusterrole.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/clusterrole.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/clusterrole.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/clusterrolebinding.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/deploy.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/deploy.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/deploy.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/deploy.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/ingress.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/ingress.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/ingress.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/ingress.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/netpol.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/netpol.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/netpol.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/netpol.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/pdb.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/pdb.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/pdb.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/pdb.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/psp.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/psp.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/psp.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/psp.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/pvc.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/pvc.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/pvc.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/pvc.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/service.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/service.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/service.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/service.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/pushgateway/serviceaccount.yaml b/charts/kasten/k10/charts/prometheus/templates/pushgateway/serviceaccount.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/pushgateway/serviceaccount.yaml rename to charts/kasten/k10/charts/prometheus/templates/pushgateway/serviceaccount.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/clusterrole.yaml b/charts/kasten/k10/charts/prometheus/templates/server/clusterrole.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/clusterrole.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/clusterrole.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/clusterrolebinding.yaml b/charts/kasten/k10/charts/prometheus/templates/server/clusterrolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/clusterrolebinding.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/clusterrolebinding.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/cm.yaml b/charts/kasten/k10/charts/prometheus/templates/server/cm.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/cm.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/cm.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/deploy.yaml b/charts/kasten/k10/charts/prometheus/templates/server/deploy.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/deploy.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/deploy.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/headless-svc.yaml b/charts/kasten/k10/charts/prometheus/templates/server/headless-svc.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/headless-svc.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/headless-svc.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/ingress.yaml b/charts/kasten/k10/charts/prometheus/templates/server/ingress.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/ingress.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/ingress.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/netpol.yaml b/charts/kasten/k10/charts/prometheus/templates/server/netpol.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/netpol.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/netpol.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/pdb.yaml b/charts/kasten/k10/charts/prometheus/templates/server/pdb.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/pdb.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/pdb.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/psp.yaml b/charts/kasten/k10/charts/prometheus/templates/server/psp.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/psp.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/psp.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/pvc.yaml b/charts/kasten/k10/charts/prometheus/templates/server/pvc.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/pvc.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/pvc.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/rolebinding.yaml b/charts/kasten/k10/charts/prometheus/templates/server/rolebinding.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/rolebinding.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/rolebinding.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/service.yaml b/charts/kasten/k10/charts/prometheus/templates/server/service.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/service.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/service.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/serviceaccount.yaml b/charts/kasten/k10/charts/prometheus/templates/server/serviceaccount.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/serviceaccount.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/serviceaccount.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/sts.yaml b/charts/kasten/k10/charts/prometheus/templates/server/sts.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/sts.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/sts.yaml diff --git a/charts/k10/k10/charts/prometheus/templates/server/vpa.yaml b/charts/kasten/k10/charts/prometheus/templates/server/vpa.yaml similarity index 100% rename from charts/k10/k10/charts/prometheus/templates/server/vpa.yaml rename to charts/kasten/k10/charts/prometheus/templates/server/vpa.yaml diff --git a/charts/k10/k10/charts/prometheus/values.yaml b/charts/kasten/k10/charts/prometheus/values.yaml similarity index 99% rename from charts/k10/k10/charts/prometheus/values.yaml rename to charts/kasten/k10/charts/prometheus/values.yaml index a43960373..64324eb55 100644 --- a/charts/k10/k10/charts/prometheus/values.yaml +++ b/charts/kasten/k10/charts/prometheus/values.yaml @@ -1,7 +1,3 @@ -k10image: - registry: gcr.io - repository: kasten-images - rbac: create: true diff --git a/charts/kasten/k10/config.json b/charts/kasten/k10/config.json new file mode 100644 index 000000000..e69de29bb diff --git a/charts/k10/k10/eula.txt b/charts/kasten/k10/eula.txt similarity index 100% rename from charts/k10/k10/eula.txt rename to charts/kasten/k10/eula.txt diff --git a/charts/k10/k10/files/favicon.png b/charts/kasten/k10/files/favicon.png similarity index 100% rename from charts/k10/k10/files/favicon.png rename to charts/kasten/k10/files/favicon.png diff --git a/charts/k10/k10/files/kasten-logo.svg b/charts/kasten/k10/files/kasten-logo.svg similarity index 100% rename from charts/k10/k10/files/kasten-logo.svg rename to charts/kasten/k10/files/kasten-logo.svg diff --git a/charts/k10/k10/files/styles.css b/charts/kasten/k10/files/styles.css similarity index 100% rename from charts/k10/k10/files/styles.css rename to charts/kasten/k10/files/styles.css diff --git a/charts/k10/k10/license b/charts/kasten/k10/license similarity index 100% rename from charts/k10/k10/license rename to charts/kasten/k10/license diff --git a/charts/k10/k10/questions.yaml b/charts/kasten/k10/questions.yaml similarity index 100% rename from charts/k10/k10/questions.yaml rename to charts/kasten/k10/questions.yaml diff --git a/charts/k10/k10/templates/NOTES.txt b/charts/kasten/k10/templates/NOTES.txt similarity index 100% rename from charts/k10/k10/templates/NOTES.txt rename to charts/kasten/k10/templates/NOTES.txt diff --git a/charts/k10/k10/templates/_definitions.tpl b/charts/kasten/k10/templates/_definitions.tpl similarity index 98% rename from charts/k10/k10/templates/_definitions.tpl rename to charts/kasten/k10/templates/_definitions.tpl index dc6205eb1..3bc85858c 100644 --- a/charts/k10/k10/templates/_definitions.tpl +++ b/charts/kasten/k10/templates/_definitions.tpl @@ -46,7 +46,6 @@ state: {{- define "k10.backupActionsDetails" -}}backupactions/details{{- end -}} {{- define "k10.reportActions" -}}reportactions{{- end -}} {{- define "k10.reportActionsDetails" -}}reportactions/details{{- end -}} -{{- define "k10.restorePointRepositories" -}}restorepointrepositories{{- end -}} {{- define "k10.storageRepositories" -}}storagerepositories{{- end -}} {{- define "k10.restoreActions" -}}restoreactions{{- end -}} {{- define "k10.restoreActionsDetails" -}}restoreactions/details{{- end -}} @@ -202,5 +201,5 @@ state-svc: {{- define "k10.multiClusterVersion" -}}2{{- end -}} {{- define "k10.mcExternalPort" -}}18000{{- end -}} {{- define "k10.defaultKubeVirtVMsUnfreezeTimeout" -}}5m{{- end -}} -{{- define "k10.kanisterToolsImageTag" -}}0.84.0{{- end -}} +{{- define "k10.kanisterToolsImageTag" -}}0.88.0{{- end -}} {{- define "k10.dexImageTag" -}}v2.35.3{{- end -}} diff --git a/charts/k10/k10/templates/_helpers.tpl b/charts/kasten/k10/templates/_helpers.tpl similarity index 92% rename from charts/k10/k10/templates/_helpers.tpl rename to charts/kasten/k10/templates/_helpers.tpl index 667edc2c7..013965eb6 100644 --- a/charts/k10/k10/templates/_helpers.tpl +++ b/charts/kasten/k10/templates/_helpers.tpl @@ -250,10 +250,10 @@ install certified version of upstream images or not */}} {{- define "k10.dexImage" -}} -{{- if not .Values.rhMarketPlace }} +{{- if not .Values.global.rhMarketPlace }} {{- printf "%s:%s" ( include "k10.dexImageRepo" . ) (include "k10.dexTag" .) }} {{- else }} -{{- printf "%s" (get .Values.images "dex") }} +{{- printf "%s" (get .Values.global.images "dex") }} {{- end -}} {{- end -}} @@ -267,7 +267,7 @@ required {{- if .Values.global.airgapped.repository }} {{- printf "%s/dex" .Values.global.airgapped.repository }} {{- else }} -{{- printf "%s/%s/dex" .Values.image.registry .Values.image.repository }} +{{- printf "%s/dex" .Values.global.image.registry }} {{- end}} {{- else }} {{- if .Values.global.airgapped.repository }} @@ -325,20 +325,16 @@ Get the emissary image. {{- if .Values.global.airgapped.repository }} {{- printf "%s/%s" .Values.global.airgapped.repository (include "k10.emissaryImageName" .) }} {{- else }} - {{- if hasPrefix .Values.image.registry .Values.image.repository }} - {{- printf "%s/%s" .Values.image.repository (include "k10.emissaryImageName" .) }} - {{- else }} - {{- printf "%s/%s/%s" .Values.image.registry .Values.image.repository (include "k10.emissaryImageName" .) }} - {{- end }} + {{- printf "%s/%s" .Values.global.image.registry (include "k10.emissaryImageName" .) }} {{- end }} {{- end -}} {{- define "k10.emissaryImageName" -}} -{{- printf "emissary" }} + {{- printf "emissary" }} {{- end -}} {{- define "k10.emissaryImageTag" -}} -{{- default .Chart.AppVersion .Values.image.tag }} + {{- .Values.global.image.tag | default .Chart.AppVersion }} {{- end -}} {{/* @@ -751,3 +747,56 @@ running in the same cluster. {{- define "k10.ambassadorId" -}} "kasten.io/k10" {{- end -}} + +{{/* + Indicates the multi-cluster mode +*/}} +{{- define "k10.multicluster" -}} + {{ (default .Values.features dict).multicluster }} +{{- end -}} + +{{/* + Indicates whether K10 is configured as a multi-cluster primary +*/}} +{{- define "k10.isMulticlusterPrimary" -}} + {{ if eq (include "k10.multicluster" .) "primary" }}true{{ end }} +{{- end -}} + +{{/* Check that image.values are not set. */}} +{{- define "image.values.check" -}} + {{- if not (empty .main.Values.image) }} + + {{- $registry := .main.Values.image.registry }} + {{- $repository := .main.Values.image.repository }} + {{- if or $registry $repository }} + {{- $registry = coalesce $registry "gcr.io" }} + {{- $repository = coalesce $repository "kasten-images" }} + + {{- $oldCombinedRegistry := "" }} + {{- if hasPrefix $registry $repository }} + {{- $oldCombinedRegistry = $repository }} + {{- else }} + {{- $oldCombinedRegistry = printf "%s/%s" $registry $repository }} + {{- end }} + + {{- if ne $oldCombinedRegistry .main.Values.global.image.registry }} + {{- fail "Setting image.registry and image.repository is no longer supported use global.image.registry instead" }} + {{- end }} + {{- end }} + + {{- $tag := .main.Values.image.tag }} + {{- if $tag }} + {{- if ne $tag .main.Values.global.image.tag }} + {{- fail "Setting image.tag is no longer supported use global.image.tag instead" }} + {{- end }} + {{- end }} + + {{- $pullPolicy := .main.Values.image.pullPolicy }} + {{- if $pullPolicy }} + {{- if ne $pullPolicy .main.Values.global.image.pullPolicy }} + {{- fail "Setting image.pullPolicy is no longer supported use global.image.pullPolicy instead" }} + {{- end }} + {{- end }} + + {{- end }} +{{- end -}} diff --git a/charts/k10/k10/templates/_k10_container.tpl b/charts/kasten/k10/templates/_k10_container.tpl similarity index 96% rename from charts/k10/k10/templates/_k10_container.tpl rename to charts/kasten/k10/templates/_k10_container.tpl index 39e50668a..b7c4e2a44 100644 --- a/charts/k10/k10/templates/_k10_container.tpl +++ b/charts/kasten/k10/templates/_k10_container.tpl @@ -20,7 +20,7 @@ {{- with .main }} - name: {{ $service }}-svc {{- dict "main" . "k10_service" $service | include "serviceImage" | indent 8 }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.global.image.pullPolicy }} {{- if eq $service "aggregatedapis" }} args: - "--secure-port={{ .Values.service.aggregatedApiPort }}" @@ -248,11 +248,9 @@ stating that types are not same for the equality check {{- if or (eq $service "kanister") (eq $service "executor")}} - name: DATA_MOVER_IMAGE {{- if .Values.global.airgapped.repository }} - value: {{ default .Chart.AppVersion .Values.image.tag | print .Values.global.airgapped.repository "/datamover:" }} - {{- else if contains .Values.image.registry .Values.image.repository }} - value: {{ default .Chart.AppVersion .Values.image.tag | print .Values.image.repository "/datamover:" }} + value: {{ default .Chart.AppVersion .Values.global.image.tag | print .Values.global.airgapped.repository "/datamover:" }} {{- else }} - value: {{ default .Chart.AppVersion .Values.image.tag | print .Values.image.registry "/" .Values.image.repository "/datamover:" }} + value: {{ default .Chart.AppVersion .Values.global.image.tag | print .Values.global.image.registry "/datamover:" }} {{- end }}{{/* if .Values.global.airgapped.repository */}} - name: KANISTER_POD_READY_WAIT_TIMEOUT @@ -489,7 +487,7 @@ stating that types are not same for the equality check - name: K10_MUTATING_WEBHOOK_PORT value: {{ .Values.injectKanisterSidecar.webhookServer.port | quote }} {{- end }} -{{- if or (eq $service "controllermanager") (eq $service "kanister") }} +{{- if (list "controllermanager" "kanister" "executor" "dashboardbff" | has $service) }} {{- if .Values.genericVolumeSnapshot.resources.requests.memory }} - name: KANISTER_TOOLS_MEMORY_REQUESTS valueFrom: @@ -699,19 +697,14 @@ stating that types are not same for the equality check {{- else if $serviceStateful }} - name: upgrade-init securityContext: - {{- if $main_context.Values.global.rootlessContainers }} capabilities: add: - FOWNER - CHOWN runAsUser: 1000 allowPrivilegeEscalation: false - {{- else }} - runAsUser: 0 - allowPrivilegeEscalation: true - {{- end }} {{- dict "main" $main_context "k10_service" "upgrade" | include "serviceImage" | indent 8 }} - imagePullPolicy: {{ $main_context.Values.image.pullPolicy }} + imagePullPolicy: {{ $main_context.Values.global.image.pullPolicy }} env: - name: MODEL_STORE_DIR valueFrom: @@ -724,7 +717,7 @@ stating that types are not same for the equality check {{- if eq $service "catalog" }} - name: schema-upgrade-check {{- dict "main" $main_context "k10_service" $service | include "serviceImage" | indent 8 }} - imagePullPolicy: {{ $main_context.Values.image.pullPolicy }} + imagePullPolicy: {{ $main_context.Values.global.image.pullPolicy }} env: {{- if $main_context.Values.clusterName }} - name: CLUSTER_NAME diff --git a/charts/k10/k10/templates/_k10_metering.tpl b/charts/kasten/k10/templates/_k10_metering.tpl similarity index 96% rename from charts/k10/k10/templates/_k10_metering.tpl rename to charts/kasten/k10/templates/_k10_metering.tpl index de0f794d2..6a63503ea 100644 --- a/charts/k10/k10/templates/_k10_metering.tpl +++ b/charts/kasten/k10/templates/_k10_metering.tpl @@ -34,7 +34,7 @@ spec: --- {{- end }}{{/* if $.stateful */}} {{ $service_list := include "k10.restServices" . | splitList " " }} -{{- if not (default .Values.features dict).multicluster -}} +{{- if not (include "k10.isMulticlusterPrimary" .) -}} {{- $service_list = without $service_list "mccontrollermanager" -}} {{- end -}} kind: ConfigMap @@ -80,10 +80,12 @@ data: prometheusTargets: | {{- range $service_list }} {{- if or (not (hasKey $optionalServices .)) (index $optionalServices .).enabled }} +{{- if not (eq . "executor") }} {{ $tmpcontx := dict "main" $main "k10service" . -}} {{ include "k10.prometheusTargetConfig" $tmpcontx | trim | indent 4 -}} {{- end }} {{- end }} +{{- end }} {{- range include "k10.services" . | splitList " " }} {{- if (or (ne . "aggregatedapis") ($rbac)) }} {{ $tmpcontx := dict "main" $main "k10service" . -}} @@ -133,19 +135,14 @@ spec: initContainers: - name: upgrade-init securityContext: - {{- if .Values.global.rootlessContainers }} capabilities: add: - FOWNER - CHOWN runAsUser: 1000 allowPrivilegeEscalation: false - {{- else }} - runAsUser: 0 - allowPrivilegeEscalation: true - {{- end }} {{- dict "main" . "k10_service" "upgrade" | include "serviceImage" | indent 8 }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.global.image.pullPolicy }} env: - name: MODEL_STORE_DIR value: /var/reports/ @@ -156,7 +153,7 @@ spec: containers: - name: {{ $service }}-svc {{- dict "main" . "k10_service" $service | include "serviceImage" | indent 8 }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.global.image.pullPolicy }} {{- if eq .Release.Namespace "default" }} {{- $podName := (printf "%s-svc" $service) }} {{- $containerName := (printf "%s-svc" $service) }} diff --git a/charts/k10/k10/templates/_k10_serviceimage.tpl b/charts/kasten/k10/templates/_k10_serviceimage.tpl similarity index 81% rename from charts/k10/k10/templates/_k10_serviceimage.tpl rename to charts/kasten/k10/templates/_k10_serviceimage.tpl index d9e69a8a4..1a7c32055 100644 --- a/charts/k10/k10/templates/_k10_serviceimage.tpl +++ b/charts/kasten/k10/templates/_k10_serviceimage.tpl @@ -7,20 +7,19 @@ Using substr to remove repo from ambassadorImage */}} {{- define "serviceImage" -}} {{/* -we are maintaining the field .Values.images to override it when +we are maintaining the field .Values.global.images to override it when we install the chart for red hat marketplace. If we dont have the value specified use earlier flow, if it is, use the value that is specified. */}} +{{- include "image.values.check" . -}} {{- if not .main.Values.global.rhMarketPlace }} {{- $serviceImage := "" -}} {{- $tagFromDefs := "" -}} {{- if .main.Values.global.airgapped.repository }} -{{- $serviceImage = default .main.Chart.AppVersion .main.Values.image.tag | print .main.Values.global.airgapped.repository "/" .k10_service ":" }} -{{- else if contains .main.Values.image.registry .main.Values.image.repository }} -{{- $serviceImage = default .main.Chart.AppVersion .main.Values.image.tag | print .main.Values.image.repository "/" .k10_service ":" }} +{{- $serviceImage = default .main.Chart.AppVersion .main.Values.global.image.tag | print .main.Values.global.airgapped.repository "/" .k10_service ":" }} {{- else }} -{{- $serviceImage = default .main.Chart.AppVersion .main.Values.image.tag | print .main.Values.image.registry "/" .main.Values.image.repository "/" .k10_service ":" }} +{{- $serviceImage = default .main.Chart.AppVersion .main.Values.global.image.tag | print .main.Values.global.image.registry "/" .k10_service ":" }} {{- end }}{{/* if .main.Values.global.airgapped.repository */}} {{- $serviceImageKey := print (replace "-" "" .k10_service) "Image" }} {{- if eq $serviceImageKey "ambassadorImage" }} diff --git a/charts/k10/k10/templates/_k10_template.tpl b/charts/kasten/k10/templates/_k10_template.tpl similarity index 100% rename from charts/k10/k10/templates/_k10_template.tpl rename to charts/kasten/k10/templates/_k10_template.tpl diff --git a/charts/k10/k10/templates/api-tls-secrets.yaml b/charts/kasten/k10/templates/api-tls-secrets.yaml similarity index 100% rename from charts/k10/k10/templates/api-tls-secrets.yaml rename to charts/kasten/k10/templates/api-tls-secrets.yaml diff --git a/charts/k10/k10/templates/apiservice.yaml b/charts/kasten/k10/templates/apiservice.yaml similarity index 80% rename from charts/k10/k10/templates/apiservice.yaml rename to charts/kasten/k10/templates/apiservice.yaml index 3d0bc8b39..1811df48a 100644 --- a/charts/k10/k10/templates/apiservice.yaml +++ b/charts/kasten/k10/templates/apiservice.yaml @@ -4,9 +4,6 @@ {{- $container_port := .Values.service.internalPort -}} {{- $namespace := .Release.Namespace -}} {{- range include "k10.aggregatedAPIs" . | splitList " " -}} -{{- $isNotReposAPI := (ne . "repositories") }} -{{- $reposAPIEnabled := (default $main.Values.features dict).repositoriesAPI }} -{{- if or $isNotReposAPI $reposAPIEnabled }} --- apiVersion: apiregistration.k8s.io/v1 kind: APIService @@ -25,5 +22,4 @@ spec: versionPriority: 10 insecureSkipTLSVerify: true {{ end }} -{{ end }} {{- end -}} diff --git a/charts/k10/k10/templates/daemonsets.yaml b/charts/kasten/k10/templates/daemonsets.yaml similarity index 100% rename from charts/k10/k10/templates/daemonsets.yaml rename to charts/kasten/k10/templates/daemonsets.yaml diff --git a/charts/k10/k10/templates/deployments.yaml b/charts/kasten/k10/templates/deployments.yaml similarity index 96% rename from charts/k10/k10/templates/deployments.yaml rename to charts/kasten/k10/templates/deployments.yaml index 2db14f667..e8329789e 100644 --- a/charts/k10/k10/templates/deployments.yaml +++ b/charts/kasten/k10/templates/deployments.yaml @@ -7,7 +7,7 @@ Generates deployment specs for K10 services and other services such as {{- $stateless_services := include "k10.statelessServices" . | splitList " " -}} {{- $colocated_services := include "k10.colocatedServices" . | fromYaml -}} {{ $service_list := include "k10.restServices" . | splitList " " }} -{{- if not (default .Values.features dict).multicluster -}} +{{- if not (include "k10.isMulticlusterPrimary" .) -}} {{- $service_list = without $service_list "mccontrollermanager" -}} {{- end -}} {{- range $skip, $k10_service := $service_list }} diff --git a/charts/k10/k10/templates/fluentbit-configmap.yaml b/charts/kasten/k10/templates/fluentbit-configmap.yaml similarity index 100% rename from charts/k10/k10/templates/fluentbit-configmap.yaml rename to charts/kasten/k10/templates/fluentbit-configmap.yaml diff --git a/charts/k10/k10/templates/frontend-nginx-configmap.yaml b/charts/kasten/k10/templates/frontend-nginx-configmap.yaml similarity index 100% rename from charts/k10/k10/templates/frontend-nginx-configmap.yaml rename to charts/kasten/k10/templates/frontend-nginx-configmap.yaml diff --git a/charts/k10/k10/templates/gateway-ext.yaml b/charts/kasten/k10/templates/gateway-ext.yaml similarity index 100% rename from charts/k10/k10/templates/gateway-ext.yaml rename to charts/kasten/k10/templates/gateway-ext.yaml diff --git a/charts/k10/k10/templates/gateway.yaml b/charts/kasten/k10/templates/gateway.yaml similarity index 94% rename from charts/k10/k10/templates/gateway.yaml rename to charts/kasten/k10/templates/gateway.yaml index df02b5eb9..4c6e89dfb 100644 --- a/charts/k10/k10/templates/gateway.yaml +++ b/charts/kasten/k10/templates/gateway.yaml @@ -126,11 +126,11 @@ spec: image: {{ include "k10.emissaryImage" . }} resources: limits: - cpu: 1000m - memory: 1Gi + cpu: {{ .Values.gateway.resources.limits.cpu | quote }} + memory: {{ .Values.gateway.resources.limits.memory | quote }} requests: - cpu: 200m - memory: 300Mi + cpu: {{ .Values.gateway.resources.requests.cpu | quote }} + memory: {{ .Values.gateway.resources.requests.memory | quote }} env: - name: AMBASSADOR_NAMESPACE valueFrom: diff --git a/charts/k10/k10/templates/grafana-scc.yaml b/charts/kasten/k10/templates/grafana-scc.yaml similarity index 95% rename from charts/k10/k10/templates/grafana-scc.yaml rename to charts/kasten/k10/templates/grafana-scc.yaml index f634498a4..c7b517e75 100644 --- a/charts/k10/k10/templates/grafana-scc.yaml +++ b/charts/kasten/k10/templates/grafana-scc.yaml @@ -9,8 +9,6 @@ metadata: allowPrivilegedContainer: false allowHostNetwork: false allowHostDirVolumePlugin: true -priority: null -allowedCapabilities: null allowHostPorts: true allowHostPID: false allowHostIPC: false diff --git a/charts/k10/k10/templates/ingress.yaml b/charts/kasten/k10/templates/ingress.yaml similarity index 100% rename from charts/k10/k10/templates/ingress.yaml rename to charts/kasten/k10/templates/ingress.yaml diff --git a/charts/k10/k10/templates/k10-config.yaml b/charts/kasten/k10/templates/k10-config.yaml similarity index 99% rename from charts/k10/k10/templates/k10-config.yaml rename to charts/kasten/k10/templates/k10-config.yaml index 88a0de686..361cdba2c 100644 --- a/charts/k10/k10/templates/k10-config.yaml +++ b/charts/kasten/k10/templates/k10-config.yaml @@ -54,6 +54,10 @@ data: efsBackupVaultName: {{ quote .Values.awsConfig.efsBackupVaultName }} {{- end }} + {{- if .Values.excludedApps }} + excludedApps: '{{ join "," .Values.excludedApps }}' + {{- end }} + {{- if .Values.vmWare.taskTimeoutMin }} vmWareTaskTimeoutMin: {{ quote .Values.vmWare.taskTimeoutMin }} {{- end }} diff --git a/charts/k10/k10/templates/k10-eula.yaml b/charts/kasten/k10/templates/k10-eula.yaml similarity index 100% rename from charts/k10/k10/templates/k10-eula.yaml rename to charts/kasten/k10/templates/k10-eula.yaml diff --git a/charts/k10/k10/templates/kopia-tls-certs.yaml b/charts/kasten/k10/templates/kopia-tls-certs.yaml similarity index 100% rename from charts/k10/k10/templates/kopia-tls-certs.yaml rename to charts/kasten/k10/templates/kopia-tls-certs.yaml diff --git a/charts/k10/k10/templates/license.yaml b/charts/kasten/k10/templates/license.yaml similarity index 100% rename from charts/k10/k10/templates/license.yaml rename to charts/kasten/k10/templates/license.yaml diff --git a/charts/k10/k10/templates/mutatingwebhook.yaml b/charts/kasten/k10/templates/mutatingwebhook.yaml similarity index 100% rename from charts/k10/k10/templates/mutatingwebhook.yaml rename to charts/kasten/k10/templates/mutatingwebhook.yaml diff --git a/charts/k10/k10/templates/networkpolicy.yaml b/charts/kasten/k10/templates/networkpolicy.yaml similarity index 98% rename from charts/k10/k10/templates/networkpolicy.yaml rename to charts/kasten/k10/templates/networkpolicy.yaml index b693f1c66..0c0b399dd 100644 --- a/charts/k10/k10/templates/networkpolicy.yaml +++ b/charts/kasten/k10/templates/networkpolicy.yaml @@ -52,7 +52,7 @@ spec: ports: - protocol: TCP port: {{ .Values.service.externalPort }} -{{- if ( .Values.features | default dict).multicluster }} +{{- if (include "k10.isMulticlusterPrimary" .) }} --- kind: NetworkPolicy apiVersion: networking.k8s.io/v1 diff --git a/charts/k10/k10/templates/prometheus-configmap.yaml b/charts/kasten/k10/templates/prometheus-configmap.yaml similarity index 78% rename from charts/k10/k10/templates/prometheus-configmap.yaml rename to charts/kasten/k10/templates/prometheus-configmap.yaml index ba858382d..79a8822d2 100644 --- a/charts/k10/k10/templates/prometheus-configmap.yaml +++ b/charts/kasten/k10/templates/prometheus-configmap.yaml @@ -3,7 +3,7 @@ {{- if .Values.gateway.exposeAdminPort -}} {{- $scrape_services = append (include "k10.restServices" . | splitList " " ) "gateway" -}} {{- end -}} -{{- if not (default .Values.features dict).multicluster -}} +{{- if not (include "k10.isMulticlusterPrimary" .) -}} {{- $scrape_services = without $scrape_services "mccontrollermanager" -}} {{- end -}} {{- include "check.validateMonitoringProperties" .}} @@ -52,4 +52,20 @@ data: labels: app: prometheus component: server + - job_name: k10-pods + scheme: http + metrics_path: /metrics + kubernetes_sd_configs: + - role: pod + namespaces: + own_namespace: true + selectors: + - role: pod + label: "component=executor" + relabel_configs: + - action: labelmap + regex: __meta_kubernetes_pod_label_(.+) + - source_labels: [__meta_kubernetes_pod_container_port_number] + action: keep + regex: 8\d{3} {{- end -}} diff --git a/charts/k10/k10/templates/prometheus-service.yaml b/charts/kasten/k10/templates/prometheus-service.yaml similarity index 100% rename from charts/k10/k10/templates/prometheus-service.yaml rename to charts/kasten/k10/templates/prometheus-service.yaml diff --git a/charts/k10/k10/templates/rbac.yaml b/charts/kasten/k10/templates/rbac.yaml similarity index 83% rename from charts/k10/k10/templates/rbac.yaml rename to charts/kasten/k10/templates/rbac.yaml index 43567bef8..34cc638c9 100644 --- a/charts/k10/k10/templates/rbac.yaml +++ b/charts/kasten/k10/templates/rbac.yaml @@ -238,3 +238,56 @@ subjects: name: {{ . }} {{- end }} {{- end }} +{{- if and .Values.rbac.create (not .Values.prometheus.rbac.create) }} +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: +{{ include "helm.labels" . | indent 4 }} +{{ include "k10.defaultRBACLabels" . | indent 4 }} + name: {{ .Release.Name }}-prometheus-server + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: + - "" + resources: + - nodes + - nodes/proxy + - nodes/metrics + - services + - endpoints + - pods + - ingresses + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - extensions + - networking.k8s.io + resources: + - ingresses/status + - ingresses + verbs: + - get + - list + - watch +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + labels: +{{ include "helm.labels" . | indent 4 }} + name: {{ .Release.Namespace }}-{{ template "serviceAccountName" . }}-prometheus-server + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Release.Name }}-prometheus-server +subjects: + - kind: ServiceAccount + name: prometheus-server + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/charts/k10/k10/templates/route.yaml b/charts/kasten/k10/templates/route.yaml similarity index 100% rename from charts/k10/k10/templates/route.yaml rename to charts/kasten/k10/templates/route.yaml diff --git a/charts/k10/k10/templates/scc.yaml b/charts/kasten/k10/templates/scc.yaml similarity index 95% rename from charts/k10/k10/templates/scc.yaml rename to charts/kasten/k10/templates/scc.yaml index df12af4e3..4d039ef00 100644 --- a/charts/k10/k10/templates/scc.yaml +++ b/charts/kasten/k10/templates/scc.yaml @@ -8,8 +8,6 @@ metadata: allowPrivilegedContainer: false allowHostNetwork: false allowHostDirVolumePlugin: true -priority: null -allowedCapabilities: null allowHostPorts: true allowHostPID: false allowHostIPC: false diff --git a/charts/k10/k10/templates/secrets.yaml b/charts/kasten/k10/templates/secrets.yaml similarity index 100% rename from charts/k10/k10/templates/secrets.yaml rename to charts/kasten/k10/templates/secrets.yaml diff --git a/charts/k10/k10/templates/serviceaccount.yaml b/charts/kasten/k10/templates/serviceaccount.yaml similarity index 100% rename from charts/k10/k10/templates/serviceaccount.yaml rename to charts/kasten/k10/templates/serviceaccount.yaml diff --git a/charts/k10/k10/templates/v0services.yaml b/charts/kasten/k10/templates/v0services.yaml similarity index 98% rename from charts/k10/k10/templates/v0services.yaml rename to charts/kasten/k10/templates/v0services.yaml index b318d7f14..06eafb222 100644 --- a/charts/k10/k10/templates/v0services.yaml +++ b/charts/kasten/k10/templates/v0services.yaml @@ -8,12 +8,12 @@ {{- $os_postfix := default .Release.Name .Values.route.path -}} {{- $main_context := . -}} {{ $service_list := append (include "k10.restServices" . | splitList " ") "frontend" }} -{{- if not (default .Values.features dict).multicluster -}} +{{- if not (include "k10.isMulticlusterPrimary" .) -}} {{- $service_list = without $service_list "mccontrollermanager" -}} {{- end -}} {{- range $service_list }} {{- $exposed_service := (has . $exposed_services) }} - {{- $mc_exposed_service := (and (eq . "mccontrollermanager") (default $.Values.features dict).multicluster) }} + {{- $mc_exposed_service := (and (eq . "mccontrollermanager") (include "k10.isMulticlusterPrimary" $)) }} {{ if not (hasKey $colocated_services . ) }} apiVersion: v1 kind: Service diff --git a/charts/k10/k10/triallicense b/charts/kasten/k10/triallicense similarity index 100% rename from charts/k10/k10/triallicense rename to charts/kasten/k10/triallicense diff --git a/charts/k10/k10/values.schema.json b/charts/kasten/k10/values.schema.json similarity index 86% rename from charts/k10/k10/values.schema.json rename to charts/kasten/k10/values.schema.json index 5cd9cef58..3121c98ee 100644 --- a/charts/k10/k10/values.schema.json +++ b/charts/kasten/k10/values.schema.json @@ -2,41 +2,6 @@ "$schema": "https://json-schema.org/draft/2019-09/schema", "type": "object", "properties": { - "image": { - "type": "object", - "title": "Container images config", - "description": "Configure docker images for all the containers", - "properties": { - "registry": { - "type": "string", - "default": "gcr.io", - "title": "Container images registry address", - "description": "Change default registry for all the images" - }, - "repository": { - "type": "string", - "default": "kasten-images", - "title": "Container images repository name", - "description": "Change default repository for all the images" - }, - "tag": { - "type": "string", - "title": "Container images tag", - "description": "Change default tag for all the images" - }, - "pullPolicy": { - "type": "string", - "default": "Always", - "title": "Container images pullPolicy", - "description": "Change default pullPolicy for all the images", - "enum": [ - "IfNotPresent", - "Always", - "Never" - ] - } - } - }, "rbac": { "type": "object", "title": "RBAC configuration", @@ -99,13 +64,44 @@ "type": "object", "title": "Global settings", "properties": { + "image": { + "type": "object", + "title": "K10 image configurations", + "description": "Change K10 image settings", + "properties": { + "registry": { + "type": "string", + "default": "gcr.io/kasten-images", + "title": "K10 image registry", + "description": "Change default K10 image registry" + }, + "tag": { + "type": "string", + "default": "", + "title": "K10 image tag", + "description": "Change default K10 tag" + }, + "pullPolicy": { + "type": "string", + "default": "Always", + "title": "Container images pullPolicy", + "description": "Change default pullPolicy for all the images", + "enum": [ + "IfNotPresent", + "Always", + "Never" + ] + } + } + }, "airgapped": { "type": "object", "title": "Airgapped offline installation", - "description": "Configure Airgapped offline installatio", + "description": "Configure Airgapped offline installation", "properties": { "repository": { "type": "string", + "default": "", "title": "helm repository", "description": "The helm repository for offline (airgapped) installation" } @@ -236,147 +232,175 @@ "properties": { "admin": { "type": "string", + "default": "", "title": "Admin service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "aggregatedapis": { "type": "string", + "default": "", "title": "Aggregatedapis service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "ambassador": { "type": "string", + "default": "", "title": "Ambassador service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "auth": { "type": "string", + "default": "", "title": "Auth service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "bloblifecyclemanager": { "type": "string", + "default": "", "title": "Bloblifecyclemanager service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "catalog": { "type": "string", + "default": "", "title": "Catalog service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "cephtool": { "type": "string", + "default": "", "title": "Cephtool service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "configmap-reload": { "type": "string", "title": "Configmap-reload service container image", - "default": "jimmidyson/configmap-reload:v0.5.0", + "default": "", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "controllermanager": { "type": "string", + "default": "", "title": "Controllermanager service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "crypto": { "type": "string", + "default": "", "title": "Crypto service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "dashboardbff": { "type": "string", + "default": "", "title": "Dashboardbff service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "datamover": { "type": "string", + "default": "", "title": "Datamover service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "dex": { "type": "string", + "default": "", "title": "Dex service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "emissary": { "type": "string", + "default": "", "title": "Emissary service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "events": { "type": "string", + "default": "", "title": "Events service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "executor": { "type": "string", + "default": "", "title": "Executor service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "frontend": { "type": "string", + "default": "", "title": "Frontend service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "grafana": { "type": "string", "title": "Grafana service container image", - "default": "grafana/grafana:9.1.5", + "default": "", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "jobs": { "type": "string", + "default": "", "title": "Jobs service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "kanister-tools": { "type": "string", - "title": "Kanister-tools service container image" + "default": "", + "title": "Kanister-tools service container image", + "description": "Kanister-tools service container image contains set of tools, required for all kanister related operations. It is used for debug, troubleshooting, primer purposes as well" }, "kanister": { "type": "string", + "default": "", "title": "Kanister service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "logging": { "type": "string", + "default": "", "title": "Logging service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "metering": { "type": "string", + "default": "", "title": "Metering service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "paygo_daemonset": { "type": "string", + "default": "", "title": "Paygo_daemonset service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "prometheus": { "type": "string", + "default": "", "title": "Prometheus service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "state": { "type": "string", + "default": "", "title": "State service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "upgrade": { "type": "string", + "default": "", "title": "Upgrade service container image", - "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(image.registry/image.repository)/:(Chart.AppVersion)|(image.tag)'" + "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes. If not set, the image name is formed with '(global.airgapped.repository)|(global.image.registry)/:(Chart.AppVersion)|(image.tag)'" }, "vbrintegrationapi": { "type": "string", + "default": "", "title": "Vbrintegrationapi service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." }, "garbagecollector": { "type": "string", + "default": "", "title": "Garbagecollector service container image", "description": "Used for packaging RedHat Operator. Setting this flag along with global.rhMarketPlace=true overrides the default image name. This flag is only for internal purposes." } @@ -384,6 +408,7 @@ }, "imagePullSecret": { "type": "string", + "default": "", "title": "Container image pull secret", "description": "Secret which contains docker config for private repository. Use `k10-ecr` when secrets.dockerConfigPath is used." }, @@ -399,6 +424,7 @@ }, "urlPath": { "type": "string", + "default": "", "title": "URL path for ingress config", "description": "Set URL path for ingress" } @@ -416,6 +442,7 @@ }, "path": { "type": "string", + "default": "", "title": "Route path", "description": "Set path for Route" } @@ -433,16 +460,19 @@ "properties": { "host": { "type": "string", + "default": "", "title": "External prometheus host name", "description": "Set prometheus host name" }, "port": { "type": "string", + "default": "", "title": "External prometheus port number", - "descrption": "Set prometheus port number" + "description": "Set prometheus port number" }, "baseURL": { "type": "string", + "default": "", "title": "External prometheus baseURL", "description": "Set prometheus baseURL" } @@ -459,7 +489,7 @@ "type": "boolean", "default": false, "title": "Enable ipv6", - "Description": "Set true to enable ipv6" + "description": "Set true to enable ipv6" } } } @@ -478,16 +508,19 @@ }, "host": { "type": "string", + "default": "", "title": "Host name", "description": "Set Host name for the route" }, "path": { "type": "string", + "default": "", "title": "Route path", "description": "Set Path for the route" }, "annotations": { "type": "object", + "default": {}, "title": "Route annotations", "description": "Set annotations for the route", "examples": [ @@ -500,6 +533,7 @@ }, "labels": { "type": "object", + "default": {}, "title": "Route label", "description": "Set Labels for the route resource", "examples": [ @@ -577,7 +611,7 @@ "properties": { "registry": { "type": "string", - "default": "quay.io", + "default": "ghcr.io", "title": "Dex image registry", "description": "Change default image registry for Dex images" }, @@ -657,11 +691,13 @@ }, "class": { "type": "string", + "default": "", "title": "Ingress controller class", "description": "Cluster ingress controller class: nginx, GCE" }, "host": { "type": "string", + "default": "", "title": "Ingress host name", "description": "FQDN for name-based virtual host", "examples": [ @@ -670,6 +706,7 @@ }, "urlPath": { "type": "string", + "default": "", "title": "Ingress URL path", "description": "URL path for K10 Dashboard", "examples": [ @@ -678,6 +715,7 @@ }, "pathType": { "type": "string", + "default": "ImplementationSpecific", "title": "Ingress path type", "description": "Set the path type for the ingress resource", "enum": [ @@ -695,12 +733,14 @@ "accept": { "type": "boolean", "default": false, - "title": " enable accept EULA before installation" + "title": "Enable accept EULA before installation", + "description": "An End-user license agreement (EULA) is a legal agreement granting a user a license to use an application or software. It must be consented to before a user buys, installs, or downloads an application or software owned by the service provider." } } }, "license": { "type": "string", + "default": "", "title": "License from Kasten", "description": "Add license string obtained from Kasten" }, @@ -722,25 +762,6 @@ "title": "Internal Prometheus configuration", "description": "Configure internal Prometheus", "properties": { - "k10image": { - "type": "object", - "title": "Prometheus image configurations", - "description": "Change Prometheus image settings", - "properties": { - "registry": { - "type": "string", - "default": "gcr.io", - "title": "Prometheus image registry", - "description": "Change default Prometheus image registry" - }, - "repository": { - "type": "string", - "default": "kasten-images", - "title": "Prometheus image repository", - "description": "Change default Prometheus image repository" - } - } - }, "initChownData": { "type": "object", "title": "Prometheus init container", @@ -762,8 +783,8 @@ "create": { "type": "boolean", "default": false, - "title": "Enable Prometheus rbac", - "description": "Whether to create Prometheus rbac configuration" + "title": "Enable Prometheus rbac. Warning - cluster wide permissions", + "description": "Whether to create Prometheus rbac configuration. Warning - this action will allow prometheus to scrape pods in all k8s namespaces." } } }, @@ -813,6 +834,7 @@ "properties": { "enabled": { "type": "boolean", + "default": false, "title": "Enable Prometheus NodeExporter", "description": "Create Prometheus NodeExporter service" } @@ -825,6 +847,7 @@ "properties": { "enabled": { "type": "boolean", + "default": false, "title": "Enable Prometheus PushGateway", "description": "Create Prometheus PushGateway service" } @@ -1054,6 +1077,7 @@ }, "agentDNS": { "type": "string", + "default": "", "title": "Jaeger agentDNS", "description": "Set agentDNS for Jaeger tracing" } @@ -1096,101 +1120,139 @@ "properties": { "awsAccessKeyId": { "type": "string", + "default": "", "title": "AWS access key ID", "description": "Set AWS access key ID required for AWS deployment" }, "awsSecretAccessKey": { "type": "string", + "default": "", "title": "AWS secret access key", "description": "Set AWS access key secret" }, "awsIamRole": { "type": "string", + "default": "", "title": "AWS IAM Role", "description": "ARN of the AWS IAM role assumed by K10 to perform any AWS operation" }, "googleApiKey": { "type": "string", + "default": "", "title": "Google API Key", "description": "Non-default base64 encoded GCP Service Account key file" }, + "ibmSoftLayerApiKey": { + "type": "string", + "default": "", + "title": "IBM SoftLayer API key", + "description": "API key for accessing Classic Infrastructure (AKA SoftLayer) services, requires ibmSoftLayerApiUsername" + }, + "ibmSoftLayerApiUsername": { + "type": "string", + "default": "", + "title": "IBM SoftLayer Username", + "description": "Username for accessing Classic Infrastructure (AKA SoftLayer) services, requires ibmSoftLayerApiKey" + }, + "tlsSecret": { + "type": "string", + "default": "", + "title": "K8s TLS secret name contains for k10 Gateway service", + "description": "Specify a Secret directly instead of having to provide both the cert and key. This reduces the security risk a bit by not caching the certs and keys in the bash history." + }, "dockerConfig": { "type": "string", + "default": "", "title": "Docker config", "description": "base64 representation of your Docker credentials to pull docker images from a private registry" }, "dockerConfigPath": { "type": "string", + "default": "", "title": "Docker config path", "description": "Path to Docker config file to create secret from" }, "azureTenantId": { "type": "string", + "default": "", "title": "Azure tenant ID", "description": "Azure tenant ID required for Azure deployment" }, "azureClientId": { "type": "string", + "default": "", "title": "Azure client ID", "description": "Azure Service App ID" }, "azureClientSecret": { "type": "string", + "default": "", "title": "Azure client Secret", "description": "Azure Service APP secret" }, "azureResourceGroup": { "type": "string", + "default": "", "title": "Azure resource group", "description": "Resource Group name that was created for the Kubernetes cluster" }, "azureSubscriptionID": { "type": "string", + "default": "", "title": "Azure subscription ID", "description": "Subscription ID in your Azure tenant" }, "azureResourceMgrEndpoint": { "type": "string", + "default": "", "title": "Azure resource manager endpoint", "description": "Resource management endpoint for the Azure Stack instance" }, "azureADEndpoint": { "type": "string", + "default": "", "title": "Azure AD endpoint", "description": "Azure Active Directory login endpoint" }, "azureADResourceID": { "type": "string", + "default": "", "title": "Azure Active Directory resource ID", "description": "Azure Active Directory resource ID to obtain AD tokens" }, "azureCloudEnvID": { "type": "string", + "default": "", "title": "Azure Cloud Environment ID", "description": "Azure Cloud Environment ID" }, "apiTlsCrt": { "type": "string", + "default": "", "title": "API TLS Certificate", "description": "K8s API server TLS certificate" }, "apiTlsKey": { "type": "string", + "default": "", "title": "API TLS Key", "description": "K8s API server TLS key" }, "vsphereEndpoint": { "type": "string", + "default": "", "title": "vSphere endpoint", "description": "vSphere endpoint for login" }, "vsphereUsername": { "type": "string", + "default": "", "title": "", "description": "" }, "vspherePassword": { "type": "string", + "default": "", "title": "vSphere password", "description": "vSphere password for login" } @@ -1203,21 +1265,25 @@ "properties": { "reportingKey": { "type": "string", + "default": "", "title": "Reporting key", "description": "Base64 encoded reporting key" }, "consumerId": { "type": "string", + "default": "", "title": "Consumer ID", "description": "Consumer ID in the format project:" }, "awsRegion": { "type": "string", + "default": "", "title": "AWS Region", "description": "Set AWS_REGION for metering service" }, "awsMarketPlaceIamRole": { "type": "string", + "default": "", "title": "AWS Marketplace IAM Role", "description": "Set AWS marketplace IAM Role" }, @@ -1235,6 +1301,7 @@ }, "licenseConfigSecretName": { "type": "string", + "default": "", "title": "License config secret name", "description": "AWS managed license config secret" }, @@ -1259,6 +1326,7 @@ }, "mode": { "type": "string", + "default": "", "title": "Control license reporting", "description": "Set to `airgap` for private-network installs" }, @@ -1282,6 +1350,7 @@ }, "promoID": { "type": "string", + "default": "", "title": "K10 promotion ID", "description": "K10 promotion ID from marketing campaigns" } @@ -1289,6 +1358,7 @@ }, "clusterName": { "type": "string", + "default": "", "title": "Cluster name", "description": "Cluster name for better logs visibility" }, @@ -1318,6 +1388,7 @@ "annotations": { "type": "object", "title": "The annotations Schema", + "default": {}, "description": "Standard annotations for the services" }, "fqdn": { @@ -1327,11 +1398,13 @@ "properties": { "name": { "type": "string", + "default": "", "title": "Domain name for the K10 API services", "description": "Domain name for the K10 API services" }, "type": { "type": "string", + "default": "", "title": "Gateway type", "description": "Supported gateway type: route53-mapper or external-dns" } @@ -1339,6 +1412,7 @@ }, "awsSSLCertARN": { "type": "string", + "default": "", "title": "AWS SSL Cert ARN", "description": "ARN for the AWS ACM SSL certificate used in the K10 API server" } @@ -1351,6 +1425,7 @@ "properties": { "groupAllowList": { "type": "array", + "default": [], "items": { "type": "string" }, @@ -1376,11 +1451,13 @@ }, "secretName": { "type": "string", + "default": "", "title": "Secret with basic auth creds", "description": "Name of an existing Secret that contains a file generated with htpasswd" }, "htpasswd": { "type": "string", + "default": "", "title": "Basic authentication creds", "description": "A username and password pair separated by a colon character" } @@ -1413,16 +1490,19 @@ }, "providerURL": { "type": "string", + "default": "", "title": "OIDC Provider URL", "description": "URL for the OIDC Provider" }, "redirectURL": { "type": "string", + "default": "", "title": "K10 gateway service URL", "description": "URL to the K10 gateway service" }, "scopes": { "type": "string", + "default": "", "title": "OIDC scopes", "description": "Space separated OIDC scopes required for userinfo", "examples": [ @@ -1443,41 +1523,49 @@ }, "clientID": { "type": "string", + "default": "", "title": "OIDC client ID", "description": "Client ID given by the OIDC provider" }, "clientSecret": { "type": "string", + "default": "", "title": "OIDC client secret", "description": "Client secret given by the OIDC provider" }, "usernameClaim": { "type": "string", + "default": "", "title": "OIDC username claim", "description": "The claim to be used as the username" }, "usernamePrefix": { "type": "string", + "default": "", "title": "OIDC username prefix", "description": "Prefix that has to be used with the username obtained from the username claim" }, "groupClaim": { "type": "string", + "default": "", "title": "OIDC group claim", "description": "Name of a custom OpenID Connect claim for specifying user groups" }, "groupPrefix": { "type": "string", + "default": "", "title": "OIDC group prefix", "description": "All groups will be prefixed with this value to prevent conflicts" }, "logoutURL": { "type": "string", + "default": "", "title": "OIDC logout endpoint", "description": "URL to your OIDC provider's logout endpoint" }, "secretName": { "type": "string", + "default": "", "title": "OIDC config based existing secret", "description": "Must include providerURL, redirectURL, scopes, clientID/secret and logoutURL" } @@ -1496,11 +1584,13 @@ }, "providerURL": { "type": "string", + "default": "", "title": "Dex provider URL", "description": "Set Dex provider URL" }, "redirectURL": { "type": "string", + "default": "", "title": "K10 gateway service URL", "description": "URL to the K10 gateway service" } @@ -1519,21 +1609,25 @@ }, "serviceAccount": { "type": "string", + "default": "", "title": "Service account that represents an OAuth client", "description": "Name of the service account that represents an OAuth client" }, "clientSecret": { "type": "string", + "default": "", "title": "Service account token", "description": "The token corresponding to the service account" }, "dashboardURL": { "type": "string", + "default": "", "title": "K10 dashboard URL", "description": "The URL used for accessing K10's dashboard" }, "openshiftURL": { "type": "string", + "default": "", "title": "OpenShift URL", "description": "The URL for accessing OpenShift's API server" }, @@ -1551,6 +1645,7 @@ }, "secretName": { "type": "string", + "default": "", "title": "The Kubernetes Secret that contains OIDC settings", "description": "Specify Kubernetes Secret that contains OIDC settings" }, @@ -1562,6 +1657,7 @@ }, "usernamePrefix": { "type": "string", + "default": "", "title": "Username prefix", "description": "Prefix that has to be used with the username obtained from the username claim" }, @@ -1598,11 +1694,13 @@ }, "dashboardURL": { "type": "string", + "default": "", "title": "K10 dashboard URL", "description": "The URL used for accessing K10's dashboard" }, "host": { "type": "string", + "default": "", "title": "Host and port of the AD/LDAP server", "description": "Host and optional port of the AD/LDAP server in the form `host:port`" }, @@ -1632,11 +1730,13 @@ }, "bindPW": { "type": "string", + "default": "", "title": "The password for `bindDN`", "description": "The password corresponding to the `bindDN` for connecting to the AD/LDAP host" }, "bindPWSecretName": { "type": "string", + "default": "", "title": "Secret name containing the password", "description": "Secret name containing the password corresponding to the `bindDN` for connecting to the AD/LDAP host" }, @@ -1647,36 +1747,43 @@ "properties": { "baseDN": { "type": "string", + "default": "", "title": "The base username to start the AD/LDAP search from", "description": "The base Distinguished Name to start the AD/LDAP search from" }, "filter": { "type": "string", + "default": "", "title": "filter to apply when searching", "description": "Optional filter to apply when searching the directory" }, "username": { "type": "string", + "default": "", "title": "Username to search in the directory", "description": "Attribute used for comparing user entries when searching the directory" }, "idAttr": { "type": "string", + "default": "", "title": "Attribute in a user's entry that should map to the user ID field in a token", "description": "AD/LDAP attribute in a user's entry that should map to the user ID field in a token" }, "emailAttr": { "type": "string", + "default": "", "title": "Attribute in a user's entry that should map to the email field in a token", "description": "AD/LDAP attribute in a user's entry that should map to the email field in a token" }, "nameAttr": { "type": "string", + "default": "", "title": "Attribute in a user's entry that should map to the name field in a token", "description": "Attribute in a user's entry that should map to the name field in a token" }, "preferredUsernameAttr": { "type": "string", + "default": "", "title": "Attribute in a user's entry that should map to the preferred_username field in a token", "description": "AD/LDAP attribute in a user's entry that should map to the preferred_username field in a token" } @@ -1689,11 +1796,13 @@ "properties": { "baseDN": { "type": "string", + "default": "", "title": "The base Distinguished Name", "description": "The base Distinguished Name to start the AD/LDAP group search from" }, "filter": { "type": "string", + "default": "", "title": "Search filter", "description": "filter to apply when searching the directory for groups" }, @@ -1704,19 +1813,25 @@ "properties": { "userAttr": { "type": "string", - "title": "Attribute in the user's entry that must match with the groupAttr while searching for groups" + "default": "", + "title": "Attribute in the user's entry", + "description": "Attribute in the user's entry that must match with the groupAttr while searching for groups" }, "groupAttr": { "type": "string", - "title": "Attribute in the group's entry that must match with the userAttr while searching for groups" + "default": "", + "title": "Attribute in the group's entry", + "description": "Attribute in the group's entry that must match with the userAttr while searching for groups" } } }, + "default": [], "title": "List of field pairs that are used to match a user to a group", "description": "List of field pairs that are used to match a user to a group" }, "nameAttr": { "type": "string", + "default": "", "title": "Attribute that represents a group's name in the directory", "description": "The AD/LDAP attribute that represents a group's name in the directory" } @@ -1724,16 +1839,19 @@ }, "secretName": { "type": "string", + "default": "", "title": "The Kubernetes Secret with OIDC settings", "description": "The Kubernetes Secret that contains OIDC settings" }, "usernameClaim": { "type": "string", + "default": "email", "title": "Username claim", "description": "The claim to be used as the username" }, "usernamePrefix": { "type": "string", + "default": "", "title": "Username prefix", "description": "Prefix that has to be used with the username obtained from the username claim" }, @@ -1785,20 +1903,7 @@ "title": "Enable VBRIntegratipnAPI service", "description": "Set true to enable VBRIntegratipnAPI service", "type": "boolean", - "default": false - } - } - }, - "garbagecollector": { - "type": "object", - "title": "GarbageCollector service", - "description": "Settings for GarbageCollector service", - "properties": { - "enabled": { - "type": "boolean", - "default": false, - "title": "Enable GarbageCollector service", - "description": "Set true to enable GarbageCollector service" + "default": true } } } @@ -1812,7 +1917,8 @@ "name": { "title": "Name of the configmap", "description": "Name of the K8s ConfigMap containing a certificate for a trusted root certificate authority", - "type": "string" + "type": "string", + "default": "" } } }, @@ -1847,6 +1953,7 @@ "properties": { "matchLabels": { "type": "object", + "default": {}, "title": "namespaceSelector matchLabels", "description": "Set of labels to select namespaces in which sidecar injection is enabled for workloads" } @@ -1859,6 +1966,7 @@ "properties": { "matchLabels": { "type": "object", + "default": {}, "title": "objectSelector matchLabels", "description": "Set of labels to filter workload objects in which the sidecar is injected" } @@ -1881,11 +1989,13 @@ }, "kanisterPodCustomLabels": { "type": "string", + "default": "", "title": "Kanister pod custom labels", "description": "Custom labels for pods managed by Kanister" }, "kanisterPodCustomAnnotations": { "type": "string", + "default": "", "title": "Kanister pod custom annotations", "description": "Custom annotations added to pods managed by Kanister" }, @@ -1906,6 +2016,7 @@ "properties": { "memory": { "type": "string", + "default": "", "title": "Generic Volume Snapshot restore pods memory request", "description": "Generic Volume Snapshot restore pods memory request", "examples": [ @@ -1914,6 +2025,7 @@ }, "cpu": { "type": "string", + "default": "", "title": "Generic Volume Snapshot restore pods cpu request", "description": "Generic Volume Snapshot restore pods cpu request", "examples": [ @@ -1929,6 +2041,7 @@ "properties": { "memory": { "type": "string", + "default": "", "title": "Generic Volume Snapshot restore pods memory limit", "description": "Generic Volume Snapshot restore pods memory limit", "examples": [ @@ -1937,6 +2050,7 @@ }, "cpu": { "type": "string", + "default": "", "title": "Generic Volume Snapshot restore pods cpu limit", "description": "Generic Volume Snapshot restore pods cpu limit", "examples": [ @@ -1988,7 +2102,7 @@ "type": "boolean", "default": false, "title": "Enable importRunActions collector", - "title": "Set true to enable importRunActions collector" + "description": "Set true to enable importRunActions collector" } } } @@ -1996,6 +2110,7 @@ }, "resources": { "type": "object", + "default": {}, "title": "K10 pods resource config", "description": "Resource management for K10 pods" }, @@ -2018,8 +2133,26 @@ "workerCount": { "type": "integer", "default": 8, - "title": "executor workers count", + "title": "Executor workers count", "description": "Count of running executor workers" + }, + "maxConcurrentRestoreCsiSnapshots": { + "type": "integer", + "default": 3, + "title": "Concurrent restore CSI snapshots operations", + "description": "Limit of concurrent restore CSI snapshots operations per each restore action" + }, + "maxConcurrentRestoreGenericVolumeSnapshots": { + "type": "integer", + "default": 3, + "title": "Concurrent restore generic volume snapshots operations", + "description": "Limit of concurrent restore generic volume snapshots operations per each restore action" + }, + "maxConcurrentRestoreWorkloads": { + "type": "integer", + "default": 3, + "title": "Concurrent restore workloads operations", + "description": "Limit of concurrent restore workloads operations per each restore action" } } }, @@ -2138,6 +2271,63 @@ "default": true, "title": "Expose Admin port", "description": "Whether to expose Admin port for gateway service" + }, + "resources": { + "type": "object", + "title": "Gateway pod resource config", + "description": "Configure resource request and limits by Gateway pod", + "properties": { + "requests": { + "type": "object", + "title": "Gateway resource requests", + "description": "Gateway resource requests configuration", + "properties": { + "memory": { + "type": "string", + "default": "300Mi", + "title": "Gateway pod memory request", + "description": "Gateway pod memory request", + "examples": [ + "1Gi" + ] + }, + "cpu": { + "type": "string", + "default": "200m", + "title": "Gateway pod cpu request", + "description": "Gateway pod cpu request", + "examples": [ + "1" + ] + } + } + }, + "limits": { + "type": "object", + "title": "Gateway resource limits", + "description": "Gateway resource limits configuration", + "properties": { + "memory": { + "type": "string", + "default": "1Gi", + "title": "Gateway pod memory limit", + "description": "Gateway pod memory limit", + "examples": [ + "1Gi" + ] + }, + "cpu": { + "type": "string", + "default": "1000m", + "title": "Gateway pod cpu limit", + "description": "Gateway pod cpu limit", + "examples": [ + "1" + ] + } + } + } + } } } }, @@ -2203,6 +2393,7 @@ "properties": { "assumeRoleDuration": { "type": "string", + "default": "", "title": "Duration of a session token generated by AWS for an IAM role", "description": "The minimum value is 15 minutes and the maximum value is the maximum duration setting for that IAM role. For documentation about how to view and edit the maximum session duration for an IAM role see https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html#id_roles_use_view-role-max-session. The value accepts a number along with a single character 'm'(for minutes) or 'h' (for hours) Examples: 60m or 2h" }, @@ -2214,6 +2405,19 @@ } } }, + "azure": { + "type": "object", + "title": "Azure config", + "description": "Azure config", + "properties": { + "useDefaultMSI": { + "type": "boolean", + "default": false, + "title": "Use the default Managed Identity", + "description": "Set to true - profile does not need a secret, Default Managed Identity will be used" + } + } + }, "grafana": { "type": "object", "title": "Grafana config", @@ -2237,6 +2441,32 @@ "title": "Prometheus prefix URL", "description": "URL for Prometheus datasource in Grafana (must match `prometheus.server.prefixURL`)" }, + "extraLabels": { + "type": "object", + "title": "Custom labels for all manifests", + "description": "Custom labels for all manifests", + "properties": { + "component": { + "type": "string", + "default": "grafana", + "title": "Component name", + "description": "Component name" + } + } + }, + "podLabels": { + "type": "object", + "title": "Pod labels", + "description": "Pod labels", + "properties": { + "component": { + "type": "string", + "default": "grafana", + "title": "Component name", + "description": "Component name" + } + } + }, "rbac": { "type": "object", "title": "Grafana rbac config", @@ -2270,11 +2500,13 @@ "properties": { "awsCmkKeyId": { "type": "string", + "default": "", "title": "The AWS CMK key ID for encrypting K10 Primary Key", "description": "Ensures AWS CMK is used for encrypting K10 primary key" }, "vaultTransitKeyName": { "type": "string", + "default": "", "title": "Vault transit Key Name", "description": "Vault Transit key name for Vault integration" }, @@ -2293,7 +2525,8 @@ "title": "VMWare integration config", "properties": { "taskTimeoutMin": { - "type": "string", + "type": "integer", + "default": 60, "title": "the timeout for VMWare operations", "description": "the timeout for VMWare operations in minutes" } @@ -2306,32 +2539,54 @@ "properties": { "secretName": { "type": "string", + "default": "", "title": "Vault secret name", "description": "Vault secret name" }, "address": { "type": "string", - "default": "http://vault:8200", + "default": "http://vault.vault.svc:8200", "title": "Vault address", "description": "Specify Vault endpoint" + }, + "role": { + "type": "string", + "default": "", + "title": "Vault Service Account Role", + "description": "Role that was bound to the service account name and namespace from cluster" + }, + "serviceAccountTokenPath": { + "type": "string", + "default": "", + "title": "Token path for Vault Service Account Role", + "description": "Default: '/var/run/secrets/kubernetes.io/serviceaccount/token'" } } - } - }, - "kubeVirtVMs": { - "type": "object", - "properties": { - "snapshot": { - "type": "object", - "properties": { - "unfreezeTimeout":{ - "type": "string", - "title": "Unfreeze timeout for Virtual Machines", - "description": "Time within which K10 is expected to complete the Virtual Machine's backup and thaw the Virtual Machine.", - "default": "5m" + }, + "kubeVirtVMs": { + "type": "object", + "properties": { + "snapshot": { + "type": "object", + "properties": { + "unfreezeTimeout":{ + "type": "string", + "title": "Unfreeze timeout for Virtual Machines", + "description": "Time within which K10 is expected to complete the Virtual Machine's backup and thaw the Virtual Machine.", + "default": "5m" + } } } } + }, + "excludedApps": { + "type": "array", + "items": { + "type": "string" + }, + "default": [], + "title": "List of applications to be excluded", + "description": "List of applications to be excluded from the dashboard & compliance considerations" } } } diff --git a/charts/k10/k10/values.yaml b/charts/kasten/k10/values.yaml similarity index 96% rename from charts/k10/k10/values.yaml rename to charts/kasten/k10/values.yaml index f7568e865..dcb3611bb 100644 --- a/charts/k10/k10/values.yaml +++ b/charts/kasten/k10/values.yaml @@ -1,12 +1,6 @@ # Default values for k10. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -image: - registry: gcr.io - repository: kasten-images - image: '' - tag: '' - pullPolicy: Always rbac: create: true @@ -23,10 +17,13 @@ scc: networkPolicy: create: true -# Empty value of airgapped.repository specifies that the installation is -# going to be online and if we provide this value using --set flag that -# means that the installation is going to be offline global: + # These are the default values for picking k10 images. They can be overridden + # to specify a particular registy and tag. + image: + registry: gcr.io/kasten-images + tag: '' + pullPolicy: Always airgapped: repository: '' persistence: @@ -167,10 +164,6 @@ cluster: domainName: "cluster.local" #default value is cluster.local prometheus: - k10image: - # take this value from image.repository - registry: gcr.io - repository: kasten-images # Disabling init container # which uses root cmds initChownData: @@ -368,7 +361,7 @@ auth: optionalColocatedServices: vbrintegrationapi: - enabled: false + enabled: true cacertconfigmap: name: "" #Name of the configmap @@ -437,6 +430,13 @@ limiter: gateway: insecureDisableSSLVerify: false exposeAdminPort: true + resources: + requests: + memory: 300Mi + cpu: 200m + limits: + memory: 1Gi + cpu: 1000m kanister: backupTimeout: 45 @@ -452,6 +452,8 @@ awsConfig: assumeRoleDuration: "" efsBackupVaultName: "k10vault" +excludedApps: [] + grafana: enabled: true prometheusName: prometheus-server @@ -471,7 +473,7 @@ encryption: vaultTransitPath: '' vmWare: - taskTimeoutMin: "" + taskTimeoutMin: 60 azure: useDefaultMSI: false diff --git a/charts/kong/kong/CHANGELOG.md b/charts/kong/kong/CHANGELOG.md index 55e110fe1..e1fb3acf9 100644 --- a/charts/kong/kong/CHANGELOG.md +++ b/charts/kong/kong/CHANGELOG.md @@ -1,7 +1,40 @@ # Changelog -## Unreleased +## 2.16.2 +### Fixed + +* The admission webhook is disabled when the ingress controller is disabled, as + the admission webhook requires a service provided by the ingress controller. + +## 2.16.1 + +### Fixed + +* serviceAccount projected volume is properly provisioned for GKE clusters >= 1.20. + [#735](https://github.com/Kong/charts/pull/735) + +## 2.16.0 + +### Improvements + +* Let users specify their own labels and annotations for generated PodSecurityPolicy. + [#721](https://github.com/Kong/charts/pull/721) +* Enable the admission webhook by default. This can reject configuration, but + is not expected to be a meaningfully breaking change. Existing configuration + is not affected, and any new changes that the webhook would reject would also + be rejected by Kong. + [#727](https://github.com/Kong/charts/pull/727) +* Replaced static secret with projected volume in deployment. + [#722](https://github.com/Kong/charts/pull/722) +* Reject invalid log config values. + [#733](https://github.com/Kong/charts/pull/733) +* Update custom resource definitions to latest v2.8.1 from + kong/kubernetes-ingress-controller + [#730](https://github.com/Kong/charts/pull/730) +* Respect setting `.Values.deployment.serviceAccount.automountServiceAccountToken` in + migrations Jobs. This was already the case for the Deployment. + [#729](https://github.com/Kong/charts/pull/729) ## 2.15.3 @@ -51,7 +84,7 @@ but doing so is not required. ### Improvements * Default Kong and KIC versions bumped to 3.1 and 2.8. -* UDP proxy (udpProxy) assumes the UDP protocol by default for stream entries (udpProxy.stream). +* UDP proxy (udpProxy) assumes the UDP protocol by default for stream entries (udpProxy.stream). This can be still overridden to TCP by specifying the protocol explicitly, but it is not recommended to do so. [#682](https://github.com/Kong/charts/pull/682) * Supported `autoscaling/v2` API diff --git a/charts/kong/kong/Chart.yaml b/charts/kong/kong/Chart.yaml index eadc1af65..e073c6f24 100644 --- a/charts/kong/kong/Chart.yaml +++ b/charts/kong/kong/Chart.yaml @@ -20,4 +20,4 @@ maintainers: name: kong sources: - https://github.com/Kong/charts/tree/main/charts/kong -version: 2.15.3 +version: 2.16.2 diff --git a/charts/kong/kong/README.md b/charts/kong/kong/README.md index cfa2522b8..4322fb2e7 100644 --- a/charts/kong/kong/README.md +++ b/charts/kong/kong/README.md @@ -565,7 +565,7 @@ namespaces. Limiting access requires several changes to configuration: - Set `ingressController.watchNamespaces` to a list of namespaces you want to watch. The chart will automatically generate roles for each namespace and assign them to the controller's service account. -- Optionally set `ingressContrller.installCRDs=false` if your user role (the +- Optionally set `ingressController.installCRDs=false` if your user role (the role you use when running `helm install`, not the controller service account's role) does not have access to get CRDs. By default, the chart attempts to look up the controller CRDs for [a legacy behavior @@ -716,10 +716,10 @@ section of `values.yaml` file: | ingressClassAnnotations | The ingress-class value for controller | kong | | args | List of ingress-controller cli arguments | [] | | watchNamespaces | List of namespaces to watch. Watches all namespaces if empty | [] | -| admissionWebhook.enabled | Whether to enable the validating admission webhook | false | -| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Fail | +| admissionWebhook.enabled | Whether to enable the validating admission webhook | true | +| admissionWebhook.failurePolicy | How unrecognized errors from the admission endpoint are handled (Ignore or Fail) | Ignore | | admissionWebhook.port | The port the ingress controller will listen on for admission webhooks | 8080 | -| admissionWebhook.certificate.provided | Whether to generate the admission webhook certificate if not provided | false | +| admissionWebhook.certificate.provided | Use a provided certificate. When set to false, the chart will automatically generate a certificate. | false | | admissionWebhook.certificate.secretName | Name of the TLS secret for the provided webhook certificate | | | admissionWebhook.certificate.caBundle | PEM encoded CA bundle which will be used to validate the provided webhook certificate | | | deployment.userDefinedVolumes | Create volumes. Please go to Kubernetes doc for the spec of the volumes | | @@ -788,6 +788,8 @@ kong: | podDisruptionBudget.maxUnavailable | Represents the minimum number of Pods that can be unavailable (integer or percentage) | `50%` | | podDisruptionBudget.minAvailable | Represents the number of Pods that must be available (integer or percentage) | | | podSecurityPolicy.enabled | Enable podSecurityPolicy for Kong | `false` | +| podSecurityPolicy.labels | Labels to add to podSecurityPolicy for Kong | `{}` | +| podSecurityPolicy.annotations | Annotations to add to podSecurityPolicy for Kong | `{}` | | podSecurityPolicy.spec | Collection of [PodSecurityPolicy settings](https://kubernetes.io/docs/concepts/policy/pod-security-policy/#what-is-a-pod-security-policy) | | | priorityClassName | Set pod scheduling priority class for Kong pods | `""` | | secretVolumes | Mount given secrets as a volume in Kong container to override default certs and keys. | `[]` | diff --git a/charts/kong/kong/crds/custom-resource-definitions.yaml b/charts/kong/kong/crds/custom-resource-definitions.yaml index 09debc72a..869c82096 100644 --- a/charts/kong/kong/crds/custom-resource-definitions.yaml +++ b/charts/kong/kong/crds/custom-resource-definitions.yaml @@ -1,9 +1,9 @@ -# generated using: kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/crd?ref=main +# generated using: kubectl kustomize github.com/kong/kubernetes-ingress-controller/config/crd?ref=v2.8.1 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: ingressclassparameterses.configuration.konghq.com spec: @@ -19,7 +19,7 @@ spec: schema: openAPIV3Schema: description: IngressClassParameters is the Schema for the IngressClassParameters - API + API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -34,6 +34,7 @@ spec: metadata: type: object spec: + description: Spec is the IngressClassParameters specification. properties: enableLegacyRegexDetection: default: false @@ -44,7 +45,7 @@ spec: type: boolean serviceUpstream: default: false - description: Offload load-balancing to kube-proxy or sidecar + description: Offload load-balancing to kube-proxy or sidecar. type: boolean type: object type: object @@ -55,7 +56,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: kongclusterplugins.configuration.konghq.com spec: @@ -93,7 +94,7 @@ spec: name: v1 schema: openAPIV3Schema: - description: KongClusterPlugin is the Schema for the kongclusterplugins API + description: KongClusterPlugin is the Schema for the kongclusterplugins API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -101,24 +102,33 @@ spec: internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string config: - description: Config contains the plugin configuration. + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongClusterPlugin, not both at once. type: object x-kubernetes-preserve-unknown-fields: true configFrom: description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongClusterPlugin, not both at once. properties: secretKeyRef: - description: NamespacedSecretValueFromSource represents the source - of a secret value specifying the secret namespace + description: Specifies a name, a namespace, and a key of a secret + to refer to. properties: key: - description: the key containing the value + description: The key containing the value. type: string name: - description: the secret containing the key + description: The secret containing the key. type: string namespace: - description: The namespace containing the secret + description: The namespace containing the secret. type: string required: - key @@ -127,10 +137,10 @@ spec: type: object type: object consumerRef: - description: ConsumerRef is a reference to a particular consumer + description: ConsumerRef is a reference to a particular consumer. type: string disabled: - description: Disabled set if the plugin is disabled or not + description: Disabled set if the plugin is disabled or not. type: boolean kind: description: 'Kind is a string value representing the REST resource this @@ -140,7 +150,13 @@ spec: metadata: type: object ordering: - description: Ordering overrides the normal plugin execution order + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' properties: after: additionalProperties: @@ -161,7 +177,7 @@ spec: type: object plugin: description: PluginName is the name of the plugin to which to apply the - config + config. type: string protocols: description: Protocols configures plugin to run on requests received on @@ -197,7 +213,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: kongconsumers.configuration.konghq.com spec: @@ -225,7 +241,7 @@ spec: name: v1 schema: openAPIV3Schema: - description: KongConsumer is the Schema for the kongconsumers API + description: KongConsumer is the Schema for the kongconsumers API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -239,8 +255,8 @@ spec: type: string type: array custom_id: - description: CustomID existing unique ID for the consumer - useful for - mapping Kong with users in your existing database + description: CustomID is a Kong cluster-unique existing ID for the consumer + - useful for mapping Kong with users in your existing database. type: string kind: description: 'Kind is a string value representing the REST resource this @@ -250,7 +266,7 @@ spec: metadata: type: object username: - description: Username unique username of the consumer. + description: Username is a Kong cluster-unique username of the consumer. type: string type: object served: true @@ -262,7 +278,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: kongingresses.configuration.konghq.com spec: @@ -281,7 +297,7 @@ spec: - name: v1 schema: openAPIV3Schema: - description: KongIngress is the Schema for the kongingresses API + description: KongIngress is the Schema for the kongingresses API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -298,19 +314,23 @@ spec: proxy: description: Proxy defines additional connection options for the routes to be configured in the Kong Gateway, e.g. `connection_timeout`, `retries`, - e.t.c. + etc. properties: connect_timeout: - description: The timeout in milliseconds for establishing a connection - to the upstream server. + description: "The timeout in milliseconds for\testablishing a connection + to the upstream server. Deprecated: use Service's \"konghq.com/connect-timeout\" + annotation instead." minimum: 0 type: integer path: - description: The path to be used in requests to the upstream server.(optional) + description: '(optional) The path to be used in requests to the upstream + server. Deprecated: use Service''s "konghq.com/path" annotation + instead.' pattern: ^/.*$ type: string protocol: - description: The protocol used to communicate with the upstream. + description: 'The protocol used to communicate with the upstream. + Deprecated: use Service''s "konghq.com/protocol" annotation instead.' enum: - http - https @@ -321,17 +341,20 @@ spec: - udp type: string read_timeout: - description: The timeout in milliseconds between two successive read - operations for transmitting a request to the upstream server. + description: 'The timeout in milliseconds between two successive read + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/read-timeout" annotation instead.' minimum: 0 type: integer retries: - description: The number of retries to execute upon failure to proxy. + description: 'The number of retries to execute upon failure to proxy. + Deprecated: use Service''s "konghq.com/retries" annotation instead.' minimum: 0 type: integer write_timeout: - description: The timeout in milliseconds between two successive write - operations for transmitting a request to the upstream server. + description: 'The timeout in milliseconds between two successive write + operations for transmitting a request to the upstream server. Deprecated: + use Service''s "konghq.com/write-timeout" annotation instead.' minimum: 0 type: integer type: object @@ -345,35 +368,44 @@ spec: items: type: string type: array - description: Headers contains one or more lists of values indexed + description: 'Headers contains one or more lists of values indexed by header name that will cause this Route to match if present in the request. The Host header cannot be used with this attribute. + Deprecated: use Ingress'' "konghq.com/headers" annotation instead.' type: object https_redirect_status_code: - description: HTTPSRedirectStatusCode is the status code Kong responds - with when all properties of a Route match except the protocol. + description: 'HTTPSRedirectStatusCode is the status code Kong responds + with when all properties of a Route match except the protocol. Deprecated: + use Ingress'' "ingress.kubernetes.io/force-ssl-redirect" or "konghq.com/https-redirect-status-code" + annotations instead.' type: integer methods: - description: Methods is a list of HTTP methods that match this Route. + description: 'Methods is a list of HTTP methods that match this Route. + Deprecated: use Ingress'' "konghq.com/override-protocols" annotation + instead.' items: type: string type: array path_handling: - description: PathHandling controls how the Service path, Route path + description: 'PathHandling controls how the Service path, Route path and requested path are combined when sending a request to the upstream. + Deprecated: use Ingress'' "konghq.com/path-handling" annotation + instead.' enum: - v0 - v1 type: string preserve_host: - description: PreserveHost sets When matching a Route via one of the + description: 'PreserveHost sets When matching a Route via one of the hosts domain names, use the request Host header in the upstream request headers. If set to false, the upstream Host header will - be that of the Service’s host. + be that of the Service’s host. Deprecated: use Ingress'' "konghq.com/preserve-host" + annotation instead.' type: boolean protocols: - description: Protocols is an array of the protocols this Route should - allow. + description: 'Protocols is an array of the protocols this Route should + allow. Deprecated: use Ingress'' "konghq.com/protocols" annotation + instead.' items: enum: - http @@ -386,27 +418,32 @@ spec: type: string type: array regex_priority: - description: RegexPriority is a number used to choose which route + description: 'RegexPriority is a number used to choose which route resolves a given request when several routes match it using regexes - simultaneously. + simultaneously. Deprecated: use Ingress'' "konghq.com/regex-priority" + annotation instead.' type: integer request_buffering: - description: RequestBuffering sets whether to enable request body - buffering or not. + description: 'RequestBuffering sets whether to enable request body + buffering or not. Deprecated: use Ingress'' "konghq.com/request-buffering" + annotation instead.' type: boolean response_buffering: - description: ResponseBuffering sets whether to enable response body - buffering or not. + description: 'ResponseBuffering sets whether to enable response body + buffering or not. Deprecated: use Ingress'' "konghq.com/response-buffering" + annotation instead.' type: boolean snis: - description: SNIs is a list of SNIs that match this Route when using - stream routing. + description: 'SNIs is a list of SNIs that match this Route when using + stream routing. Deprecated: use Ingress'' "konghq.com/snis" annotation + instead.' items: type: string type: array strip_path: - description: StripPath sets When matching a Route via one of the paths - strip the matching prefix from the upstream request URL. + description: 'StripPath sets When matching a Route via one of the + paths strip the matching prefix from the upstream request URL. Deprecated: + use Ingress'' "konghq.com/strip-path" annotation instead.' type: boolean type: object upstream: @@ -589,7 +626,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: kongplugins.configuration.konghq.com spec: @@ -627,7 +664,7 @@ spec: name: v1 schema: openAPIV3Schema: - description: KongPlugin is the Schema for the kongplugins API + description: KongPlugin is the Schema for the kongplugins API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -635,21 +672,30 @@ spec: internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string config: - description: Config contains the plugin configuration. + description: Config contains the plugin configuration. It's a list of + keys and values required to configure the plugin. Please read the documentation + of the plugin being configured to set values in here. For any plugin + in Kong, anything that goes in the `config` JSON key in the Admin API + request, goes into this property. Only one of `config` or `configFrom` + may be used in a KongPlugin, not both at once. type: object x-kubernetes-preserve-unknown-fields: true configFrom: description: ConfigFrom references a secret containing the plugin configuration. + This should be used when the plugin configuration contains sensitive + information, such as AWS credentials in the Lambda plugin or the client + secret in the OIDC plugin. Only one of `config` or `configFrom` may + be used in a KongPlugin, not both at once. properties: secretKeyRef: - description: SecretValueFromSource represents the source of a secret - value + description: Specifies a name and a key of a secret to refer to. The + namespace is implicitly set to the one of referring object. properties: key: - description: the key containing the value + description: The key containing the value. type: string name: - description: the secret containing the key + description: The secret containing the key. type: string required: - key @@ -657,10 +703,10 @@ spec: type: object type: object consumerRef: - description: ConsumerRef is a reference to a particular consumer + description: ConsumerRef is a reference to a particular consumer. type: string disabled: - description: Disabled set if the plugin is disabled or not + description: Disabled set if the plugin is disabled or not. type: boolean kind: description: 'Kind is a string value representing the REST resource this @@ -670,7 +716,13 @@ spec: metadata: type: object ordering: - description: Ordering overrides the normal plugin execution order + description: 'Ordering overrides the normal plugin execution order. It''s + only available on Kong Enterprise. `` is a request processing + phase (for example, `access` or `body_filter`) and `` is the + name of the plugin that will run before or after the KongPlugin. For + example, a KongPlugin with `plugin: rate-limiting` and `before.access: + ["key-auth"]` will create a rate limiting plugin that limits requests + _before_ they are authenticated.' properties: after: additionalProperties: @@ -691,7 +743,7 @@ spec: type: object plugin: description: PluginName is the name of the plugin to which to apply the - config + config. type: string protocols: description: Protocols configures plugin to run on requests received on @@ -727,7 +779,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: tcpingresses.configuration.konghq.com spec: @@ -753,7 +805,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: TCPIngress is the Schema for the tcpingresses API + description: TCPIngress is the Schema for the tcpingresses API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -768,7 +820,7 @@ spec: metadata: type: object spec: - description: TCPIngressSpec defines the desired state of TCPIngress + description: Spec is the TCPIngress specification. properties: rules: description: A list of rules used to configure the Ingress. @@ -783,6 +835,7 @@ spec: properties: serviceName: description: Specifies the name of the referenced service. + minLength: 1 type: string servicePort: description: Specifies the port of the referenced service. @@ -796,9 +849,12 @@ spec: type: object host: description: Host is the fully qualified domain name of a network - host, as defined by RFC 3986. If a Host is specified, the - protocol must be TLS over TCP. A plain-text TCP request cannot - be routed based on Host. It can only be routed based on Port. + host, as defined by RFC 3986. If a Host is not specified, + then port-based TCP routing is performed. Kong doesn't care + about the content of the TCP stream in this case. If a Host + is specified, the protocol must be TLS over TCP. A plain-text + TCP request cannot be routed based on Host. It can only be + routed based on Port. type: string port: description: Port is the port on which to accept TCP or TLS @@ -811,6 +867,7 @@ spec: type: integer required: - backend + - port type: object type: array tls: @@ -838,7 +895,7 @@ spec: type: array type: object status: - description: TCPIngressStatus defines the observed state of TCPIngress + description: TCPIngressStatus defines the observed state of TCPIngress. properties: loadBalancer: description: LoadBalancer contains the current status of the load-balancer. @@ -909,7 +966,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.9.2 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: udpingresses.configuration.konghq.com spec: @@ -935,7 +992,7 @@ spec: name: v1beta1 schema: openAPIV3Schema: - description: UDPIngress is the Schema for the udpingresses API + description: UDPIngress is the Schema for the udpingresses API. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation @@ -950,7 +1007,7 @@ spec: metadata: type: object spec: - description: UDPIngressSpec defines the desired state of UDPIngress + description: Spec is the UDPIngress specification. properties: rules: description: A list of rules used to configure the Ingress. @@ -965,6 +1022,7 @@ spec: properties: serviceName: description: Specifies the name of the referenced service. + minLength: 1 type: string servicePort: description: Specifies the port of the referenced service. @@ -980,6 +1038,9 @@ spec: description: Port indicates the port for the Kong proxy to accept incoming traffic on, which will then be routed to the service Backend. + format: int32 + maximum: 65535 + minimum: 1 type: integer required: - backend @@ -988,7 +1049,7 @@ spec: type: array type: object status: - description: UDPIngressStatus defines the observed state of UDPIngress + description: UDPIngressStatus defines the observed state of UDPIngress. properties: loadBalancer: description: LoadBalancer contains the current status of the load-balancer. diff --git a/charts/kong/kong/templates/_helpers.tpl b/charts/kong/kong/templates/_helpers.tpl index 14bc1a524..d15bb1d0a 100644 --- a/charts/kong/kong/templates/_helpers.tpl +++ b/charts/kong/kong/templates/_helpers.tpl @@ -927,6 +927,11 @@ the template that it itself is using form the above sections. {{- $userEnv := dict -}} {{- range $key, $val := .Values.env }} + {{- if (contains "_log" $key) -}} + {{- if (eq (typeOf $val) "bool") -}} + {{- fail (printf "env.%s must use string 'off' to disable. Without quotes, YAML will coerce the value to a boolean and Kong will reject it" $key) -}} + {{- end -}} + {{- end -}} {{- $upper := upper $key -}} {{- $var := printf "KONG_%s" $upper -}} {{- $_ := set $userEnv $var $val -}} diff --git a/charts/kong/kong/templates/admission-webhook.yaml b/charts/kong/kong/templates/admission-webhook.yaml index 7d56a90cc..2da0316a0 100644 --- a/charts/kong/kong/templates/admission-webhook.yaml +++ b/charts/kong/kong/templates/admission-webhook.yaml @@ -1,4 +1,4 @@ -{{- if .Values.ingressController.admissionWebhook.enabled }} +{{- if (and .Values.ingressController.admissionWebhook.enabled .Values.ingressController.enabled) }} {{- $certCert := "" -}} {{- $certKey := "" -}} {{- $caCert := "" -}} diff --git a/charts/kong/kong/templates/deployment.yaml b/charts/kong/kong/templates/deployment.yaml index e162da18d..3fabb3d7c 100644 --- a/charts/kong/kong/templates/deployment.yaml +++ b/charts/kong/kong/templates/deployment.yaml @@ -298,6 +298,28 @@ spec: {{- include "kong.userDefinedVolumes" . | nindent 8 -}} {{- if (and (not .Values.deployment.serviceAccount.automountServiceAccountToken) (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name)) }} - name: {{ template "kong.serviceAccountTokenName" . }} + {{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. + See the related documentation of semver module that Helm depends on for semverCompare: + https://github.com/Masterminds/semver#working-with-prerelease-versions + Related Helm issue: https://github.com/helm/helm/issues/3810 */}} + {{- if semverCompare ">=1.20.0-0" .Capabilities.KubeVersion.Version }} + projected: + sources: + - serviceAccountToken: + expirationSeconds: 3607 + path: token + - configMap: + items: + - key: ca.crt + path: ca.crt + name: kube-root-ca.crt + - downwardAPI: + items: + - fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + path: namespace + {{- else }} secret: secretName: {{ template "kong.serviceAccountTokenName" . }} items: @@ -307,5 +329,6 @@ spec: path: ca.crt - key: namespace path: namespace + {{- end }} {{- end }} {{- end }} diff --git a/charts/kong/kong/templates/migrations-post-upgrade.yaml b/charts/kong/kong/templates/migrations-post-upgrade.yaml index 8dd2b9057..04fd569ae 100644 --- a/charts/kong/kong/templates/migrations-post-upgrade.yaml +++ b/charts/kong/kong/templates/migrations-post-upgrade.yaml @@ -33,10 +33,12 @@ spec: spec: {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} serviceAccountName: {{ template "kong.serviceAccountName" . }} + {{- end }} + {{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }} automountServiceAccountToken: true {{- else }} automountServiceAccountToken: false - {{- end }} + {{ end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} diff --git a/charts/kong/kong/templates/migrations-pre-upgrade.yaml b/charts/kong/kong/templates/migrations-pre-upgrade.yaml index 485a9706a..f8fe4a1ff 100644 --- a/charts/kong/kong/templates/migrations-pre-upgrade.yaml +++ b/charts/kong/kong/templates/migrations-pre-upgrade.yaml @@ -33,10 +33,12 @@ spec: spec: {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} serviceAccountName: {{ template "kong.serviceAccountName" . }} + {{- end }} + {{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }} automountServiceAccountToken: true {{- else }} automountServiceAccountToken: false - {{- end }} + {{ end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} diff --git a/charts/kong/kong/templates/migrations.yaml b/charts/kong/kong/templates/migrations.yaml index 2c93196fe..5b918abc8 100644 --- a/charts/kong/kong/templates/migrations.yaml +++ b/charts/kong/kong/templates/migrations.yaml @@ -41,10 +41,12 @@ spec: spec: {{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} serviceAccountName: {{ template "kong.serviceAccountName" . }} + {{- end }} + {{- if (and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) .Values.deployment.serviceAccount.automountServiceAccountToken) }} automountServiceAccountToken: true {{- else }} automountServiceAccountToken: false - {{- end }} + {{ end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} diff --git a/charts/kong/kong/templates/psp.yaml b/charts/kong/kong/templates/psp.yaml index 66e78b980..eb5626ae3 100644 --- a/charts/kong/kong/templates/psp.yaml +++ b/charts/kong/kong/templates/psp.yaml @@ -5,6 +5,17 @@ metadata: name: {{ template "kong.serviceAccountName" . }}-psp labels: {{- include "kong.metaLabels" . | nindent 4 }} + {{- with .Values.podSecurityPolicy.labels }} + {{- range $key, $value := . }} + {{ $key }}: {{ $value }} + {{- end }} + {{- end }} + {{- with .Values.podSecurityPolicy.annotations }} + annotations: + {{- range $key, $value := . }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} spec: {{ .Values.podSecurityPolicy.spec | toYaml | indent 2 }} --- diff --git a/charts/kong/kong/templates/secret-sa-token.yaml b/charts/kong/kong/templates/secret-sa-token.yaml index be968f1ab..fe8a67d23 100644 --- a/charts/kong/kong/templates/secret-sa-token.yaml +++ b/charts/kong/kong/templates/secret-sa-token.yaml @@ -1,4 +1,8 @@ -{{- if or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name }} +{{- /* Due to GKE versions (e.g. v1.23.15-gke.1900) we need to handle pre-release part of the version as well. +See the related documentation of semver module that Helm depends on for semverCompare: +https://github.com/Masterminds/semver#working-with-prerelease-versions +Related Helm issue: https://github.com/helm/helm/issues/3810 */}} +{{- if and (or .Values.deployment.serviceAccount.create .Values.deployment.serviceAccount.name) (semverCompare "<1.20.0-0" .Capabilities.KubeVersion.Version) }} apiVersion: v1 kind: Secret metadata: diff --git a/charts/kong/kong/values.yaml b/charts/kong/kong/values.yaml index 522c671ef..954a61e0d 100644 --- a/charts/kong/kong/values.yaml +++ b/charts/kong/kong/values.yaml @@ -508,7 +508,7 @@ ingressController: # TZ: "Europe/Berlin" admissionWebhook: - enabled: false + enabled: true failurePolicy: Ignore port: 8080 certificate: @@ -801,6 +801,8 @@ podDisruptionBudget: podSecurityPolicy: enabled: false + labels: {} + annotations: {} spec: privileged: false fsGroup: @@ -817,6 +819,7 @@ podSecurityPolicy: - 'configMap' - 'secret' - 'emptyDir' + - 'projected' allowPrivilegeEscalation: false hostNetwork: false hostIPC: false diff --git a/charts/kubecost/cost-analyzer/Chart.yaml b/charts/kubecost/cost-analyzer/Chart.yaml index 66b4212ff..b59c316f9 100644 --- a/charts/kubecost/cost-analyzer/Chart.yaml +++ b/charts/kubecost/cost-analyzer/Chart.yaml @@ -7,7 +7,7 @@ annotations: catalog.cattle.io/featured: "2" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 -appVersion: 1.99.0 +appVersion: 1.100.0 dependencies: - condition: global.grafana.enabled name: grafana @@ -25,4 +25,4 @@ description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to moni cloud costs. icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer -version: 1.99.0 +version: 1.100.0 diff --git a/charts/kubecost/cost-analyzer/attached-disks.json b/charts/kubecost/cost-analyzer/attached-disks.json index 88f60d983..0badbedd3 100644 --- a/charts/kubecost/cost-analyzer/attached-disks.json +++ b/charts/kubecost/cost-analyzer/attached-disks.json @@ -3,29 +3,88 @@ "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, "type": "dashboard" } ] }, "editable": true, - "gnetId": null, + "fiscalYearStartMonth": 0, "graphTooltip": 0, - "id": 10, - "iteration": 1589748792557, + "id": 15, + "iteration": 1674508602609, "links": [], + "liveNow": false, "panels": [ { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${datasource}", - "fill": 1, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, "gridPos": { "h": 9, "w": 12, @@ -33,82 +92,96 @@ "y": 0 }, "id": 2, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", "targets": [ { - "expr": "sum(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\"}) by (instance)", + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", "format": "time_series", + "interval": "", "intervalFactor": 1, + "legendFormat": "{{cluster_id}}/{{instance}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, "title": "Disk Size", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${datasource}", - "fill": 1, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 1, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, "gridPos": { "h": 9, "w": 12, @@ -116,83 +189,96 @@ "y": 0 }, "id": 4, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", "targets": [ { - "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\"}) by (instance)", + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance) / sum(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id,instance)", "format": "time_series", + "interval": "", "intervalFactor": 1, + "legendFormat": "{{cluster_id}}-{{instance}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, "title": "Disk Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${datasource}", - "fill": 1, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 1, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, "gridPos": { "h": 9, "w": 12, @@ -200,83 +286,93 @@ "y": 9 }, "id": 5, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", "targets": [ { - "expr": "1 - sum(container_fs_inodes_free{instance=~'$disk',id=\"/\"}) by (instance) / sum(container_fs_inodes_total{instance=~'$disk',id=\"/\"}) by (instance)", + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "1 - sum(container_fs_inodes_free{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance) / sum(container_fs_inodes_total{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", "format": "time_series", "intervalFactor": 1, + "legendFormat": "{{cluster_id}}/{{instance}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, "title": "iNode Utilization", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "decimals": 1, - "format": "percentunit", - "label": null, - "logBase": 1, - "max": null, - "min": "0", - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" }, { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "${datasource}", - "fill": 1, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, "gridPos": { "h": 9, "w": 12, @@ -284,77 +380,40 @@ "y": 9 }, "id": 3, - "legend": { - "avg": false, - "current": false, - "max": false, - "min": false, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, "links": [], - "nullPointMode": "null", - "percentage": false, - "pointradius": 5, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": false, - "steppedLine": false, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom" + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", "targets": [ { - "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\"}) by (instance)", + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", "format": "time_series", + "interval": "", "intervalFactor": 1, + "legendFormat": "{{cluster_id}}/{{instance}}", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeShift": null, "title": "Disk Usage", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" - }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] - }, - "yaxes": [ - { - "format": "decbytes", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - }, - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true - } - ], - "yaxis": { - "align": false, - "alignLevel": null - } + "type": "timeseries" } ], - "schemaVersion": 16, + "schemaVersion": 36, "style": "dark", "tags": [ "cost", @@ -364,47 +423,77 @@ "templating": { "list": [ { - "allValue": null, "current": { - "text": "All", - "value": "$__all" + "selected": false, + "text": "Thanos", + "value": "Thanos" }, - "datasource": "${datasource}", - "hide": 0, - "includeAll": true, - "label": null, - "multi": false, - "name": "disk", - "options": [], - "query": "query_result(sum(container_fs_limit_bytes{device!=\"tmpfs\", id=\"/\"}) by (instance))", - "refresh": 1, - "regex": "/instance=\\\"(.*?)(\\\")/", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tags": [], - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "current": { - "selected": true, - "text": "default-kubecost", - "value": "default-kubecost" - }, - "error": null, "hide": 0, "includeAll": false, - "label": null, "multi": false, "name": "datasource", "options": [], "query": "prometheus", + "queryValue": "", "refresh": 1, "regex": "", "skipUrlSync": false, "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(cluster_id)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(cluster_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(container_fs_limit_bytes{cluster_id=~\"$cluster\"}, instance)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "disk", + "options": [], + "query": { + "query": "label_values(container_fs_limit_bytes{cluster_id=~\"$cluster\"}, instance)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false } ] }, @@ -440,5 +529,6 @@ "timezone": "", "title": "Attached disk metrics", "uid": "nBH7qBgMk", - "version": 2 -} + "version": 4, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap-dashboard-provider.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap-dashboard-provider.yaml index 1765e9aff..9b75d5a54 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap-dashboard-provider.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap-dashboard-provider.yaml @@ -13,6 +13,7 @@ metadata: {{ toYaml . | indent 4 }} {{- end }} name: {{ template "grafana.fullname" . }}-config-dashboards + namespace: {{ .Release.Namespace }} data: provider.yaml: |- apiVersion: 1 diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap.yaml index d283d04c0..5d4a7d69f 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/configmap.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ template "grafana.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/dashboards-json-configmap.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/dashboards-json-configmap.yaml index c1ab8c4ba..b4f901c2e 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/dashboards-json-configmap.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/dashboards-json-configmap.yaml @@ -6,6 +6,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "grafana.fullname" $ }}-dashboards-{{ $provider }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" $ }} chart: {{ template "grafana.chart" $ }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/deployment.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/deployment.yaml index 27422364a..6e90fbc9b 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/deployment.yaml @@ -3,6 +3,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ template "grafana.chart" . }} @@ -28,6 +29,9 @@ spec: labels: app: {{ template "grafana.name" . }} release: {{ .Release.Name }} + {{- if .Values.global.additionalLabels }} + {{ toYaml .Values.global.additionalLabels | nindent 8 }} + {{- end }} {{- with .Values.podAnnotations }} annotations: {{ toYaml . | indent 8 }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml index 7ca434938..1c65e2113 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/ingress.yaml @@ -15,6 +15,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ template "grafana.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/pvc.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/pvc.yaml index e13c78378..203ba02f2 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/pvc.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/pvc.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ template "grafana.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml index 1b33077e2..69ec661db 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/role.yaml @@ -4,6 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml index d94f0ccc6..c8fa0d30c 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/rolebinding.yaml @@ -4,6 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/secret.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/secret.yaml index cd16c2fc7..176a0b869 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/secret.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/secret.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ template "grafana.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml index 32d108b90..a8059e066 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/service.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "grafana.fullname" . }} + namespace: {{ .Release.Namespace }} labels: app: {{ template "grafana.name" . }} chart: {{ template "grafana.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/templates/serviceaccount.yaml b/charts/kubecost/cost-analyzer/charts/grafana/templates/serviceaccount.yaml index bbcb5055e..024fb2dad 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/templates/serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/templates/serviceaccount.yaml @@ -9,5 +9,6 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "grafana.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} {{- end }} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/grafana/values.yaml b/charts/kubecost/cost-analyzer/charts/grafana/values.yaml index a35eaf32a..425d14b3b 100644 --- a/charts/kubecost/cost-analyzer/charts/grafana/values.yaml +++ b/charts/kubecost/cost-analyzer/charts/grafana/values.yaml @@ -25,7 +25,7 @@ livenessProbe: image: repository: grafana/grafana - tag: 9.0.2 + tag: 9.3.1 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/README.md b/charts/kubecost/cost-analyzer/charts/prometheus/README.md index acc1d5fe0..ebb856bc2 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/README.md +++ b/charts/kubecost/cost-analyzer/charts/prometheus/README.md @@ -362,6 +362,7 @@ Parameter | Description | Default `serviceAccounts.pushgateway.name` | name of the pushgateway service account to use or create | `{{ prometheus.pushgateway.fullname }}` `serviceAccounts.server.create` | If true, create the server service account | `true` `serviceAccounts.server.name` | name of the server service account to use or create | `{{ prometheus.server.fullname }}` +`serviceAccounts.server.annotations` | annotations for the server service account | `{}` `server.terminationGracePeriodSeconds` | Prometheus server Pod termination grace period | `300` `server.retention` | (optional) Prometheus data retention | `"15d"` `serverFiles.alerts` | (Deprecated) Prometheus server alerts configuration | `{}` diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-configmap.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-configmap.yaml index 09708915c..52a6aa517 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-configmap.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-configmap.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} data: {{- $root := . -}} {{- range $key, $value := .Values.alertmanagerFiles }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml index 892204ab2..e22b07ec4 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-deployment.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-ingress.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-ingress.yaml index 15c19b8f5..e22a76db7 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-ingress.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-ingress.yaml @@ -23,6 +23,7 @@ metadata: {{ $key }}: {{ $value }} {{- end }} name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} spec: rules: {{- range .Values.alertmanager.ingress.hosts }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-networkpolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-networkpolicy.yaml index 62633d0bc..d5471551a 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-networkpolicy.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-networkpolicy.yaml @@ -4,6 +4,7 @@ apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pdb.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pdb.yaml index e6027c919..00e6c000b 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pdb.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pdb.yaml @@ -8,6 +8,7 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml index 58de9fd39..71c9ce79e 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-pvc.yaml @@ -12,6 +12,7 @@ metadata: labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} spec: accessModes: {{ toYaml .Values.alertmanager.persistentVolume.accessModes | indent 4 }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service-headless.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service-headless.yaml index 1519344ba..0a72ead40 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service-headless.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service-headless.yaml @@ -13,6 +13,7 @@ metadata: {{ toYaml .Values.alertmanager.statefulSet.headless.labels | indent 4 }} {{- end }} name: {{ template "prometheus.alertmanager.fullname" . }}-headless + namespace: {{ .Release.Namespace }} spec: clusterIP: None ports: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml index 9bc45f7c6..d6c19a9c1 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-service.yaml @@ -13,6 +13,7 @@ metadata: {{ toYaml .Values.alertmanager.service.labels | indent 4 }} {{- end }} name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} spec: {{- if .Values.alertmanager.service.clusterIP }} clusterIP: {{ .Values.alertmanager.service.clusterIP }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-serviceaccount.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-serviceaccount.yaml index d99c29996..521714df3 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-serviceaccount.yaml @@ -6,5 +6,6 @@ metadata: labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} name: {{ template "prometheus.serviceAccountName.alertmanager" . }} + namespace: {{ .Release.Namespace }} {{- end -}} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml index 25a9b7a9c..b519d08f1 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/alertmanager-statefulset.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "prometheus.alertmanager.labels" . | nindent 4 }} name: {{ template "prometheus.alertmanager.fullname" . }} + namespace: {{ .Release.Namespace }} spec: serviceName: {{ template "prometheus.alertmanager.fullname" . }}-headless selector: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml index 4c43ffcd7..e3f032c97 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-daemonset.yaml @@ -10,6 +10,7 @@ metadata: labels: {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} name: {{ template "prometheus.nodeExporter.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml index 696f1d267..a037eaa84 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-role.yaml @@ -5,6 +5,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "prometheus.nodeExporter.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} namespace: {{ .Release.Namespace }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml index 40cbd8d69..ee823bfd9 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-service.yaml @@ -13,6 +13,7 @@ metadata: {{ toYaml .Values.nodeExporter.service.labels | indent 4 }} {{- end }} name: {{ template "prometheus.nodeExporter.fullname" . }} + namespace: {{ .Release.Namespace }} spec: {{- if .Values.nodeExporter.service.clusterIP }} clusterIP: {{ .Values.nodeExporter.service.clusterIP }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml index b75c4a4b6..42d8e4b6d 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/node-exporter-serviceaccount.yaml @@ -6,5 +6,6 @@ metadata: labels: {{- include "prometheus.nodeExporter.labels" . | nindent 4 }} name: {{ template "prometheus.serviceAccountName.nodeExporter" . }} + namespace: {{ .Release.Namespace }} {{- end -}} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml index 9dec641fc..b680167be 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-deployment.yaml @@ -6,6 +6,7 @@ metadata: labels: {{- include "prometheus.pushgateway.labels" . | nindent 4 }} name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: {{- if .Values.schedulerName }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-ingress.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-ingress.yaml index a365f0644..7c40ca634 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-ingress.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-ingress.yaml @@ -20,6 +20,7 @@ metadata: labels: {{- include "prometheus.pushgateway.labels" . | nindent 4 }} name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} spec: rules: {{- range .Values.pushgateway.ingress.hosts }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-networkpolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-networkpolicy.yaml index 70a5ada3b..c40baa2ec 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-networkpolicy.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-networkpolicy.yaml @@ -4,6 +4,7 @@ apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "prometheus.pushgateway.labels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml index d6cc6cc43..89d14ec0b 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-pvc.yaml @@ -12,6 +12,7 @@ metadata: labels: {{- include "prometheus.pushgateway.labels" . | nindent 4 }} name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} spec: accessModes: {{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml index ffcc4a20b..864e0beb9 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-service.yaml @@ -13,6 +13,7 @@ metadata: {{ toYaml .Values.pushgateway.service.labels | indent 4}} {{- end }} name: {{ template "prometheus.pushgateway.fullname" . }} + namespace: {{ .Release.Namespace }} spec: {{- if .Values.pushgateway.service.clusterIP }} clusterIP: {{ .Values.pushgateway.service.clusterIP }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-serviceaccount.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-serviceaccount.yaml index 3b221e43d..b249d216d 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/pushgateway-serviceaccount.yaml @@ -6,5 +6,6 @@ metadata: labels: {{- include "prometheus.pushgateway.labels" . | nindent 4 }} name: {{ template "prometheus.serviceAccountName.pushgateway" . }} + namespace: {{ .Release.Namespace }} {{- end -}} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-configmap.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-configmap.yaml index ed02121ca..27d1c74ad 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-configmap.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-configmap.yaml @@ -7,6 +7,7 @@ metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} data: {{- $root := . -}} {{- range $key, $value := .Values.serverFiles }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml index f0210956b..0685951de 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-deployment.yaml @@ -11,6 +11,7 @@ metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} spec: selector: matchLabels: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml index c60970041..5781b81c1 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-ingress.yaml @@ -27,6 +27,7 @@ metadata: {{ $key }}: {{ $value }} {{- end }} name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} spec: rules: {{- range .Values.server.ingress.hosts }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-networkpolicy.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-networkpolicy.yaml index 152f3a967..34ee1fc3d 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-networkpolicy.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-networkpolicy.yaml @@ -5,6 +5,7 @@ apiVersion: {{ template "prometheus.networkPolicy.apiVersion" . }} kind: NetworkPolicy metadata: name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "prometheus.server.labels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml index 22cb51afc..7afb54aed 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-pvc.yaml @@ -13,6 +13,7 @@ metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} spec: accessModes: {{ toYaml .Values.server.persistentVolume.accessModes | indent 4 }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service-headless.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service-headless.yaml index 018a75b79..30e57620d 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service-headless.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service-headless.yaml @@ -14,6 +14,7 @@ metadata: {{ toYaml .Values.server.statefulSet.headless.labels | indent 4 }} {{- end }} name: {{ template "prometheus.server.fullname" . }}-headless + namespace: {{ .Release.Namespace }} spec: clusterIP: None ports: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml index e03faf974..da7eac7f9 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-service.yaml @@ -13,6 +13,7 @@ metadata: {{ toYaml .Values.server.service.labels | indent 4 }} {{- end }} name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} spec: {{- if .Values.server.service.clusterIP }} clusterIP: {{ .Values.server.service.clusterIP }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml index 6cf017c20..78e08331b 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-serviceaccount.yaml @@ -7,6 +7,11 @@ metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.serviceAccountName.server" . }} + namespace: {{ .Release.Namespace }} + {{- with .Values.serviceAccounts.server.annotations }} + annotations: + {{- . | toYaml | nindent 4 }} + {{- end }} {{- end }} {{- end }} {{ end }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml index 9369ddf38..2f25a94ad 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-statefulset.yaml @@ -14,6 +14,7 @@ metadata: {{ toYaml .Values.server.statefulSet.labels | nindent 4 }} {{- end}} name: {{ template "prometheus.server.fullname" . }} + namespace: {{ .Release.Namespace }} spec: serviceName: {{ template "prometheus.server.fullname" . }}-headless selector: diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml index 8aec16ad5..854d02db2 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/templates/server-vpa.yaml @@ -7,6 +7,7 @@ metadata: labels: {{- include "prometheus.server.labels" . | nindent 4 }} name: {{ template "prometheus.server.fullname" . }}-vpa + namespace: {{ .Release.Namespace }} spec: targetRef: {{- if .Values.server.statefulSet.enabled }} diff --git a/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml b/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml index fd8136e80..ce0519643 100644 --- a/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml +++ b/charts/kubecost/cost-analyzer/charts/prometheus/values.yaml @@ -22,6 +22,9 @@ serviceAccounts: server: create: true name: + ## Prometheus server ServiceAccount annotations. + ## Can be used for AWS IRSA annotations when using Remote Write mode with Amazon Managed Prometheus. + annotations: {} alertmanager: ## If false, alertmanager will not be installed diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml index a5c2ccc4c..b38da3407 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "thanos.componentname" (list $ "bucket") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml index 9b2c39ca1..fc0face08 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-ingress.yaml @@ -12,6 +12,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "bucket") }} + namespace: {{ .Release.Namespace }} {{- with .Values.bucket.http.ingress.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml index 0d56d8a2b..9b656eb2a 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/bucket-service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "thanos.componentname" (list $ "bucket") }} + namespace: {{ .Release.Namespace }} {{- with .Values.bucket.http.service.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml index 898cedd35..59a0dcb88 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "thanos.componentname" (list $ "compact") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml index f6b33e491..61fb72844 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-pvc.yaml @@ -7,6 +7,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.compact.dataVolume.persistentVolumeClaim.claimName }} + namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml index 080821849..1cdb1e8f1 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "thanos.componentname" (list $ "compact") }} + namespace: {{ .Release.Namespace }} {{- with .Values.compact.http.service.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml index bc224d802..025d093f6 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/compact-servicemonitor.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "thanos.componentname" (list $ "compact") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml index 5c5dc4097..ea56c552f 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "thanos.componentname" (list $ "query") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml index 157cbade0..e5a40a434 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "thanos.componentname" (list $ "query-frontend") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml index 3d08e459b..a9da03205 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-horizontalpodautoscaler.yaml @@ -5,6 +5,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: {{ include "thanos.componentname" (list $ "query-frontend") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml index 5d53b27ba..2a9288661 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-ingress.yml @@ -13,6 +13,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml index 2521e898a..a7b3d7d0f 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "thanos.componentname" (list $ "query-frontend") }}-http + namespace: {{ .Release.Namespace }} {{- with .Values.queryFrontend.http.service.annotations }} annotations: {{ toYaml .| nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml index 004367519..0da1bf8c0 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-frontend-servicemonitor.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "thanos.componentname" (list $ "query-frontend") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml index 9b38473d8..8f847e1a1 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-horizontalpodautoscaler.yaml @@ -5,6 +5,7 @@ apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: name: {{ include "thanos.componentname" (list $ "query") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml index e545f9bc7..b4405bbe7 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-ingress.yml @@ -13,6 +13,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "query") }}-http + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml index 89178a4e1..24d4bd939 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "thanos.componentname" (list $ "query") }}-grpc + namespace: {{ .Release.Namespace }} {{- with .Values.query.grpc.service.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml index 673445428..27b60ba17 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/query-servicemonitor.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "thanos.componentname" (list $ "query") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml index 5f48febe9..55d5c968a 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "thanos.componentname" (list $ "sidecar") }}-grpc + namespace: {{ .Release.Namespace }} {{- with .Values.sidecar.grpc.service.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml index 6271a23ca..d826a0bf1 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/sidecar-servicemonitor.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "thanos.componentname" (list $ "sidecar") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml index a01592f16..013864f44 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-deployment.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "thanos.componentname" (list $ "store") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml index a33427731..43d3c6e1d 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-ingress.yaml @@ -12,6 +12,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ include "thanos.componentname" (list $ "store") }}-http + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml index a778e067b..85c83f4a9 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-pvc.yaml @@ -7,6 +7,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ .Values.store.dataVolume.persistentVolumeClaim.claimName }} + namespace: {{ .Release.Namespace }} spec: accessModes: - ReadWriteOnce diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml index ce5894fa3..dd912a8fb 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-service.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "thanos.componentname" (list $ "store") }}-grpc + namespace: {{ .Release.Namespace }} {{- with .Values.store.grpc.service.annotations }} annotations: {{ toYaml . | nindent 4 }} {{- end }} @@ -35,6 +36,7 @@ apiVersion: v1 kind: Service metadata: name: {{ include "thanos.componentname" (list $ "store") }}-http + namespace: {{ .Release.Namespace }} {{- with .Values.store.http.service.annotations }} annotations: {{ toYaml .| nindent 4 }} {{- end }} diff --git a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml index c181c6416..5ee7d49b7 100644 --- a/charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml +++ b/charts/kubecost/cost-analyzer/charts/thanos/templates/store-servicemonitor.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "thanos.componentname" (list $ "store") }} + namespace: {{ .Release.Namespace }} labels: app.kubernetes.io/name: {{ include "thanos.name" . }} helm.sh/chart: {{ include "thanos.chart" . }} diff --git a/charts/kubecost/cost-analyzer/custom-pricing.csv b/charts/kubecost/cost-analyzer/custom-pricing.csv new file mode 100644 index 000000000..c3e6d2367 --- /dev/null +++ b/charts/kubecost/cost-analyzer/custom-pricing.csv @@ -0,0 +1,7 @@ +EndTimestamp,InstanceID,Region,AssetClass,InstanceIDField,InstanceType,MarketPriceHourly,Version +2028-01-06 23:34:45 UTC,,us-east-2,node,metadata.name,g4dn.xlarge,5.55, +2028-01-06 23:34:45 UTC,,,node,metadata.name,R730-type1,1.35, +2028-01-06 23:34:45 UTC,,,pv,metadata.name,standard,0.44, +2028-01-06 23:34:45 UTC,a100,,gpu,gpu.nvidia.com/class,,0.75, +2028-01-06 23:34:45 UTC,RTX3090,,gpu,nvidia.com/gpu_type,,0.65, +2028-01-06 23:34:45 UTC,i-01045ab6d13179700,,,spec.providerID,,1.2, diff --git a/charts/kubecost/cost-analyzer/grafana-templates/README.md b/charts/kubecost/cost-analyzer/grafana-templates/README.md new file mode 100644 index 000000000..c0837b4c1 --- /dev/null +++ b/charts/kubecost/cost-analyzer/grafana-templates/README.md @@ -0,0 +1,19 @@ +# Kubecost Grafana Dashboards + +## Overview + +Kubecost, by default, ships with a Grafana instance that already contains the dashboards in this repo. + +The dashboards in this repo are templated for those wanting to load the dashboards into an existing Grafana instance. + +## Caveats + +Note that the only method to get accurate costs (reconciled with cloud provider billing) is to use the Kubecost API. Prometheus contains real-time metrics that can only estimate costs using custom pricing or onDemand cloud provider rates. + +The primary purpose of the dashboards provided is to allow visibility into the metrics used by Kubecost to create the cost-model. + +The networkCosts-metrics dashboard requires the optional networkCosts daemonset to be [enabled](https://docs.kubecost.com/install-and-configure/advanced-configuration/network-costs-configuration). + +## Additional Information + +Kubecost Grafana [Configuration Guide](https://docs.kubecost.com/install-and-configure/install/custom-grafana) \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-disk-usage.json b/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-disk-usage.json new file mode 100644 index 000000000..0c2e80000 --- /dev/null +++ b/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-disk-usage.json @@ -0,0 +1,568 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 0 + }, + "id": 2, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(container_fs_limit_bytes{instance=~'$disk', device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{cluster_id}}/{{instance}}", + "range": true, + "refId": "A" + } + ], + "title": "Disk Size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 1, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 4, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance) / sum(container_fs_limit_bytes{instance=~'$disk',device!=\"tmpfs\", id=\"/\", cluster_id=~'$cluster'}) by (cluster_id,instance)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{cluster_id}}-{{instance}}", + "range": true, + "refId": "A" + } + ], + "title": "Disk Utilization", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 1, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 0, + "y": 9 + }, + "id": 5, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "1 - sum(container_fs_inodes_free{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance) / sum(container_fs_inodes_total{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{cluster_id}}/{{instance}}", + "range": true, + "refId": "A" + } + ], + "title": "iNode Utilization", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 9, + "w": 12, + "x": 12, + "y": 9 + }, + "id": 3, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.0.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(container_fs_usage_bytes{instance=~'$disk',id=\"/\", cluster_id=~'$cluster'}) by (cluster_id, instance)", + "format": "time_series", + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{cluster_id}}/{{instance}}", + "range": true, + "refId": "A" + } + ], + "title": "Disk Usage", + "type": "timeseries" + } + ], + "schemaVersion": 37, + "style": "dark", + "tags": [ + "cost", + "utilization", + "metrics" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(cluster_id)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(cluster_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(container_fs_limit_bytes{cluster_id=~\"$cluster\"}, instance)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "disk", + "options": [], + "query": { + "query": "label_values(container_fs_limit_bytes{cluster_id=~\"$cluster\"}, instance)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "", + "title": "Attached disk metrics", + "uid": "nBH7qBgMk", + "version": 1, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-kubernetes-resource-efficiency.json b/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-kubernetes-resource-efficiency.json new file mode 100644 index 000000000..e1f67a28f --- /dev/null +++ b/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-kubernetes-resource-efficiency.json @@ -0,0 +1,423 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [], + "title": "Requests - Usage (negative values are unused reservations)", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": 3600000, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum by ($aggregation) (\n (sum by (cluster_id,namespace,pod,container) (container_memory_usage_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\",container=~\"$container\",container!=\"POD\",container!=\"\"}))\n -(sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"memory\",unit=\"byte\",cluster_id=~\"$cluster\",namespace=~\"$namespace\",container=~\"$container\",container!=\"POD\",container!=\"\"}))\n)", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum by ($aggregation) (\n -(sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"memory\",unit=\"byte\",cluster_id=~\"$cluster\",namespace=~\"$namespace\",container=~\"$container\",container!=\"POD\",container!=\"\"}))\n)", + "hide": true, + "legendFormat": "{{$aggregation}} Request", + "range": true, + "refId": "B" + } + ], + "title": "Memory Request-Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": 3600000, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum by ($aggregation)(\n (sum by (cluster_id,namespace,pod,container) (rate(container_cpu_usage_seconds_total{cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\",container!=\"\"}[1h])))\n - \n (sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"cpu\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\",container!=\"\"}))\n)\n \n", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "-sum by ($aggregation)(\n (sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"cpu\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\",container!=\"\"}))\n)", + "hide": true, + "legendFormat": "{{$aggregation}} Request", + "range": true, + "refId": "B" + } + ], + "title": "CPU Request-Usage", + "type": "timeseries" + } + ], + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "aggregation", + "options": [ + { + "selected": false, + "text": "cluster_id", + "value": "cluster_id" + }, + { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + { + "selected": false, + "text": "container", + "value": "container" + } + ], + "query": "cluster_id,namespace,container", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_namespace_labels, cluster_id)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels, cluster_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(container_memory_working_set_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\", container!=\"POD\"}, container) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "container", + "options": [], + "query": { + "query": "label_values(container_memory_working_set_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\", container!=\"POD\"}, container) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Pod cost & utilization metrics(multi-cluster)", + "uid": "at-cost-analysis-pod2", + "version": 2, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-network-transfer-data.json b/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-network-transfer-data.json new file mode 100644 index 000000000..946969f5e --- /dev/null +++ b/charts/kubecost/cost-analyzer/grafana-templates/multi-cluster-network-transfer-data.json @@ -0,0 +1,654 @@ +{ + "__inputs": [ + { + "name": "DS_PROMETHEUS", + "label": "Prometheus", + "description": "", + "type": "datasource", + "pluginId": "prometheus", + "pluginName": "Prometheus" + } + ], + "__elements": {}, + "__requires": [ + { + "type": "grafana", + "id": "grafana", + "name": "Grafana", + "version": "9.3.1" + }, + { + "type": "datasource", + "id": "prometheus", + "name": "Prometheus", + "version": "1.0.0" + }, + { + "type": "panel", + "id": "timeseries", + "name": "Time series", + "version": "" + } + ], + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "https://docs.kubecost.com/install-and-configure/advanced-configuration/network-costs-configuration", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": null, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 12, + "panels": [], + "title": "Network Data Transfers (negative is egress data)", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 11, + "x": 0, + "y": 1 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "All Data", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 13, + "x": 11, + "y": 1 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{internet=\"true\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "hide": false, + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{internet=\"true\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "Internet Data", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Cross region and cross zone subnets must be defined via the configMap. \nSee: \n", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 11, + "x": 0, + "y": 15 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"false\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"false\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "Cross Region Data", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Cross region and cross zone subnets must be defined via the configMap. \nSee: \n", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 13, + "x": 11, + "y": 15 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"true\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"true\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "Cross Zone Data", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 37, + "style": "dark", + "tags": [ + "kubecost" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "aggregation", + "options": [ + { + "selected": false, + "text": "cluster_id", + "value": "cluster_id" + }, + { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + { + "selected": false, + "text": "pod_name", + "value": "pod_name" + } + ], + "query": "cluster_id, namespace, pod_name", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(cluster_id)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(cluster_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": {}, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(kube_pod_labels{cluster_id=~\"$cluster\",namespace=~\"$namespace\"}, pod) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "pod", + "options": [], + "query": { + "query": "label_values(kube_pod_labels{cluster_id=~\"$cluster\",namespace=~\"$namespace\"}, pod) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "filters": [], + "hide": 0, + "name": "filter", + "skipUrlSync": false, + "type": "adhoc" + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Kubecost networkCosts Metrics", + "uid": "kubecost-networkCosts-metrics", + "version": 7, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/kubernetes-resource-efficiency.json b/charts/kubecost/cost-analyzer/kubernetes-resource-efficiency.json new file mode 100644 index 000000000..156b3c292 --- /dev/null +++ b/charts/kubecost/cost-analyzer/kubernetes-resource-efficiency.json @@ -0,0 +1,408 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 29, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 2, + "panels": [], + "title": "Requests - Usage (negative values are unused reservations)", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": 3600000, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 16, + "w": 24, + "x": 0, + "y": 1 + }, + "id": 4, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by ($aggregation) (\n (sum by (cluster_id,namespace,pod,container) (container_memory_usage_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\",container=~\"$container\",container!=\"POD\",container!=\"\"}))\n -(sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"memory\",unit=\"byte\",cluster_id=~\"$cluster\",namespace=~\"$namespace\",container=~\"$container\",container!=\"POD\",container!=\"\"}))\n)", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by ($aggregation) (\n -(sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"memory\",unit=\"byte\",cluster_id=~\"$cluster\",namespace=~\"$namespace\",container=~\"$container\",container!=\"POD\",container!=\"\"}))\n)", + "hide": true, + "legendFormat": "{{$aggregation}} Request", + "range": true, + "refId": "B" + } + ], + "title": "Memory Request-Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": 3600000, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 24, + "x": 0, + "y": 17 + }, + "id": 6, + "options": { + "legend": { + "calcs": [ + "lastNotNull" + ], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by ($aggregation)(\n (sum by (cluster_id,namespace,pod,container) (rate(container_cpu_usage_seconds_total{cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\",container!=\"\"}[1h])))\n - \n (sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"cpu\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\",container!=\"\"}))\n)\n \n", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "-sum by ($aggregation)(\n (sum by (cluster_id,namespace,pod,container) (kube_pod_container_resource_requests{resource=\"cpu\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\",container!=\"\"}))\n)", + "hide": true, + "legendFormat": "{{$aggregation}} Request", + "range": true, + "refId": "B" + } + ], + "title": "CPU Request-Usage", + "type": "timeseries" + } + ], + "schemaVersion": 37, + "style": "dark", + "tags": [ + "utilization", + "metrics", + "kubecost" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "aggregation", + "options": [ + { + "selected": false, + "text": "cluster_id", + "value": "cluster_id" + }, + { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + { + "selected": false, + "text": "container", + "value": "container" + } + ], + "query": "cluster_id,namespace,container", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_namespace_labels, cluster_id)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels, cluster_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": { + "selected": true, + "text": "kubecost", + "value": "kubecost" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(container_memory_working_set_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\", container!=\"POD\"}, container) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "container", + "options": [], + "query": { + "query": "label_values(container_memory_working_set_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\", container!=\"POD\"}, container) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + } + ] + }, + "time": { + "from": "now-6h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Kubernetes Resource Efficiency", + "uid": "kubernetes-resource-efficiency", + "version": 1, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/networkCosts-metrics.json b/charts/kubecost/cost-analyzer/networkCosts-metrics.json new file mode 100644 index 000000000..35acb3d93 --- /dev/null +++ b/charts/kubecost/cost-analyzer/networkCosts-metrics.json @@ -0,0 +1,637 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "grafana", + "uid": "-- Grafana --" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "https://docs.kubecost.com/install-and-configure/advanced-configuration/network-costs-configuration", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 12, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 12, + "panels": [], + "title": "Network Data Transfers (negative is egress data)", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 11, + "x": 0, + "y": 1 + }, + "id": 10, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "All Data", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 13, + "x": 11, + "y": 1 + }, + "id": 2, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{internet=\"true\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "hide": false, + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{internet=\"true\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "Internet Data", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "Cross region and cross zone subnets must be defined via the configMap. \nSee: \n", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 11, + "x": 0, + "y": 15 + }, + "id": 9, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"false\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"false\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "Cross Region Data", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "Cross region and cross zone subnets must be defined via the configMap. \nSee: \n", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 2, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decmbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 14, + "w": 13, + "x": 11, + "y": 15 + }, + "id": 8, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum by($aggregation) (increase(kubecost_pod_network_ingress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"true\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "interval": "", + "legendFormat": "__auto", + "range": true, + "refId": "A" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "- sum by($aggregation) (increase(kubecost_pod_network_egress_bytes_total{internet=\"false\", namespace=~\"$namespace\", cluster_id=~\"$cluster\", pod_name=~\"$pod\", sameRegion=\"true\", sameZone=\"false\"}[60m])) / 1024 / 1024", + "hide": false, + "legendFormat": "__auto", + "range": true, + "refId": "B" + } + ], + "title": "Cross Zone Data", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 37, + "style": "dark", + "tags": [ + "utilization", + "metrics", + "kubecost" + ], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "aggregation", + "options": [ + { + "selected": false, + "text": "cluster_id", + "value": "cluster_id" + }, + { + "selected": true, + "text": "namespace", + "value": "namespace" + }, + { + "selected": false, + "text": "pod_name", + "value": "pod_name" + } + ], + "query": "cluster_id, namespace, pod_name", + "queryValue": "", + "skipUrlSync": false, + "type": "custom" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(cluster_id)", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(cluster_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_pod_labels{cluster_id=~\"$cluster\",namespace=~\"$namespace\"}, pod) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "pod", + "options": [], + "query": { + "query": "label_values(kube_pod_labels{cluster_id=~\"$cluster\",namespace=~\"$namespace\"}, pod) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "type": "query" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "filters": [], + "hide": 0, + "name": "filter", + "skipUrlSync": false, + "type": "adhoc" + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Kubecost networkCosts Metrics", + "uid": "kubecost-networkCosts-metrics", + "version": 7, + "weekStart": "" +} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/pod-utilization-multi-cluster.json b/charts/kubecost/cost-analyzer/pod-utilization-multi-cluster.json new file mode 100644 index 000000000..ad902f27f --- /dev/null +++ b/charts/kubecost/cost-analyzer/pod-utilization-multi-cluster.json @@ -0,0 +1,818 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "Visualize your kubernetes costs at the pod level.", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 9063, + "graphTooltip": 0, + "id": 16, + "iteration": 1674564472460, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "inspect": false + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "container_name" + }, + "properties": [ + { + "id": "displayName", + "value": "Container" + }, + { + "id": "unit", + "value": "currencyUSD" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "rgba(245, 54, 54, 0.9)", + "value": null + }, + { + "color": "rgba(50, 172, 45, 0.97)", + "value": 30 + }, + { + "color": "#c15c17", + "value": 80 + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #memory_requests" + }, + "properties": [ + { + "id": "displayName", + "value": "Memory Request" + }, + { + "id": "unit", + "value": "bytes" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #cpu_requests" + }, + "properties": [ + { + "id": "displayName", + "value": "CPU Request" + }, + { + "id": "unit", + "value": "none" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Time" + }, + "properties": [ + { + "id": "unit", + "value": "short" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #C" + }, + "properties": [ + { + "id": "displayName", + "value": "Memory ($/hour)" + }, + { + "id": "unit", + "value": "currencyUSD" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #D" + }, + "properties": [ + { + "id": "displayName", + "value": "Spot/PE RAM" + }, + { + "id": "unit", + "value": "currencyUSD" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Value #E" + }, + "properties": [ + { + "id": "displayName", + "value": "Total" + }, + { + "id": "unit", + "value": "currencyUSD" + }, + { + "id": "decimals", + "value": 2 + }, + { + "id": "custom.align" + }, + { + "id": "thresholds", + "value": { + "mode": "absolute", + "steps": [ + { + "color": "#bf1b00", + "value": null + }, + { + "color": "rgba(50, 172, 45, 0.97)" + } + ] + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "cluster_id" + }, + "properties": [ + { + "id": "custom.width", + "value": 226 + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 0 + }, + "hideTimeOverride": true, + "id": 98, + "links": [], + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Memory Request" + } + ] + }, + "pluginVersion": "9.0.2", + "repeatDirection": "v", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(\n avg_over_time(kube_pod_container_resource_requests{resource=\"memory\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\"}[$__range])\n) by (cluster_id, namespace, container)", + "format": "table", + "instant": true, + "intervalFactor": 1, + "refId": "memory_requests" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "expr": "sum(\n avg_over_time(kube_pod_container_resource_requests{resource=\"cpu\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\"}[$__range])\n or up * 0 \n) by (cluster_id, namespace, container)", + "format": "table", + "hide": false, + "instant": true, + "interval": "", + "intervalFactor": 1, + "legendFormat": "", + "refId": "cpu_requests" + } + ], + "timeFrom": "1M", + "title": "Container cost & allocation analysis", + "transformations": [ + { + "id": "merge", + "options": { + "reducers": [] + } + } + ], + "type": "table" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "This graph attempts to show you CPU use of your application vs its requests", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 8 + }, + "id": 94, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.0-beta1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "avg(rate(container_cpu_usage_seconds_total{cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container_name!=\"POD\",container_name!=\"\"}[10m])) by (cluster_id, namespace, container_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ cluster_id }}/{{container_name}} (usage)", + "metric": "container_cpu", + "refId": "usage", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "avg(kube_pod_container_resource_requests{resource=\"cpu\", unit=\"core\", cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\"}) by (cluster_id, namespace, container)", + "legendFormat": "{{ cluster_id }}/{{ container }} (request)", + "range": true, + "refId": "requests" + } + ], + "timeFrom": "", + "title": "CPU Usage vs Requested", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "This graph attempts to show you RAM use of your application vs its requests", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 96, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.0-beta1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "avg(avg_over_time(container_memory_working_set_bytes{cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container_name!=\"POD\",container_name!=\"\"}[5m])) by (cluster_id, namespace, container_name)", + "format": "time_series", + "hide": false, + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ cluster_id }}/{{ container_name }} (usage)", + "metric": "container_cpu", + "refId": "A", + "step": 10 + }, + { + "datasource": { + "type": "prometheus", + "uid": "PBFA97CFB590B2093" + }, + "editorMode": "code", + "expr": "avg(kube_pod_container_resource_requests{resource=\"memory\", unit=\"byte\", cluster_id=~\"$cluster\", namespace=~\"$namespace\", container=~\"$container\", container!=\"POD\"}) by (cluster_id, namespace, container)", + "format": "time_series", + "hide": false, + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{ cluster_id }}/{{ container }} (requested)", + "refId": "B" + } + ], + "timeFrom": "", + "title": "RAM Usage vs Requested", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "description": "This graph shows the % of periods where a pod is being throttled. Values range from 0-100", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 6, + "w": 24, + "x": 0, + "y": 22 + }, + "id": 99, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "desc" + } + }, + "pluginVersion": "9.1.0-beta1", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "100\n * sum by(cluster_id, namespace, container_name) (increase(container_cpu_cfs_throttled_periods_total{container_name!=\"\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container_name=~\"$container\", container_name!=\"POD\"}[5m]))\n / sum by(cluster_id, namespace, container_name) (increase(container_cpu_cfs_periods_total{container_name!=\"\",cluster_id=~\"$cluster\", namespace=~\"$namespace\", container_name=~\"$container\", container_name!=\"POD\"}[5m]))", + "format": "time_series", + "instant": false, + "interval": "", + "intervalFactor": 1, + "legendFormat": "{{ cluster_id }}/{{container_name}}", + "refId": "B" + } + ], + "timeFrom": "", + "title": "CPU throttle percent", + "type": "timeseries" + } + ], + "refresh": false, + "schemaVersion": 36, + "style": "dark", + "tags": [ + "cost", + "utilization", + "metrics", + "kubecost" + ], + "templating": { + "list": [ + { + "current": { + "selected": true, + "text": "Thanos", + "value": "Thanos" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_namespace_labels, cluster_id)", + "hide": 0, + "includeAll": true, + "label": "", + "multi": false, + "name": "cluster", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels, cluster_id)", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": true, + "text": "kubecost", + "value": "kubecost" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "hide": 0, + "includeAll": true, + "label": "", + "multi": false, + "name": "namespace", + "options": [], + "query": { + "query": "label_values(kube_namespace_labels{cluster_id=~\"$cluster\"}, namespace) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": true, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(container_memory_working_set_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\", container!=\"POD\"}, container) ", + "hide": 0, + "includeAll": true, + "multi": false, + "name": "container", + "options": [], + "query": { + "query": "label_values(container_memory_working_set_bytes{cluster_id=~\"$cluster\",namespace=~\"$namespace\", container!=\"POD\"}, container) ", + "refId": "StandardVariableQuery" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 5, + "type": "query" + } + ] + }, + "time": { + "from": "now-7d", + "to": "now" + }, + "timepicker": { + "hidden": false, + "refresh_intervals": [ + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": [ + "5m", + "15m", + "1h", + "6h", + "12h", + "24h", + "2d", + "7d", + "30d" + ] + }, + "timezone": "browser", + "title": "Pod cost & utilization metrics(multi-cluster)", + "uid": "at-cost-analysis-pod2", + "version": 2, + "weekStart": "" +} diff --git a/charts/kubecost/cost-analyzer/pod-utilization.json b/charts/kubecost/cost-analyzer/pod-utilization.json index 250b06dd1..dc2f5a41c 100644 --- a/charts/kubecost/cost-analyzer/pod-utilization.json +++ b/charts/kubecost/cost-analyzer/pod-utilization.json @@ -393,7 +393,7 @@ "step": 10 }, { - "expr": "avg(kube_pod_container_resource_requests_memory_bytes{namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", + "expr": "avg(kube_pod_container_resource_requests{resource=\"memory\", unit=\"byte\", namespace=~\"$namespace\", pod=\"$pod\", container!=\"POD\"}) by (container)", "format": "time_series", "hide": false, "instant": false, @@ -947,4 +947,4 @@ "title": "Pod cost & utilization metrics", "uid": "at-cost-analysis-pod", "version": 1 -} +} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/NOTES.txt b/charts/kubecost/cost-analyzer/templates/NOTES.txt index 5e61f8520..3958f66dc 100644 --- a/charts/kubecost/cost-analyzer/templates/NOTES.txt +++ b/charts/kubecost/cost-analyzer/templates/NOTES.txt @@ -1,9 +1,31 @@ -------------------------------------------------- +{{- $node := (lookup "v1" "Node" "" "") }} +{{- $isEKS := (regexMatch ".*eks.*" (.Capabilities.KubeVersion | quote) )}} +{{- $isGT22 := (semverCompare ">=1.23-0" .Capabilities.KubeVersion.GitVersion) }} +{{- $PVNotExists := (empty (lookup "v1" "PersistentVolume" "" "")) }} +{{- $EBSCSINotExists := (empty (lookup "apps/v1" "Deployment" "kube-system" "ebs-csi-controller")) }} + {{- $servicePort := .Values.service.port | default 9090 -}} Kubecost has been successfully installed. +{{ if (and $isEKS $isGT22) -}} + +WARNING: ON EKS v1.23+ INSTALLATION OF EBS-CSI DRIVER IS REQUIRED TO MANAGE PERSISTENT VOLUMES. LEARN MORE HERE: https://docs.kubecost.com/install-and-configure/install/provider-installations/aws-eks-cost-monitoring#prerequisites + +{{ if (and $EBSCSINotExists $PVNotExists) -}} + +ERROR: MISSING EBS-CSI DRIVER WHICH IS REQUIRED ON EKS v1.23+ TO MANAGE PERSISTENT VOLUMES. LEARN MORE HERE: https://docs.kubecost.com/install-and-configure/install/provider-installations/aws-eks-cost-monitoring#prerequisites + +{{ else if (and $EBSCSINotExists (not $PVNotExists)) -}} + +ERROR: MISSING EBS-CSI DRIVER WHICH IS REQUIRED ON EKS v1.23+ TO MANAGE PERSISTENT VOLUMES. LEARN MORE HERE: https://docs.kubecost.com/install-and-configure/install/provider-installations/aws-eks-cost-monitoring#prerequisites + +{{ end -}} +{{ end -}} + + Please allow 5-10 minutes for Kubecost to gather metrics. If you have configured cloud-integrations, it can take up to 48 hours for cost reconciliation to occur. diff --git a/charts/kubecost/cost-analyzer/templates/alibaba-service-key-secret.yaml b/charts/kubecost/cost-analyzer/templates/alibaba-service-key-secret.yaml index 2bbe4983f..bffb7d8fe 100644 --- a/charts/kubecost/cost-analyzer/templates/alibaba-service-key-secret.yaml +++ b/charts/kubecost/cost-analyzer/templates/alibaba-service-key-secret.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: Secret metadata: name: cloud-service-key + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} type: Opaque diff --git a/charts/kubecost/cost-analyzer/templates/aws-service-key-secret.yaml b/charts/kubecost/cost-analyzer/templates/aws-service-key-secret.yaml index d960f5cfd..eeecc03f9 100644 --- a/charts/kubecost/cost-analyzer/templates/aws-service-key-secret.yaml +++ b/charts/kubecost/cost-analyzer/templates/aws-service-key-secret.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: Secret metadata: name: cloud-service-key + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} type: Opaque diff --git a/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml index 0a538334f..3ec916996 100644 --- a/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/awsstore-deployment-template.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "cost-analyzer.fullname" . }}-awsstore + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/templates/awsstore-service-account-template.yaml b/charts/kubecost/cost-analyzer/templates/awsstore-service-account-template.yaml index a326658c9..0dadeaacc 100644 --- a/charts/kubecost/cost-analyzer/templates/awsstore-service-account-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/awsstore-service-account-template.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: awsstore-serviceaccount + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- with .Values.awsstore.annotations }} diff --git a/charts/kubecost/cost-analyzer/templates/azure-service-key-secret.yaml b/charts/kubecost/cost-analyzer/templates/azure-service-key-secret.yaml index ae77dae7b..e61b61e86 100644 --- a/charts/kubecost/cost-analyzer/templates/azure-service-key-secret.yaml +++ b/charts/kubecost/cost-analyzer/templates/azure-service-key-secret.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: Secret metadata: name: cloud-service-key + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} type: Opaque diff --git a/charts/kubecost/cost-analyzer/templates/azure-storage-config-secret.yaml b/charts/kubecost/cost-analyzer/templates/azure-storage-config-secret.yaml index 311b87723..f27cb4e89 100644 --- a/charts/kubecost/cost-analyzer/templates/azure-storage-config-secret.yaml +++ b/charts/kubecost/cost-analyzer/templates/azure-storage-config-secret.yaml @@ -8,6 +8,7 @@ apiVersion: v1 kind: Secret metadata: name: azure-storage-config + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} type: Opaque diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-advanced-reports-configmap.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-advanced-reports-configmap.yaml index 7af0e8239..8b31cb0db 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-advanced-reports-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-advanced-reports-configmap.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{default "advanced-report-configs" .Values.advancedReportConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-alerts-configmap.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-alerts-configmap.yaml index da03a036b..c2491dfb9 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-alerts-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-alerts-configmap.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ default "alert-configs" .Values.alertConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-asset-reports-configmap.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-asset-reports-configmap.yaml index cc11f7d29..387b0afc8 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-asset-reports-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-asset-reports-configmap.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ default "asset-report-configs" .Values.assetReportConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-binding-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-binding-template.yaml index 12db67f8c..91867dd90 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-binding-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-cluster-role-binding-template.yaml @@ -4,6 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "cost-analyzer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} roleRef: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-config-map-template.yaml index 8c54c64d2..399a042b1 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-config-map-template.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "cost-analyzer.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml index 38b7e92f8..989c05e38 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-db-pvc-template.yaml @@ -7,6 +7,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "cost-analyzer.fullname" . }}-db + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml index 0ff41b602..900f11323 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-deployment-template.yaml @@ -4,6 +4,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "cost-analyzer.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.kubecostDeployment }} @@ -86,11 +87,21 @@ spec: items: - key: nginx.conf path: default.conf + {{- /* + If Thanos is enabled, then enable ETL backups by default. + To opt out of ETL backups, set .Values.kubecostModel.etlBucketConfigSecret="" + */}} + {{- $etlBackupBucketSecret := "" }} {{- if .Values.kubecostModel.etlBucketConfigSecret }} + {{- $etlBackupBucketSecret = .Values.kubecostModel.etlBucketConfigSecret }} + {{- else if and .Values.global.thanos.enabled (ne (typeOf .Values.kubecostModel.etlBucketConfigSecret) "string") }} + {{- $etlBackupBucketSecret = .Values.thanos.storeSecretName }} + {{- end }} + {{- if $etlBackupBucketSecret }} - name: etl-bucket-config secret: defaultMode: 420 - secretName: {{ .Values.kubecostModel.etlBucketConfigSecret }} + secretName: {{ $etlBackupBucketSecret }} {{- end }} {{- if .Values.kubecostModel.federatedStorageConfigSecret }} - name: federated-storage-config @@ -361,7 +372,7 @@ spec: # Extra volume mount(s) {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} - {{- if .Values.kubecostModel.etlBucketConfigSecret }} + {{- if $etlBackupBucketSecret }} - name: etl-bucket-config mountPath: /var/configs/etl readOnly: true @@ -500,9 +511,10 @@ spec: name: {{ template "cost-analyzer.fullname" . }} key: prometheus-server-endpoint - name: CLOUD_PROVIDER_API_KEY - value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API requires a key. + value: "AIzaSyDXQPG_MHUEy9neR7stolq6l0ujXmjJlvk" # The GCP Pricing API key.This GCP api key is expected to be here and is limited to accessing google's billing API. {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} + - name: GOOGLE_APPLICATION_CREDENTIALS value: /var/configs/key.json {{- end }} @@ -643,7 +655,7 @@ spec: - name: ETL_READ_ONLY value: "true" {{- end }} - {{- if .Values.kubecostModel.etlBucketConfigSecret }} + {{- if $etlBackupBucketSecret }} - name: ETL_TO_DISK_ENABLED value: "false" - name: ETL_BUCKET_CONFIG @@ -712,6 +724,18 @@ spec: value: {{ (quote .Values.kubecostModel.etlAssetReconciliationEnabled) | default (quote true) }} - name: ETL_USE_UNBLENDED_COST value: {{ (quote .Values.kubecostModel.etlUseUnblendedClost) | default (quote false) }} + {{- if .Values.kubecostModel }} + {{- if .Values.kubecostModel.allocation }} + {{- if .Values.kubecostModel.allocation.nodeLabels }} + {{- with .Values.kubecostModel.allocation.nodeLabels }} + - name: ALLOCATION_NODE_LABELS_ENABLED + value: {{ (quote .enabled) | default (quote true) }} + - name: ALLOCATION_NODE_LABELS_INCLUDE_LIST + value: {{ (quote .includeList) }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- with .Values.kubecostModel.cloudCost }} - name: CLOUD_COST_ENABLED value: {{ (quote .enabled) | default (quote false) }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml index 1e18786ba..819962edf 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-federator-config-map-template.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "cost-analyzer.fullname" . }}-federator + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml index 99db99f1f..275ba538e 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-frontend-config-map-template.yaml @@ -10,6 +10,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: nginx-conf + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: @@ -245,6 +246,7 @@ data: proxy_set_header Connection ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Original-URI $request_uri; } location /logout { diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml index e8a441dee..ac2979dd7 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-ingress-template.yaml @@ -16,6 +16,7 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: name: {{ $fullName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- with .Values.ingress.annotations }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-metrics-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-metrics-config-map-template.yaml index 966bf8fd7..136d7fa9a 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-metrics-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-metrics-config-map-template.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ default "metrics-config" .Values.metricsConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-config-map-template.yaml index 37276f297..378fca584 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-config-map-template.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: network-costs-config + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-podmonitor-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-podmonitor-template.yaml index d45567616..d0b5b5dd8 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-podmonitor-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-podmonitor-template.yaml @@ -6,6 +6,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: name: {{ include "cost-analyzer.networkCostsName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.networkCosts.podMonitor.additionalLabels }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-service-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-service-template.yaml index 8242f12a8..fda8ccafa 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-service-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-service-template.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "cost-analyzer.networkCostsName" . }} + namespace: {{ .Release.Namespace }} {{- if (or .Values.networkCosts.service.annotations .Values.networkCosts.prometheusScrape) }} annotations: {{- if .Values.networkCosts.service.annotations }} @@ -17,6 +18,9 @@ metadata: labels: {{ unset (include "cost-analyzer.commonLabels" . | fromYaml) "app" | toYaml | nindent 4 }} app: {{ template "cost-analyzer.networkCostsName" . }} +{{- if .Values.networkCosts.service.labels }} +{{ toYaml .Values.networkCosts.service.labels | indent 4 }} +{{- end }} spec: clusterIP: None ports: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml index 007e6448b..71edca007 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-costs-template.yaml @@ -4,8 +4,12 @@ apiVersion: {{ include "cost-analyzer.daemonset.apiVersion" . }} kind: DaemonSet metadata: name: {{ template "cost-analyzer.networkCostsName" . }} + namespace: {{ .Release.Namespace }} labels: {{- include "cost-analyzer.commonLabels" . | nindent 4 }} +{{- if .Values.networkCosts.additionalLabels }} +{{ toYaml .Values.networkCosts.additionalLabels | indent 4 }} +{{- end }} spec: {{- if .Values.networkCosts.updateStrategy }} updateStrategy: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml index c806c3d51..8b11d4772 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-network-policy.yaml @@ -5,6 +5,7 @@ kind: NetworkPolicy {{- if .Values.networkPolicy.denyEgress }} metadata: name: deny-egress + namespace: {{ .Release.Namespace }} labels: {{- include "cost-analyzer.commonLabels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml index 3c95e11a3..294cbdd53 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-oidc-config-map-template.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "cost-analyzer.fullname" . }}-oidc + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pkey-configmap.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pkey-configmap.yaml index 6e47e0938..bb0017669 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pkey-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pkey-configmap.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ default "product-configs" .Values.productConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pricing-configmap.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pricing-configmap.yaml index 12ccb38b3..275374a8e 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pricing-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pricing-configmap.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ default "pricing-configs" .Values.pricingConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml index 2d6cfc387..4848d4e26 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-deployment.yaml @@ -5,6 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "cost-analyzer.fullname" . }}-adapter + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml index d36479439..cad11064b 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheus-postgres-adapter-service.yaml @@ -5,6 +5,7 @@ kind: Service apiVersion: v1 metadata: name: pgprometheus-adapter + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheusrule-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheusrule-template.yaml index 61380b424..eba7797f3 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheusrule-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-prometheusrule-template.yaml @@ -7,6 +7,7 @@ apiVersion: monitoring.coreos.com/v1 kind: PrometheusRule metadata: name: {{ include "cost-analyzer.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.prometheusRule.additionalLabels }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml index beea5f8c7..00fbcbfb2 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-role.template.yaml @@ -4,6 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "cost-analyzer.fullname" . }}-psp + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} annotations: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml index 5f0af102b..dbf35d493 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-psp-rolebinding.template.yaml @@ -4,6 +4,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "cost-analyzer.fullname" . }}-psp + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 6 }} roleRef: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml index 3255d80e2..662ea031a 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-pvc-template.yaml @@ -5,6 +5,7 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: name: {{ template "cost-analyzer.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-saml-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-saml-config-map-template.yaml index 71ac8659c..3293f2598 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-saml-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-saml-config-map-template.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ template "cost-analyzer.fullname" . }}-saml + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-saved-reports-configmap.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-saved-reports-configmap.yaml index 165f27bce..285229ab2 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-saved-reports-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-saved-reports-configmap.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{default "saved-report-configs" .Values.savedReportConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-server-configmap.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-server-configmap.yaml index 1a522d042..dc8741ffb 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-server-configmap.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-server-configmap.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ default "app-configs" .Values.appConfigmapName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-account-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-account-template.yaml index d5e3be3b9..f2a2cec80 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-account-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-account-template.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "cost-analyzer.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- with .Values.serviceAccount.annotations }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml index 15347f531..b1b8893a3 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-service-template.yaml @@ -5,6 +5,7 @@ kind: Service apiVersion: v1 metadata: name: {{ template "cost-analyzer.serviceName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.service.labels }} diff --git a/charts/kubecost/cost-analyzer/templates/cost-analyzer-servicemonitor-template.yaml b/charts/kubecost/cost-analyzer/templates/cost-analyzer-servicemonitor-template.yaml index 648c6b272..94568bce8 100644 --- a/charts/kubecost/cost-analyzer/templates/cost-analyzer-servicemonitor-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/cost-analyzer-servicemonitor-template.yaml @@ -4,6 +4,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "cost-analyzer.fullname" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.serviceMonitor.additionalLabels }} diff --git a/charts/kubecost/cost-analyzer/templates/external-grafana-config-map-template.yaml b/charts/kubecost/cost-analyzer/templates/external-grafana-config-map-template.yaml index 5e81ed359..1ac24ee3e 100644 --- a/charts/kubecost/cost-analyzer/templates/external-grafana-config-map-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/external-grafana-config-map-template.yaml @@ -3,6 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: external-grafana-config-map + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/grafana-dashboard-kubernetes-resource-efficiency-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-kubernetes-resource-efficiency-template.yaml new file mode 100644 index 000000000..719fae54b --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/grafana-dashboard-kubernetes-resource-efficiency-template.yaml @@ -0,0 +1,27 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-kubernetes-resource-efficiency + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} +data: + kubernetes-resource-efficiency.json: |- +{{ .Files.Get "kubernetes-resource-efficiency.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-networkcosts-metrics-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-networkcosts-metrics-template.yaml new file mode 100644 index 000000000..828bfa964 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/grafana-networkcosts-metrics-template.yaml @@ -0,0 +1,27 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-networkcosts-metrics + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} +data: + networkCosts-metrics.json: |- +{{ .Files.Get "networkCosts-metrics.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/grafana-pod-utilization-multi-cluster-template.yaml b/charts/kubecost/cost-analyzer/templates/grafana-pod-utilization-multi-cluster-template.yaml new file mode 100644 index 000000000..7559e9cc4 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/grafana-pod-utilization-multi-cluster-template.yaml @@ -0,0 +1,27 @@ +{{- if .Values.grafana -}} +{{- if .Values.grafana.sidecar -}} +{{- if .Values.grafana.sidecar.dashboards -}} +{{- if .Values.grafana.sidecar.dashboards.enabled -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: grafana-dashboard-pod-utilization-multi-cluster + {{- if $.Values.grafana.namespace_dashboards }} + namespace: {{ $.Values.grafana.namespace_dashboards }} + {{- end }} + labels: + {{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{- if $.Values.grafana.sidecar.dashboards.label }} + {{ $.Values.grafana.sidecar.dashboards.label }}: "1" + {{- else }} + grafana_dashboard: "1" + {{- end }} + annotations: +{{ toYaml .Values.grafana.sidecar.dashboards.annotations | indent 4 }} +data: + pod-utilization-multi-cluster.json: |- +{{ .Files.Get "pod-utilization-multi-cluster.json" | indent 8 }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-service-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-service-template.yaml new file mode 100644 index 000000000..c5abdf361 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-service-template.yaml @@ -0,0 +1,15 @@ +{{- if .Values.kubecostAdmissionController -}} +{{- if .Values.kubecostAdmissionController.enabled -}} +apiVersion: v1 +kind: Service +metadata: + name: webhook-server + namespace: kubecost +spec: + selector: + {{ include "cost-analyzer.selectorLabels" . | nindent 4 }} + ports: + - port: 443 + targetPort: 8443 +{{- end -}} +{{- end -}} diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-template.yaml new file mode 100644 index 000000000..50555883a --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/kubecost-admission-controller-template.yaml @@ -0,0 +1,31 @@ +{{- if .Values.kubecostAdmissionController -}} +{{- if .Values.kubecostAdmissionController.enabled -}} +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: kubecost-deployment-validation +webhooks: + - name: "kubecost-deployment-validation.kubecost.svc" + failurePolicy: Ignore + namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: [ "kubecost" ] + rules: + - operations: [ "CREATE", "UPDATE" ] + apiGroups: [ "apps" ] + apiVersions: [ "v1" ] + resources: [ "deployments" ] + scope: "*" + clientConfig: + service: + namespace: kubecost + name: webhook-server + path: "/validate" + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURCRENDQWV5Z0F3SUJBZ0lVWUdmbldybG9mM2NpaXJqWGNhZERrMklMUTNRd0RRWUpLb1pJaHZjTkFRRUwKQlFBd0pqRWtNQ0lHQTFVRUF3d2JkMlZpYUc5dmF5MXpaWEoyWlhJdWEzVmlaV052YzNRdWMzWmpNQjRYRFRJegpNREV3T1RBek1qTXpNbG9YRFRJek1ESXdPREF6TWpNek1sb3dKakVrTUNJR0ExVUVBd3diZDJWaWFHOXZheTF6ClpYSjJaWEl1YTNWaVpXTnZjM1F1YzNaak1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0MKQVFFQTRDczYwTU13SjV6SkVMZ2xKRUVoRkFFMDRWL21wejZJUElhT1RvdmRVZytyVXFCbEJKMnB6QXBueWJMOApTNHo1OXYxaUFETEx0WUdOZ2VhRUZCL0x6UVR4VnMvRGJRYU9NeEs5UVk2ZzhyZDVnd3crNTRsUVlxSXNSOFZJCmwyWGdxemZVMk5NbG11VkF0YXFHZnh3SFVqZE1ORkd0TDFmOEVVNEtLcitxa0Z4L294OHN2T3YvdTVmeUZXeGkKV291SzdZVEtPYzJvb0xTNE1mL1JNSUxkVGhSQ2JwaHRVeHFoaWtuMlpCQmJxcG44allaeVVTTFRqOHZmWHU3MQpheGFJamFlMDJNSU9nMk5QRExuT2NHQ3NSOFB6Z1JSTmxtZDFjeVl2YmNxZEF5ZnR5YmFwL0VTKzM3dXpieGF0CkhmK3A2S3VwWGhzM2ZyZURPUDE1aXQxS0VRSURBUUFCb3lvd0tEQW1CZ05WSFJFRUh6QWRnaHQzWldKb2IyOXIKTFhObGNuWmxjaTVyZFdKbFkyOXpkQzV6ZG1Nd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFJZ2hhSTBPVmxOOQplbCtPU0hqRDZwRlZwUVRVcTNOYU1uMzVVMGp0R2lJNExTT2RkZC81aWh2MHcwUWpxVkJiWFZ0TWJsSTEwRnFFCno5SnAwTVl1WmZHK3Nra2dQK3lZeFVFZFJQVU5XRG1wMjd2OE1zcEMrMURKbit3aUFRUjU0eVpsdWZxUkM5cHEKWno1M2dMVy9iczJIdjJ2VW1IUTlRbkpwOXY3Q0NBS1VBMmZLM1haTHZNWEt1bllSK1N5MmlVc09PU0crL0ZUQgptRFRqM2t3ZGhwOXFZNWpZbm9VSlRtVlNPa0F1ZXYybExXby84TkJEbGZGYm9tdjBvWDhSem9IVjFEd3V5NFlHClJHQnpjU2c5Nnc2M1BtUytkNFQvOFpYYjg1TEJleEFraWpFK0NJNGg0cUFESVRSTmhNbCtCTDJQR2hWLzVJd3QKVHhEMUczSnhoUXc9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + admissionReviewVersions: ["v1"] + sideEffects: None + timeoutSeconds: 5 +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-agent-secret-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-agent-secret-template.yaml index fbc6034af..cda3c6055 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-agent-secret-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-agent-secret-template.yaml @@ -4,6 +4,7 @@ kind: Secret type: Opaque metadata: name: {{ .Values.agentKeySecretName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-agent-secretprovider-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-agent-secretprovider-template.yaml new file mode 100644 index 000000000..4f13c9625 --- /dev/null +++ b/charts/kubecost/cost-analyzer/templates/kubecost-agent-secretprovider-template.yaml @@ -0,0 +1,21 @@ +{{- if .Values.agent }} +{{- if .Values.agentCsi.enabled }} +{{- if .Capabilities.APIVersions.Has "secrets-store.csi.x-k8s.io/v1" }} +apiVersion: secrets-store.csi.x-k8s.io/v1 +{{- else }} +apiVersion: secrets-store.csi.x-k8s.io/v1alpha1 +{{- end }} +kind: SecretProviderClass +metadata: + name: {{ .Values.agentCsi.secretProvider.name }} + namespace: {{ .Release.Namespace }} + labels: {{ unset (include "cost-analyzer.commonLabels" . | fromYaml) "app" | toYaml | nindent 4 }} + app: {{ template "kubecost.kubeMetricsName" . }} +spec: + provider: {{ required "Specify a valid provider." .Values.agentCsi.secretProvider.provider }} + {{- if .Values.agentCsi.secretProvider.parameters }} + parameters: + {{- .Values.agentCsi.secretProvider.parameters | toYaml | nindent 4 }} + {{- end }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml index f8e7997cf..467322d3d 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-controller-template.yaml @@ -5,6 +5,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ template "kubecost.clusterControllerName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} --- @@ -168,6 +169,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kubecost.clusterControllerName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: @@ -244,6 +246,7 @@ apiVersion: v1 kind: Service metadata: name: {{ template "kubecost.clusterControllerName" . }}-service + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} spec: diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-cluster-manager-configmap-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-manager-configmap-template.yaml index 907252f93..b851fd4e9 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-cluster-manager-configmap-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-cluster-manager-configmap-template.yaml @@ -4,6 +4,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: kubecost-clusters + namespace: {{ .Release.Namespace }} labels: {{- include "cost-analyzer.commonLabels" . | nindent 4 }} data: diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml index 9330460ce..fecb5b9b7 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-deployment-template.yaml @@ -5,6 +5,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "kubecost.kubeMetricsName" . }} + namespace: {{ .Release.Namespace }} labels: {{ unset (include "cost-analyzer.commonLabels" . | fromYaml) "app" | toYaml | nindent 4 }} app: {{ template "kubecost.kubeMetricsName" . }} @@ -43,8 +44,16 @@ spec: volumes: {{- if .Values.agent }} - name: config-store + {{- if .Values.agentCsi.enabled }} + csi: + driver: secrets-store.csi.k8s.io + readOnly: true + volumeAttributes: + secretProviderClass: "{{ .Values.agentCsi.secretProvider.name }}" + {{- else }} secret: secretName: {{ .Values.agentKeySecretName }} + {{- end }} {{- end }} {{- if .Values.kubecostProductConfigs }} {{- if .Values.kubecostProductConfigs.gcpSecretName }} diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-monitor-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-monitor-template.yaml index 493f200ff..99534ba4d 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-monitor-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-monitor-template.yaml @@ -7,6 +7,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "kubecost.kubeMetricsName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.kubecostMetrics.exporter.serviceMonitor.additionalLabels }} diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-template.yaml index e18c5264d..80ef198f8 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-metrics-service-template.yaml @@ -6,8 +6,10 @@ apiVersion: v1 kind: Service metadata: name: {{ template "kubecost.kubeMetricsName" . }} + namespace: {{ .Release.Namespace }} labels: -{{ include "cost-analyzer.commonLabels" . | nindent 4 }} + {{ unset (include "cost-analyzer.commonLabels" . | fromYaml) "app" | toYaml | nindent 4 }} + app: {{ template "kubecost.kubeMetricsName" . }} {{- if (or .Values.kubecostMetrics.exporter.service.annotations $prometheusScrape) }} annotations: {{- if .Values.kubecostMetrics.exporter.service.annotations }} diff --git a/charts/kubecost/cost-analyzer/templates/kubecost-oidc-secret-template.yaml b/charts/kubecost/cost-analyzer/templates/kubecost-oidc-secret-template.yaml index 17072a6cb..28c79e51a 100644 --- a/charts/kubecost/cost-analyzer/templates/kubecost-oidc-secret-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/kubecost-oidc-secret-template.yaml @@ -6,6 +6,7 @@ kind: Secret type: Opaque metadata: name: {{ .Values.oidc.secretName }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} stringData: diff --git a/charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml b/charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml index 9687607de..4d6840e43 100644 --- a/charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml +++ b/charts/kubecost/cost-analyzer/templates/network-costs-role.template.yaml @@ -6,6 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ template "cost-analyzer.fullname" . }}-network-costs + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} annotations: diff --git a/charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml b/charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml index 964c5b778..890f67208 100644 --- a/charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml +++ b/charts/kubecost/cost-analyzer/templates/network-costs-rolebinding.template.yaml @@ -6,6 +6,7 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ template "cost-analyzer.fullname" . }}-network-costs + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 6 }} roleRef: diff --git a/charts/kubecost/cost-analyzer/templates/network-costs-servicemonitor-template.yaml b/charts/kubecost/cost-analyzer/templates/network-costs-servicemonitor-template.yaml index dfc7cfecc..9cc312dda 100644 --- a/charts/kubecost/cost-analyzer/templates/network-costs-servicemonitor-template.yaml +++ b/charts/kubecost/cost-analyzer/templates/network-costs-servicemonitor-template.yaml @@ -3,6 +3,7 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ include "cost-analyzer.networkCostsName" . }} + namespace: {{ .Release.Namespace }} labels: {{ include "cost-analyzer.commonLabels" . | nindent 4 }} {{- if .Values.serviceMonitor.networkCosts.additionalLabels }} diff --git a/charts/kubecost/cost-analyzer/values-agent.yaml b/charts/kubecost/cost-analyzer/values-agent.yaml index a09462dc3..a6ce37228 100644 --- a/charts/kubecost/cost-analyzer/values-agent.yaml +++ b/charts/kubecost/cost-analyzer/values-agent.yaml @@ -11,6 +11,12 @@ global: # with enhancements designed for external hosting. agent: true # agentKeySecretName: kubecost-agent-object-store +agentCsi: + enabled: false + secretProvider: + name: kubecost-agent-object-store-secretprovider + provider: + parameters: {} # No Grafana configuration is required. grafana: diff --git a/charts/kubecost/cost-analyzer/values-custom-pricing.yaml b/charts/kubecost/cost-analyzer/values-custom-pricing.yaml new file mode 100644 index 000000000..82a0c5540 --- /dev/null +++ b/charts/kubecost/cost-analyzer/values-custom-pricing.yaml @@ -0,0 +1,17 @@ +pricingCsv: + enabled: true + location: + URI: /var/kubecost-csv/custom-pricing.csv # local configMap or s3://bucket/path/custom-pricing.csv + # provider: "AWS" + # region: "us-east-1" + # URI: s3://kc-csv-test/pricing_schema.csv # a valid file URI + # csvAccessCredentials: pricing-schema-access-secret + +# when using configmap: kubectl create configmap -n kubecost csv-pricing --from-file custom-pricing.csv +extraVolumes: +- name: kubecost-csv + configMap: + name: csv-pricing +extraVolumeMounts: +- name: kubecost-csv + mountPath: /var/kubecost-csv diff --git a/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml b/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml index f431790e2..58b773522 100644 --- a/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml +++ b/charts/kubecost/cost-analyzer/values-eks-cost-monitoring.yaml @@ -33,7 +33,9 @@ networkPolicy: podSecurityPolicy: enabled: false -imageVersion: prod-1.97.0 +# Enable this flag if you need to install with specfic image tags +# imageVersion: prod-1.97.0 + kubecostFrontend: image: public.ecr.aws/kubecost/frontend imagePullPolicy: Always @@ -141,7 +143,7 @@ prometheus: prometheus: ## If false, the configmap-reload container will not be deployed ## - enabled: true + enabled: false ## configmap-reload container name ## diff --git a/charts/kubecost/cost-analyzer/values.yaml b/charts/kubecost/cost-analyzer/values.yaml index 0975fa7e6..cf3f29a4d 100644 --- a/charts/kubecost/cost-analyzer/values.yaml +++ b/charts/kubecost/cost-analyzer/values.yaml @@ -40,6 +40,7 @@ global: # alertConfigs: # frontendUrl: http://localhost:9090 # optional, used for linkbacks # globalSlackWebhookUrl: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX # optional, used for Slack alerts + # globalMsTeamsWebhookUrl: https://xxxxx.webhook.office.com/webhookb2/XXXXXXXXXXXXXXXXXXXXXXXX/IncomingWebhook/XXXXXXXXXXXXXXXXXXXXXXXX # optional, used for Microsoft Teams alerts # globalAlertEmails: # - recipient@example.com # - additionalRecipient@example.com @@ -54,8 +55,9 @@ global: # ownerContact: # optional, overrides globalAlertEmails default # - owner@example.com # - owner2@example.com - # # optional, used for alert-specific Slack alerts + # # optional, used for alert-specific Slack and Microsoft Teams alerts # slackWebhookUrl: https://hooks.slack.com/services/T00000000/B00000000/XXXXXXXXXXXXXXXXXXXXXXXX + # msTeamsWebhookUrl: https://xxxxx.webhook.office.com/webhookb2/XXXXXXXXXXXXXXXXXXXXXXXX/IncomingWebhook/XXXXXXXXXXXXXXXXXXXXXXXX # Daily cluster budget alert on cluster `cluster-one` # - type: budget @@ -342,6 +344,14 @@ kubecostModel: # For deploying kubecost in a cluster that does not self-monitor etlReadOnlyMode: false + allocation: + # Enables or disables adding node labels to allocation data (i.e. workloads). + # Defaults to "true" and starts with a sensible includeList for basics like + # topology (e.g. zone, region) and instance type labels. + # nodeLabels: + # enabled: true + # includeList: "node.kubernetes.io/instance-type,topology.kubernetes.io/region,topology.kubernetes.io/zone" + # Enables or disables the ContainerStats pipeline, used for quantile-based # queries like for request sizing recommendations. # ContainerStats provides support for quantile-based request right-sizing @@ -682,6 +692,7 @@ networkCosts: service: annotations: {} + labels: {} ## PriorityClassName ## Ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass @@ -710,7 +721,7 @@ kubecostDeployment: # Kubecost Cluster Controller for Right Sizing and Cluster Turndown clusterController: enabled: false - image: gcr.io/kubecost1/cluster-controller:v0.5.0 + image: gcr.io/kubecost1/cluster-controller:v0.6.1 imagePullPolicy: Always kubescaler: # If true, will cause all (supported) workloads to be have their requests @@ -785,6 +796,7 @@ grafana: # set root_url to "%(protocol)s://%(domain)s:%(http_port)s/kubecost/grafana". No change is necessary here if kubecost runs at a root URL grafana.ini: server: + serve_from_sub_path: true root_url: "%(protocol)s://%(domain)s:%(http_port)s/grafana" serviceAccount: create: true # Set this to false if you're bringing your own service account. @@ -814,6 +826,9 @@ federatedETL: # If not set, the federator will attempt to federated all clusters pushing to the federated storage. clusters: [] +kubecostAdmissionController: + enabled: false + # readonly: false # disable updates to kubecost from the frontend UI and via POST request # These configs can also be set from the Settings page in the Kubecost product UI diff --git a/charts/kuma/kuma/Chart.yaml b/charts/kuma/kuma/Chart.yaml index be9e98b4b..a747a9c39 100644 --- a/charts/kuma/kuma/Chart.yaml +++ b/charts/kuma/kuma/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/namespace: kuma-system catalog.cattle.io/release-name: kuma apiVersion: v2 -appVersion: 2.0.2 +appVersion: 2.1.0 description: A Helm chart for the Kuma Control Plane home: https://github.com/kumahq/kuma icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg @@ -20,4 +20,4 @@ maintainers: name: nickolaev name: kuma type: application -version: 2.0.2 +version: 2.1.0 diff --git a/charts/kuma/kuma/README.md b/charts/kuma/kuma/README.md index 6f93c6811..9626f7308 100644 --- a/charts/kuma/kuma/README.md +++ b/charts/kuma/kuma/README.md @@ -2,7 +2,7 @@ A Helm chart for the Kuma Control Plane -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 1.8.0](https://img.shields.io/badge/Version-1.8.0-informational?style=flat-square) ![AppVersion: 1.8.0](https://img.shields.io/badge/AppVersion-1.8.0-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 2.1.0](https://img.shields.io/badge/Version-2.1.0-informational?style=flat-square) ![AppVersion: 2.1.0](https://img.shields.io/badge/AppVersion-2.1.0-informational?style=flat-square) **Homepage:** @@ -29,6 +29,7 @@ A Helm chart for the Kuma Control Plane | controlPlane.autoscaling.targetCPUUtilizationPercentage | int | `80` | For clusters that don't support autoscaling/v2beta, autoscaling/v1 is used | | controlPlane.autoscaling.metrics | list | `[{"resource":{"name":"cpu","target":{"averageUtilization":80,"type":"Utilization"}},"type":"Resource"}]` | For clusters that do support autoscaling/v2beta, use metrics | | controlPlane.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for the Kuma Control Plane pods | +| controlPlane.tolerations | list | `[]` | Tolerations for the Kuma Control Plane pods | | controlPlane.podDisruptionBudget.enabled | bool | `false` | Whether to create a pod disruption budget | | controlPlane.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget | | controlPlane.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["{{ include \"kuma.name\" . }}-control-plane"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Control Plane pods. This is rendered as a template, so you can reference other helm variables or includes. | @@ -85,6 +86,7 @@ A Helm chart for the Kuma Control Plane | cni.confName | string | `"kuma-cni.conf"` | Set the CNI configuration name | | cni.logLevel | string | `"info"` | CNI log level: one of off,info,debug | | cni.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node Selector for the CNI pods | +| cni.tolerations | list | `[]` | Tolerations for the CNI pods | | cni.podAnnotations | object | `{}` | Additional pod annotations | | cni.image.registry | string | `"docker.io/kumahq"` | CNI image registry | | cni.image.repository | string | `"install-cni"` | CNI image repository | @@ -125,6 +127,7 @@ A Helm chart for the Kuma Control Plane | ingress.annotations | object | `{}` | Additional pod annotations (deprecated favor `podAnnotations`) | | ingress.podAnnotations | object | `{}` | Additional pod annotations | | ingress.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node Selector for the Ingress pods | +| ingress.tolerations | list | `[]` | Tolerations for the Ingress pods | | ingress.podDisruptionBudget.enabled | bool | `false` | Whether to create a pod disruption budget | | ingress.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget | | ingress.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["kuma-ingress"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Ingress pods This is rendered as a template, so you can reference other helm variables or includes. | @@ -149,6 +152,7 @@ A Helm chart for the Kuma Control Plane | egress.annotations | object | `{}` | Additional pod annotations (deprecated favor `podAnnotations`) | | egress.podAnnotations | object | `{}` | Additional pod annotations | | egress.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node Selector for the Egress pods | +| egress.tolerations | list | `[]` | Tolerations for the Egress pods | | egress.podDisruptionBudget.enabled | bool | `false` | Whether to create a pod disruption budget | | egress.podDisruptionBudget.maxUnavailable | int | `1` | The maximum number of unavailable pods allowed by the budget | | egress.affinity | object | `{"podAntiAffinity":{"preferredDuringSchedulingIgnoredDuringExecution":[{"podAffinityTerm":{"labelSelector":{"matchExpressions":[{"key":"app.kubernetes.io/name","operator":"In","values":["{{ include \"kuma.name\" . }}"]},{"key":"app.kubernetes.io/instance","operator":"In","values":["{{ .Release.Name }}"]},{"key":"app","operator":"In","values":["kuma-egress"]}]},"topologyKey":"kubernetes.io/hostname"},"weight":100}]}}` | Affinity placement rule for the Kuma Egress pods. This is rendered as a template, so you can reference other helm variables or includes. | @@ -161,6 +165,7 @@ A Helm chart for the Kuma Control Plane | kubectl.image.repository | string | `"kubectl"` | The kubectl image repository | | kubectl.image.tag | string | `"v1.20.15"` | The kubectl image tag | | hooks.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node selector for the HELM hooks | +| hooks.tolerations | list | `[]` | Tolerations for the HELM hooks | | hooks.podSecurityContext | object | `{}` | Security context at the pod level for crd/webhook/ns | | hooks.containerSecurityContext | object | `{}` | Security context at the container level for crd/webhook/ns | | experimental.gatewayAPI | bool | `false` | If true, it installs experimental Gateway API support | diff --git a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml index 74ba6fe10..e9d7d0dc7 100644 --- a/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml +++ b/charts/kuma/kuma/crds/kuma.io_circuitbreakers.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: circuitbreakers.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml index b6e4dc285..02a01ba9e 100644 --- a/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml +++ b/charts/kuma/kuma/crds/kuma.io_containerpatches.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: containerpatches.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml index 74e31e4d0..8d8c47115 100644 --- a/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_dataplaneinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: dataplaneinsights.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml index cfae5488e..a375c527d 100644 --- a/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_dataplanes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: dataplanes.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml index 6ec680c84..5c3b082ee 100644 --- a/charts/kuma/kuma/crds/kuma.io_externalservices.yaml +++ b/charts/kuma/kuma/crds/kuma.io_externalservices.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: externalservices.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml index d7219a344..d8a927d79 100644 --- a/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml +++ b/charts/kuma/kuma/crds/kuma.io_faultinjections.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: faultinjections.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml index 19eb98a47..dae84517e 100644 --- a/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml +++ b/charts/kuma/kuma/crds/kuma.io_healthchecks.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: healthchecks.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml index b2e76b0dd..d7b1d8519 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshaccesslogs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshaccesslogs.kuma.io spec: @@ -65,6 +65,8 @@ spec: type: string type: object type: array + omitEmptyValues: + type: boolean plain: type: string type: object @@ -72,6 +74,8 @@ spec: description: Path to a file that logs will be written to type: string + required: + - path type: object tcp: description: TCPBackend defines a TCP logging backend. @@ -92,12 +96,15 @@ spec: type: string type: object type: array + omitEmptyValues: + type: boolean plain: type: string type: object + required: + - address type: object type: object - nullable: true type: array type: object targetRef: @@ -129,6 +136,8 @@ spec: tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object type: object + required: + - targetRef type: object type: array targetRef: @@ -189,6 +198,8 @@ spec: type: string type: object type: array + omitEmptyValues: + type: boolean plain: type: string type: object @@ -196,6 +207,8 @@ spec: description: Path to a file that logs will be written to type: string + required: + - path type: object tcp: description: TCPBackend defines a TCP logging backend. @@ -216,12 +229,15 @@ spec: type: string type: object type: array + omitEmptyValues: + type: boolean plain: type: string type: object + required: + - address type: object type: object - nullable: true type: array type: object targetRef: @@ -253,8 +269,12 @@ spec: tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object type: object + required: + - targetRef type: object type: array + required: + - targetRef type: object type: object served: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml new file mode 100644 index 000000000..bdb9f29d6 --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshcircuitbreakers.yaml @@ -0,0 +1,652 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshcircuitbreakers.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshCircuitBreaker + listKind: MeshCircuitBreakerList + plural: meshcircuitbreakers + singular: meshcircuitbreaker + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshCircuitBreaker + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined in place. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionLimits: + description: ConnectionLimits contains configuration of + each circuit breaking limit, which when exceeded makes + the circuit breaker to become open (no traffic is allowed + like no current is allowed in the circuits when physical + circuit breaker ir open) + properties: + maxConnectionPools: + description: The maximum number of connection pools + per cluster that are concurrently supported at once. + Set this for clusters which create a large number + of connection pools. + format: int32 + type: integer + maxConnections: + description: The maximum number of connections allowed + to be made to the upstream cluster. + format: int32 + type: integer + maxPendingRequests: + description: The maximum number of pending requests + that are allowed to the upstream cluster. This limit + is applied as a connection limit for non-HTTP traffic. + format: int32 + type: integer + maxRequests: + description: The maximum number of parallel requests + that are allowed to be made to the upstream cluster. + This limit does not apply to non-HTTP traffic. + format: int32 + type: integer + maxRetries: + description: The maximum number of parallel retries + that will be allowed to the upstream cluster. + format: int32 + type: integer + type: object + outlierDetection: + description: OutlierDetection contains the configuration + of the process of dynamically determining whether some + number of hosts in an upstream cluster are performing + unlike the others and removing them from the healthy load + balancing set. Performance might be along different axes + such as consecutive failures, temporal success rate, temporal + latency, etc. Outlier detection is a form of passive health + checking. + properties: + baseEjectionTime: + description: The base time that a host is ejected for. + The real time is equal to the base time multiplied + by the number of times the host has been ejected. + type: string + detectors: + description: Contains configuration for supported outlier + detectors + properties: + failurePercentage: + description: Failure Percentage based outlier detection + functions similarly to success rate detection, + in that it relies on success rate data from each + host in a cluster. However, rather than compare + those values to the mean success rate of the cluster + as a whole, they are compared to a flat user-configured + threshold. This threshold is configured via the + outlierDetection.failurePercentageThreshold field. + The other configuration fields for failure percentage + based detection are similar to the fields for + success rate detection. As with success rate detection, + detection will not be performed for a host if + its request volume over the aggregation interval + is less than the outlierDetection.detectors.failurePercentage.requestVolume + value. Detection also will not be performed for + a cluster if the number of hosts with the minimum + required request volume in an interval is less + than the outlierDetection.detectors.failurePercentage.minimumHosts + value. + properties: + minimumHosts: + description: The minimum number of hosts in + a cluster in order to perform failure percentage-based + ejection. If the total number of hosts in + the cluster is less than this value, failure + percentage-based ejection will not be performed. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration above) to + perform failure percentage-based ejection + for this host. If the volume is lower than + this setting, failure percentage-based ejection + will not be performed for this host. + format: int32 + type: integer + threshold: + description: The failure percentage to use when + determining failure percentage-based outlier + detection. If the failure percentage of a + given host is greater than or equal to this + value, it will be ejected. + format: int32 + type: integer + type: object + gatewayFailures: + description: In the default mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and local origin + failures, such as timeout, TCP reset etc. In split + mode (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + a subset of 5xx errors, called "gateway errors" + (502, 503 or 504 status code) and is supported + only by the http router. + properties: + consecutive: + description: The number of consecutive gateway + failures (502, 503, 504 status codes) before + a consecutive gateway failure ejection occurs. + format: int32 + type: integer + type: object + localOriginFailures: + description: 'This detection type is enabled only + when outlierDetection.splitExternalLocalOriginErrors + is true and takes into account only locally originated + errors (timeout, reset, etc). If Envoy repeatedly + cannot connect to an upstream host or communication + with the upstream host is repeatedly interrupted, + it will be ejected. Various locally originated + problems are detected: timeout, TCP reset, ICMP + errors, etc. This detection type is supported + by http router and tcp proxy.' + properties: + consecutive: + description: The number of consecutive locally + originated failures before ejection occurs. + Parameter takes effect only when splitExternalAndLocalErrors + is set to true. + format: int32 + type: integer + type: object + successRate: + description: 'Success Rate based outlier detection + aggregates success rate data from every host in + a cluster. Then at given intervals ejects hosts + based on statistical outlier detection. Success + Rate outlier detection will not be calculated + for a host if its request volume over the aggregation + interval is less than the outlierDetection.detectors.successRate.requestVolume + value. Moreover, detection will not be performed + for a cluster if the number of hosts with the + minimum required request volume in an interval + is less than the outlierDetection.detectors.successRate.minimumHosts + value. In the default configuration mode (outlierDetection.splitExternalLocalOriginErrors + is false) this detection type takes into account + all types of errors: locally and externally originated. + In split mode (outlierDetection.splitExternalLocalOriginErrors + is true), locally originated errors and externally + originated (transaction) errors are counted and + treated separately.' + properties: + minimumHosts: + description: The number of hosts in a cluster + that must have enough request volume to detect + success rate outliers. If the number of hosts + is less than this setting, outlier detection + via success rate statistics is not performed + for any host in the cluster. + format: int32 + type: integer + requestVolume: + description: The minimum number of total requests + that must be collected in one interval (as + defined by the interval duration configured + in outlierDetection section) to include this + host in success rate based outlier detection. + If the volume is lower than this setting, + outlier detection via success rate statistics + is not performed for that host. + format: int32 + type: integer + standardDeviationFactor: + anyOf: + - type: integer + - type: string + description: 'This factor is used to determine + the ejection threshold for success rate outlier + ejection. The ejection threshold is the difference + between the mean success rate, and the product + of this factor and the standard deviation + of the mean success rate: mean - (standard_deviation + * success_rate_standard_deviation_factor). + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true + type: object + totalFailures: + description: 'In the default mode (outlierDetection.splitExternalAndLocalErrors + is false) this detection type takes into account + all generated errors: locally originated and externally + originated (transaction) errors. In split mode + (outlierDetection.splitExternalLocalOriginErrors + is true) this detection type takes into account + only externally originated (transaction) errors, + ignoring locally originated errors. If an upstream + host is an HTTP-server, only 5xx types of error + are taken into account (see Consecutive Gateway + Failure for exceptions). Properly formatted responses, + even when they carry an operational error (like + index not found, access denied) are not taken + into account.' + properties: + consecutive: + description: The number of consecutive server-side + error responses (for HTTP traffic, 5xx responses; + for TCP traffic, connection failures; for + Redis, failure to respond PONG; etc.) before + a consecutive total failure ejection occurs. + format: int32 + type: integer + type: object + type: object + disabled: + description: When set to true, outlierDetection configuration + won't take any effect + type: boolean + interval: + description: The time interval between ejection analysis + sweeps. This can result in both new ejections and + hosts being returned to service. + type: string + maxEjectionPercent: + description: The maximum % of an upstream cluster that + can be ejected due to outlier detection. Defaults + to 10% but will eject at least one host regardless + of the value. + format: int32 + type: integer + splitExternalAndLocalErrors: + description: 'Determines whether to distinguish local + origin failures from external errors. If set to true + the following configuration parameters are taken into + account: detectors.localOriginFailures.consecutive' + type: boolean + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshes.yaml b/charts/kuma/kuma/crds/kuma.io_meshes.yaml index c047f726a..65cde9401 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshes.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml new file mode 100644 index 000000000..403d8afa9 --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshfaultinjections.yaml @@ -0,0 +1,189 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshfaultinjections.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshFaultInjection + listKind: MeshFaultInjectionList + plural: meshfaultinjections + singular: meshfaultinjection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshFaultInjection + resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + http: + description: Http allows to define list of Http faults between + dataplanes. + items: + description: FaultInjection defines the configuration + of faults between dataplanes. + properties: + abort: + description: Abort defines a configuration of not + delivering requests to destination service and replacing + the responses from destination dataplane by predefined + status code + properties: + httpStatus: + description: HTTP status code which will be returned + to source side + format: int32 + type: integer + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which abort + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - httpStatus + - percentage + type: object + delay: + description: Delay defines configuration of delaying + a response from a destination + properties: + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which delay + will be injected, has to be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + value: + description: The duration during which the response + will be delayed + type: string + required: + - percentage + - value + type: object + responseBandwidth: + description: ResponseBandwidth defines a configuration + to limit the speed of responding to the requests + properties: + limit: + description: Limit is represented by value measure + in gbps, mbps, kbps or bps, e.g. 10kbps + type: string + percentage: + anyOf: + - type: integer + - type: string + description: Percentage of requests on which response + bandwidth limit will be either int or decimal + represented as string. + x-kubernetes-int-or-string: true + required: + - limit + - percentage + type: object + type: object + type: array + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml index 71b6e7ba2..76fd21dfc 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayinstances.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshgatewayinstances.kuma.io spec: @@ -51,6 +51,26 @@ spec: description: Resources specifies the compute resources for the proxy container. The default can be set in the control plane config. properties: + claims: + description: "Claims lists the names of resources, defined in + spec.resourceClaims, that are used by this container. \n This + is an alpha field and requires enabling the DynamicResourceAllocation + feature gate. \n This field is immutable." + items: + description: ResourceClaim references one entry in PodSpec.ResourceClaims. + properties: + name: + description: Name must match the name of one entry in pod.spec.resourceClaims + of the Pod where this field is used. It makes that resource + available inside a container. + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map limits: additionalProperties: anyOf: diff --git a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml index 217572cf0..843dec889 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgatewayroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshgatewayroutes.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml index f34fa7acf..73135c196 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshgateways.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshgateways.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml new file mode 100644 index 000000000..4eafcbe76 --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshhealthchecks.yaml @@ -0,0 +1,303 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshhealthchecks.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHealthCheck + listKind: MeshHealthCheckList + plural: meshhealthchecks + singular: meshhealthcheck + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHealthCheck resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + alwaysLogHealthCheckFailures: + description: If set to true, health check failure events + will always be logged. If set to false, only the initial + health check failure event will be logged. The default + value is false. + type: boolean + eventLogPath: + description: Specifies the path to the file where Envoy + can log health check events. If empty, no event log will + be written. + type: string + failTrafficOnPanic: + description: If set to true, Envoy will not consider any + hosts when the cluster is in 'panic mode'. Instead, the + cluster will fail all requests as if all hosts are unhealthy. + This can help avoid potentially overwhelming a failing + service. + type: boolean + grpc: + description: GrpcHealthCheck defines gRPC configuration + which will instruct the service the health check will + be made for is a gRPC service. + properties: + authority: + description: The value of the :authority header in the + gRPC health check request, by default name of the + cluster this health check is associated with + type: string + disabled: + description: If true the GrpcHealthCheck is disabled + type: boolean + serviceName: + description: Service name parameter which will be sent + to gRPC service + type: string + type: object + healthyPanicThreshold: + anyOf: + - type: integer + - type: string + description: Allows to configure panic threshold for Envoy + cluster. If not specified, the default is 50%. To disable + panic mode, set to 0%. Either int or decimal represented + as string. + x-kubernetes-int-or-string: true + healthyThreshold: + default: 1 + description: Number of consecutive healthy checks before + considering a host healthy. + format: int32 + type: integer + http: + description: HttpHealthCheck defines HTTP configuration + which will instruct the service the health check will + be made for is an HTTP service. + properties: + disabled: + description: If true the HttpHealthCheck is disabled + type: boolean + expectedStatuses: + description: List of HTTP response statuses which are + considered healthy + items: + format: int32 + type: integer + type: array + path: + default: / + description: The HTTP path which will be requested during + the health check (ie. /health) + type: string + requestHeadersToAdd: + description: The list of HTTP headers which should be + added to each health check request + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: object + initialJitter: + description: If specified, Envoy will start health checking + after a random time in ms between 0 and initialJitter. + This only applies to the first health check. + type: string + interval: + default: 1m + description: Interval between consecutive health checks. + type: string + intervalJitter: + description: If specified, during every interval Envoy will + add IntervalJitter to the wait time. + type: string + intervalJitterPercent: + description: If specified, during every interval Envoy will + add IntervalJitter * IntervalJitterPercent / 100 to the + wait time. If IntervalJitter and IntervalJitterPercent + are both set, both of them will be used to increase the + wait time. + format: int32 + type: integer + noTrafficInterval: + description: The "no traffic interval" is a special health + check interval that is used when a cluster has never had + traffic routed to it. This lower interval allows cluster + information to be kept up to date, without sending a potentially + large amount of active health checking traffic for no + reason. Once a cluster has been used for traffic routing, + Envoy will shift back to using the standard health check + interval that is defined. Note that this interval takes + precedence over any other. The default value for "no traffic + interval" is 60 seconds. + type: string + reuseConnection: + description: Reuse health check connection between health + checks. Default is true. + type: boolean + tcp: + description: TcpHealthCheck defines configuration for specifying + bytes to send and expected response during the health + check + properties: + disabled: + description: If true the TcpHealthCheck is disabled + type: boolean + receive: + description: List of Base64 encoded blocks of strings + expected as a response. When checking the response, + "fuzzy" matching is performed such that each block + must be found, and in the order specified, but not + necessarily contiguous. If not provided or empty, + checks will be performed as "connect only" and be + marked as successful when TCP connection is successfully + established. + items: + type: string + type: array + send: + description: Base64 encoded content of the message which + will be sent during the health check to the target + type: string + type: object + timeout: + default: 15s + description: Maximum time to wait for a health check response. + type: string + unhealthyThreshold: + default: 5 + description: Number of consecutive unhealthy checks before + considering a host unhealthy. + format: int32 + type: integer + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml new file mode 100644 index 000000000..f9245237c --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshhttproutes.yaml @@ -0,0 +1,403 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshhttproutes.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshHTTPRoute + listKind: MeshHTTPRouteList + plural: meshhttproutes + singular: meshhttproute + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshHTTPRoute resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To matches destination services of requests and holds + configuration. + items: + properties: + rules: + description: Rules contains the routing rules applies to a combination + of top-level targetRef and the targetRef in this entry. + items: + properties: + default: + description: Default holds routing rules that can be merged + with rules from other policies. + properties: + backendRefs: + items: + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use + to identify cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. + Can only be used with kinds: `MeshService`, + `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of + proxies by tags. Can only be used with kinds + `MeshSubset` and `MeshServiceSubset` + type: object + weight: + minimum: 0 + type: integer + type: object + type: array + filters: + items: + properties: + requestHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + requestRedirect: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + port: + description: Port is the port to be used + in the value of the `Location` header + in the response. When empty, port (if + specified) of the request is used. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + scheme: + enum: + - http + - https + type: string + statusCode: + default: 302 + description: StatusCode is the HTTP status + code to be used in response. + enum: + - 301 + - 302 + - 303 + - 307 + - 308 + type: integer + type: object + responseHeaderModifier: + description: Only one action is supported per + header name. Configuration to set or add multiple + values for a header must use RFC 7230 header + value formatting, separating each value with + a comma. + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + remove: + items: + type: string + maxItems: 16 + type: array + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + type: + enum: + - RequestHeaderModifier + - ResponseHeaderModifier + - RequestRedirect + - URLRewrite + type: string + urlRewrite: + properties: + hostname: + description: "PreciseHostname is the fully + qualified domain name of a network host. + This matches the RFC 1123 definition of + a hostname with 1 notable exception that + numeric IP addresses are not allowed. + \n Note that as per RFC1035 and RFC1123, + a *label* must consist of lower case alphanumeric + characters or '-', and must start and + end with an alphanumeric character. No + other punctuation is allowed." + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + path: + properties: + replaceFullPath: + type: string + replacePrefixMatch: + type: string + type: + enum: + - ReplaceFullPath + - ReplacePrefixMatch + type: string + required: + - type + type: object + type: object + required: + - type + type: object + type: array + type: object + matches: + items: + properties: + method: + enum: + - CONNECT + - DELETE + - GET + - HEAD + - OPTIONS + - PATCH + - POST + - PUT + - TRACE + type: string + path: + properties: + type: + enum: + - Exact + - Prefix + - RegularExpression + type: string + value: + description: Exact or prefix matches must be + an absolute path. A prefix matches only if + separated by a slash or the entire path. + minLength: 1 + type: string + required: + - type + - value + type: object + queryParams: + description: QueryParams matches based on HTTP URL + query parameters. Multiple matches are ANDed together + such that all listed matches must succeed. + items: + properties: + name: + minLength: 1 + type: string + type: + enum: + - Exact + - RegularExpression + type: string + value: + type: string + required: + - name + - type + - value + type: object + type: array + type: object + type: array + required: + - default + - matches + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource that represents + a group of request destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml index 86bf21612..1581092d5 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshinsights.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml new file mode 100644 index 000000000..19478a4b6 --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshproxypatches.yaml @@ -0,0 +1,343 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshproxypatches.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshProxyPatch + listKind: MeshProxyPatchList + plural: meshproxypatches + singular: meshproxypatch + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshProxyPatch resource. + properties: + default: + description: Default is a configuration specific to the group of destinations + referenced in 'targetRef'. + properties: + appendModifications: + description: AppendModifications is a list of modifications applied + on the selected proxy. + items: + properties: + cluster: + description: Cluster is a modification of Envoy's Cluster + resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the cluster to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched cluster. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + httpFilter: + description: HTTPFilter is a modification of Envoy HTTP + Filter available in HTTP Connection Manager in a Listener + resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the HTTP filter. For example + "envoy.filters.http.local_ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + listener: + description: Listener is a modification of Envoy's Listener + resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the listener to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + tags: + additionalProperties: + type: string + description: Tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + networkFilter: + description: NetworkFilter is a modification of Envoy Listener's + filter. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + listenerName: + description: Name of the listener to match. + type: string + listenerTags: + additionalProperties: + type: string + description: Listener tags available in Listener#Metadata#FilterMetadata[io.kuma.tags] + type: object + name: + description: Name of the network filter. For example + "envoy.filters.network.ratelimit" + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Remove + - Patch + - AddFirst + - AddBefore + - AddAfter + - AddLast + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - operation + type: object + virtualHost: + description: VirtualHost is a modification of Envoy's VirtualHost + referenced in HTTP Connection Manager in a Listener resource. + properties: + match: + description: Match is a set of conditions that have + to be matched for modification operation to happen. + properties: + name: + description: Name of the VirtualHost to match. + type: string + origin: + description: "Origin is the name of the component + or plugin that generated the resource. \n Here + is the list of well-known origins: inbound - resources + generated for handling incoming traffic. outbound + - resources generated for handling outgoing traffic. + transparent - resources generated for transparent + proxy functionality. prometheus - resources generated + when Prometheus metrics are enabled. direct-access + - resources generated for Direct Access functionality. + ingress - resources generated for Zone Ingress. + egress - resources generated for Zone Egress. + gateway - resources generated for MeshGateway. + \n The list is not complete, because policy plugins + can introduce new resources. For example MeshTrace + plugin can create Cluster with \"mesh-trace\" + origin." + type: string + routeConfigurationName: + description: Name of the RouteConfiguration resource + to match. + type: string + type: object + operation: + description: Operation to execute on matched listener. + enum: + - Add + - Remove + - Patch + type: string + value: + description: Value of xDS resource in YAML format to + add or patch. + type: string + required: + - match + - operation + type: object + type: object + type: array + required: + - appendModifications + type: object + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - default + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml new file mode 100644 index 000000000..99b92ea73 --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshratelimits.yaml @@ -0,0 +1,227 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshratelimits.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRateLimit + listKind: MeshRateLimitList + plural: meshratelimits + singular: meshratelimit + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRateLimit resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + local: + description: LocalConf defines local http or/and tcp rate + limit configuration + properties: + http: + description: LocalHTTP defines confguration of local + HTTP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/local_rate_limit_filter + properties: + disabled: + description: Define if rate limiting should be disabled. + type: boolean + onRateLimit: + description: Describes the actions to take on a + rate limit event + properties: + headers: + description: The Headers to be added to the + HTTP response on a rate limit event + properties: + add: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + set: + items: + properties: + name: + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + value: + type: string + required: + - name + - value + type: object + maxItems: 16 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: The HTTP status code to be set + on a rate limit event + format: int32 + type: integer + type: object + requestRate: + description: Defines how many requests are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + type: object + tcp: + description: LocalTCP defines confguration of local + TCP rate limiting https://www.envoyproxy.io/docs/envoy/latest/configuration/listeners/network_filters/local_rate_limit_filter + properties: + connectionRate: + description: Defines how many connections are allowed + per interval. + properties: + interval: + description: The interval the number of units + is accounted for. + type: string + num: + description: Number of units per interval (depending + on usage it can be a number of requests, or + a number of connections). + format: int32 + type: integer + required: + - interval + - num + type: object + disabled: + description: 'Define if rate limiting should be + disabled. Default: false' + type: boolean + type: object + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshretries.yaml b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml new file mode 100644 index 000000000..9f8d950f0 --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshretries.yaml @@ -0,0 +1,362 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshretries.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshRetry + listKind: MeshRetryList + plural: meshretries + singular: meshretry + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshRetry resource. + properties: + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + grpc: + description: GRPC defines a configuration of retries for + GRPC traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries. + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests. + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [Canceled, + DeadlineExceeded, Internal, ResourceExhausted, Unavailable].' + items: + type: string + type: array + type: object + http: + description: HTTP defines a configuration of retries for + HTTP traffic + properties: + backOff: + description: BackOff is a configuration of durations + which will be used in exponential backoff strategy + between retries + properties: + baseInterval: + description: BaseInterval is an amount of time which + should be taken between retries. Must be greater + than zero. Values less than 1 ms are rounded up + to 1 ms. Default is 25ms. + type: string + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 10 times the "BaseInterval". + type: string + type: object + numRetries: + description: NumRetries is the number of attempts that + will be made on failed (and retriable) requests + format: int32 + type: integer + perTryTimeout: + description: PerTryTimeout is the amount of time after + which retry attempt should timeout. Setting this timeout + to 0 will disable it. Default is 15s. + type: string + rateLimitedBackOff: + description: RateLimitedBackOff is a configuration of + backoff which will be used when the upstream returns + one of the headers configured. + properties: + maxInterval: + description: MaxInterval is a maximal amount of + time which will be taken between retries. Default + is 300 seconds. + type: string + resetHeaders: + description: ResetHeaders specifies the list of + headers (like Retry-After or X-RateLimit-Reset) + to match against the response. Headers are tried + in order, and matched case-insensitive. The first + header to be parsed successfully is used. If no + headers match the default exponential BackOff + is used instead. + items: + properties: + format: + description: The format of the reset header, + either Seconds or UnixTimestamp. + enum: + - Seconds + - UnixTimestamp + type: string + name: + description: The Name of the reset header. + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + required: + - format + - name + type: object + type: array + type: object + retriableRequestHeaders: + description: RetriableRequestHeaders is an HTTP headers + which must be present in the request for retries to + be attempted. + items: + description: HTTPHeaderMatch describes how to select + a HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + - value + type: object + type: array + retriableResponseHeaders: + description: RetriableResponseHeaders is an HTTP response + headers that trigger a retry if present in the response. + A retry will be triggered if any of the header matches + match the upstream response headers. + items: + description: HTTPHeaderMatch describes how to select + a HTTP route by matching HTTP request headers. + properties: + name: + description: Name is the name of the HTTP Header + to be matched. Name MUST be lower case as they + will be handled with case insensitivity (See + https://tools.ietf.org/html/rfc7230#section-3.2). + maxLength: 256 + minLength: 1 + pattern: ^[a-z0-9!#$%&'*+\-.^_\x60|~]+$ + type: string + type: + default: Exact + description: Type specifies how to match against + the value of the header. + enum: + - Exact + - Present + - RegularExpression + - Absent + - Prefix + type: string + value: + description: Value is the value of HTTP Header + to be matched. + type: string + required: + - name + - value + type: object + type: array + retryOn: + description: 'RetryOn is a list of conditions which + will cause a retry. Available values are: [5XX, GatewayError, + Reset, Retriable4xx, ConnectFailure, EnvoyRatelimited, + RefusedStream, Http3PostConnectFailure, HttpMethodConnect, + HttpMethodDelete, HttpMethodGet, HttpMethodHead, HttpMethodOptions, + HttpMethodPatch, HttpMethodPost, HttpMethodPut, HttpMethodTrace]. + Also, any HTTP status code (500, 503, etc).' + items: + type: string + type: array + type: object + tcp: + description: TCP defines a configuration of retries for + TCP traffic + properties: + maxConnectAttempt: + description: MaxConnectAttempt is a maximal amount of + TCP connection attempts which will be made before + giving up + format: int32 + type: integer + type: object + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml new file mode 100644 index 000000000..da628f22e --- /dev/null +++ b/charts/kuma/kuma/crds/kuma.io_meshtimeouts.yaml @@ -0,0 +1,243 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.11.1 + creationTimestamp: null + name: meshtimeouts.kuma.io +spec: + group: kuma.io + names: + categories: + - kuma + kind: MeshTimeout + listKind: MeshTimeoutList + plural: meshtimeouts + singular: meshtimeout + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec is the specification of the Kuma MeshTimeout resource. + properties: + from: + description: From list makes a match between clients and corresponding + configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of clients referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of clients. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + targetRef: + description: TargetRef is a reference to the resource the policy takes + an effect on. The resource could be either a real store object or + virtual resource defined inplace. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify cross + mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only be used + with kinds: `MeshService`, `MeshServiceSubset` and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by tags. + Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + to: + description: To list makes a match between the consumed services and + corresponding configurations + items: + properties: + default: + description: Default is a configuration specific to the group + of destinations referenced in 'targetRef' + properties: + connectionTimeout: + description: ConnectionTimeout specifies the amount of time + proxy will wait for an TCP connection to be established. + Default value is 5 seconds. Cannot be set to 0. + type: string + http: + description: Http provides configuration for HTTP specific + timeouts + properties: + maxConnectionDuration: + description: MaxConnectionDuration is the time after + which a connection will be drained and/or closed, + starting from when it was first established. Setting + this timeout to 0 will disable it. Disabled by default. + type: string + maxStreamDuration: + description: MaxStreamDuration is the maximum time that + a stream’s lifetime will span. Setting this timeout + to 0 will disable it. Disabled by default. + type: string + requestTimeout: + description: RequestTimeout The amount of time that + proxy will wait for the entire request to be received. + The timer is activated when the request is initiated, + and is disarmed when the last byte of the request + is sent, OR when the response is initiated. Setting + this timeout to 0 will disable it. Default is 15s. + type: string + streamIdleTimeout: + description: StreamIdleTimeout is the amount of time + that proxy will allow a stream to exist with no activity. + Setting this timeout to 0 will disable it. Default + is 30m + type: string + type: object + idleTimeout: + description: IdleTimeout is defined as the period in which + there are no bytes sent or received on connection Setting + this timeout to 0 will disable it. Be cautious when disabling + it because it can lead to connection leaking. Default + value is 1h. + type: string + type: object + targetRef: + description: TargetRef is a reference to the resource that represents + a group of destinations. + properties: + kind: + description: Kind of the referenced resource + enum: + - Mesh + - MeshSubset + - MeshService + - MeshServiceSubset + - MeshGatewayRoute + type: string + mesh: + description: Mesh is reserved for future use to identify + cross mesh resources. + type: string + name: + description: 'Name of the referenced resource. Can only + be used with kinds: `MeshService`, `MeshServiceSubset` + and `MeshGatewayRoute`' + type: string + tags: + additionalProperties: + type: string + description: Tags used to select a subset of proxies by + tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` + type: object + type: object + required: + - targetRef + type: object + type: array + required: + - targetRef + type: object + type: object + served: true + storage: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml index 9aff71fa3..69fbf29e5 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtraces.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshtraces.kuma.io spec: @@ -64,13 +64,19 @@ spec: description: Address of Datadog collector, only host and port are allowed (no paths, fragments etc.) type: string + required: + - url type: object zipkin: description: Zipkin backend configuration. properties: apiVersion: + default: httpJson description: 'Version of the API. values: httpJson, httpProto. Default: httpJson see https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/trace/v3/zipkin.proto#L66' + enum: + - httpJson + - httpProto type: string sharedSpanContext: description: 'Determines whether client and server spans @@ -82,9 +88,10 @@ spec: url: description: Address of Zipkin collector. type: string + required: + - url type: object type: object - nullable: true type: array sampling: description: Sampling configuration. Sampling is the process by @@ -92,12 +99,18 @@ spec: or not. properties: client: + anyOf: + - type: integer + - type: string description: 'Target percentage of requests that will be force traced if the ''x-client-trace-id'' header is set. Default: - 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133' - format: int32 - type: integer + 100% Mirror of client_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L127-L133 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true overall: + anyOf: + - type: integer + - type: string description: 'Target percentage of requests will be traced after all other sampling checks have been applied (client, force tracing, random sampling). This field functions as @@ -105,16 +118,19 @@ spec: instance, setting client_sampling to 100% but overall_sampling to 1% will result in only 1% of client requests with the appropriate headers to be force traced. Default: 100% Mirror - of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150' - format: int32 - type: integer + of overall_sampling in Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L142-L150 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true random: + anyOf: + - type: integer + - type: string description: 'Target percentage of requests that will be randomly selected for trace generation, if not requested by the client or not forced. Default: 100% Mirror of random_sampling in - Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140' - format: int32 - type: integer + Envoy https://github.com/envoyproxy/envoy/blob/v1.22.0/api/envoy/config/filter/network/http_connection_manager/v2/http_connection_manager.proto#L135-L140 + Either int or decimal represented as string.' + x-kubernetes-int-or-string: true type: object tags: description: Custom tags configuration. You can add custom tags @@ -134,6 +150,8 @@ spec: name: description: Name of the header. type: string + required: + - name type: object literal: description: Tag taken from literal value. @@ -141,8 +159,9 @@ spec: name: description: Name of the tag. type: string + required: + - name type: object - nullable: true type: array type: object targetRef: @@ -174,6 +193,8 @@ spec: Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object type: object + required: + - targetRef type: object type: object served: true diff --git a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml index e3b161779..02f3882e4 100644 --- a/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml +++ b/charts/kuma/kuma/crds/kuma.io_meshtrafficpermissions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: meshtrafficpermissions.kuma.io spec: @@ -50,9 +50,9 @@ spec: description: 'Action defines a behavior for the specified group of clients:' enum: - - ALLOW - - DENY - - ALLOW_WITH_SHADOW_DENY + - Allow + - Deny + - AllowWithShadowDeny type: string type: object targetRef: @@ -84,6 +84,8 @@ spec: tags. Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object type: object + required: + - targetRef type: object type: array targetRef: @@ -115,6 +117,8 @@ spec: Can only be used with kinds `MeshSubset` and `MeshServiceSubset` type: object type: object + required: + - targetRef type: object type: object served: true diff --git a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml index 799806772..2aeae6078 100644 --- a/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml +++ b/charts/kuma/kuma/crds/kuma.io_proxytemplates.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: proxytemplates.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml index 899c46003..7c50a9dd1 100644 --- a/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml +++ b/charts/kuma/kuma/crds/kuma.io_ratelimits.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: ratelimits.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_retries.yaml b/charts/kuma/kuma/crds/kuma.io_retries.yaml index ef2bee871..e2b50cc9f 100644 --- a/charts/kuma/kuma/crds/kuma.io_retries.yaml +++ b/charts/kuma/kuma/crds/kuma.io_retries.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: retries.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml index 9e44aef59..ba266b6ff 100644 --- a/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_serviceinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: serviceinsights.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml index 7b0cb5659..268eec1e4 100644 --- a/charts/kuma/kuma/crds/kuma.io_timeouts.yaml +++ b/charts/kuma/kuma/crds/kuma.io_timeouts.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: timeouts.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml index d1dbd032c..50a7c23b9 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficlogs.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: trafficlogs.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml index 7cb6a6fa3..74e9ac557 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficpermissions.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: trafficpermissions.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml index 5b4dca9ce..5f539139f 100644 --- a/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml +++ b/charts/kuma/kuma/crds/kuma.io_trafficroutes.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: trafficroutes.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml index eeaf34613..8c09731c0 100644 --- a/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml +++ b/charts/kuma/kuma/crds/kuma.io_traffictraces.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: traffictraces.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml index 99e8caaf3..241a24648 100644 --- a/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml +++ b/charts/kuma/kuma/crds/kuma.io_virtualoutbounds.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: virtualoutbounds.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml index 5d99a9fee..38eb83ee1 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneegresses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: zoneegresses.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml index 4b390ca5a..76c36f737 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneegressinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: zoneegressinsights.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml index 083590670..41b2928e6 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneingresses.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: zoneingresses.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml index c8dfec19c..1898e0aec 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneingressinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: zoneingressinsights.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml index 52183838f..9d5237d86 100644 --- a/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zoneinsights.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: zoneinsights.kuma.io spec: diff --git a/charts/kuma/kuma/crds/kuma.io_zones.yaml b/charts/kuma/kuma/crds/kuma.io_zones.yaml index 79dd3d815..40970ab6a 100644 --- a/charts/kuma/kuma/crds/kuma.io_zones.yaml +++ b/charts/kuma/kuma/crds/kuma.io_zones.yaml @@ -3,7 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 creationTimestamp: null name: zones.kuma.io spec: diff --git a/charts/kuma/kuma/templates/_helpers.tpl b/charts/kuma/kuma/templates/_helpers.tpl index 2e47ec350..d5589bc17 100644 --- a/charts/kuma/kuma/templates/_helpers.tpl +++ b/charts/kuma/kuma/templates/_helpers.tpl @@ -169,6 +169,9 @@ returns: formatted image string {{- printf "%s/%s:%s" $registry $repo $tag -}} {{- end -}} +{{- define "kuma.parentEnv" -}} +{{- end -}} + {{- define "kuma.defaultEnv" -}} {{ if not (or (eq .Values.controlPlane.mode "zone") (eq .Values.controlPlane.mode "global") (eq .Values.controlPlane.mode "standalone")) }} {{ $msg := printf "controlPlane.mode invalid got:'%s' supported values: global,zone,standalone" .Values.controlPlane.mode }} @@ -196,6 +199,7 @@ returns: formatted image string {{ end }} {{ end }} env: +{{ include "kuma.parentEnv" . }} - name: KUMA_ENVIRONMENT value: "kubernetes" - name: KUMA_STORE_TYPE diff --git a/charts/kuma/kuma/templates/cni-daemonset.yaml b/charts/kuma/kuma/templates/cni-daemonset.yaml index 16193bce5..df4161ba8 100644 --- a/charts/kuma/kuma/templates/cni-daemonset.yaml +++ b/charts/kuma/kuma/templates/cni-daemonset.yaml @@ -32,6 +32,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.cni.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} hostNetwork: true tolerations: # Make sure kuma-cni-node gets scheduled on all nodes. @@ -61,7 +65,7 @@ spec: command: - cat - /tmp/ready - command: [ "/bin/sh", "-c", "--" ] + command: [ "sh", "-c", "--" ] args: [ "sleep {{.Values.cni.delayStartupSeconds}} && exec /install-cni" ] {{- else if .Values.experimental.ebpf.enabled }} {{- with .Values.cni.experimental.imageEbpf }} diff --git a/charts/kuma/kuma/templates/cp-deployment.yaml b/charts/kuma/kuma/templates/cp-deployment.yaml index ef39087bd..a2cbaff7c 100644 --- a/charts/kuma/kuma/templates/cp-deployment.yaml +++ b/charts/kuma/kuma/templates/cp-deployment.yaml @@ -58,6 +58,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.controlPlane.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} hostNetwork: {{ .Values.controlPlane.hostNetwork }} terminationGracePeriodSeconds: {{ .Values.controlPlane.terminationGracePeriodSeconds }} containers: @@ -88,10 +92,10 @@ spec: name: {{ $element.Secret }} key: {{ $element.Key }} {{- end }} - - name: POD_NAME + - name: KUMA_INTER_CP_CATALOG_INSTANCE_ADDRESS valueFrom: fieldRef: - fieldPath: metadata.name + fieldPath: status.podIP args: - run - --log-level={{ .Values.controlPlane.logLevel }} diff --git a/charts/kuma/kuma/templates/cp-rbac.yaml b/charts/kuma/kuma/templates/cp-rbac.yaml index 75ef172c5..7285c5a17 100644 --- a/charts/kuma/kuma/templates/cp-rbac.yaml +++ b/charts/kuma/kuma/templates/cp-rbac.yaml @@ -35,6 +35,7 @@ rules: - "apps" resources: - deployments + - replicasets verbs: - create - delete @@ -43,6 +44,14 @@ rules: - patch - update - watch + - apiGroups: + - "batch" + resources: + - jobs + verbs: + - get + - list + - watch - apiGroups: - gateway.networking.k8s.io resources: @@ -133,7 +142,7 @@ rules: {{- if .Values.experimental.gatewayAPI }} - meshgatewayconfigs {{- end }} - {{- range $idx, $policy := .Values.plugins.policies }} + {{- range $policy, $empty := .Values.plugins.policies }} - {{ $policy }} {{- end}} verbs: diff --git a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml index 5c66b039d..5da8b1f3b 100644 --- a/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml +++ b/charts/kuma/kuma/templates/cp-webhooks-and-secrets.yaml @@ -73,7 +73,7 @@ webhooks: - UPDATE resources: - meshes - {{- range $idx, $policy := .Values.plugins.policies }} + {{- range $policy, $empty := .Values.plugins.policies }} - {{ $policy }} {{- end}} sideEffects: None @@ -109,7 +109,7 @@ webhooks: - trafficroutes - traffictraces - virtualoutbounds - {{- range $idx, $policy := .Values.plugins.policies }} + {{- range $policy, $empty := .Values.plugins.policies }} - {{ $policy }} {{- end}} {{ .Values.controlPlane.webhooks.ownerReference.additionalRules | nindent 6 }} @@ -225,7 +225,7 @@ webhooks: - virtualoutbounds - zones - containerpatches - {{- range $idx, $policy := .Values.plugins.policies }} + {{- range $policy, $empty := .Values.plugins.policies }} - {{ $policy }} {{- end}} {{ .Values.controlPlane.webhooks.validator.additionalRules | nindent 6 }} diff --git a/charts/kuma/kuma/templates/egress-deployment.yaml b/charts/kuma/kuma/templates/egress-deployment.yaml index f8d8493ac..6b7b65a94 100644 --- a/charts/kuma/kuma/templates/egress-deployment.yaml +++ b/charts/kuma/kuma/templates/egress-deployment.yaml @@ -42,6 +42,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.egress.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} containers: - name: egress image: {{ include "kuma.formatImage" (dict "image" .Values.dataPlane.image "root" $) | quote }} diff --git a/charts/kuma/kuma/templates/ingress-deployment.yaml b/charts/kuma/kuma/templates/ingress-deployment.yaml index f3e01ac0c..a66985f1e 100644 --- a/charts/kuma/kuma/templates/ingress-deployment.yaml +++ b/charts/kuma/kuma/templates/ingress-deployment.yaml @@ -42,6 +42,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.ingress.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.ingress.terminationGracePeriodSeconds }} containers: - name: ingress diff --git a/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml b/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml index 07ac05ee7..daee57c17 100644 --- a/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml +++ b/charts/kuma/kuma/templates/post-delete-cleanup-ebpf-job.yaml @@ -92,6 +92,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hooks.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} restartPolicy: OnFailure {{- if .Values.hooks.podSecurityContext }} securityContext: diff --git a/charts/kuma/kuma/templates/pre-delete-webhooks.yaml b/charts/kuma/kuma/templates/pre-delete-webhooks.yaml index ed5113962..858cc31fc 100644 --- a/charts/kuma/kuma/templates/pre-delete-webhooks.yaml +++ b/charts/kuma/kuma/templates/pre-delete-webhooks.yaml @@ -80,6 +80,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hooks.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} restartPolicy: OnFailure {{- if .Values.hooks.podSecurityContext }} securityContext: diff --git a/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml b/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml index 9b5cfdc09..9f38fb4de 100644 --- a/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml +++ b/charts/kuma/kuma/templates/pre-install-patch-namespace-job.yaml @@ -81,6 +81,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hooks.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} restartPolicy: OnFailure {{- if .Values.hooks.podSecurityContext }} securityContext: diff --git a/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml b/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml index d0e577b96..7a864b753 100644 --- a/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml +++ b/charts/kuma/kuma/templates/pre-upgrade-install-missing-crds-job.yaml @@ -79,8 +79,6 @@ data: echo "/kuma/missing/crds.yaml not found or empty, it looks like there is no missing crds" fi save_missing_crds.sh: | - #!/usr/bin/env sh - missing_crds="$(kumactl install crds --only-missing {{ if .Values.experimental.gatewayAPI }}--experimental-gatewayapi{{end}})" if [ -n "${missing_crds}" ]; then @@ -110,6 +108,10 @@ spec: nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} + {{- with .Values.hooks.tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} restartPolicy: OnFailure {{- if .Values.hooks.podSecurityContext }} securityContext: @@ -158,7 +160,7 @@ spec: - mountPath: /kuma/scripts name: scripts readOnly: true - command: + args: - '/kuma/scripts/save_missing_crds.sh' volumes: - name: scripts diff --git a/charts/kuma/kuma/values.yaml b/charts/kuma/kuma/values.yaml index 3680a429d..2bbb39963 100644 --- a/charts/kuma/kuma/values.yaml +++ b/charts/kuma/kuma/values.yaml @@ -64,6 +64,9 @@ controlPlane: nodeSelector: kubernetes.io/os: linux + # -- Tolerations for the Kuma Control Plane pods + tolerations: [] + podDisruptionBudget: # -- Whether to create a pod disruption budget enabled: false @@ -311,6 +314,8 @@ cni: # -- Node Selector for the CNI pods nodeSelector: kubernetes.io/os: linux + # -- Tolerations for the CNI pods + tolerations: [] # -- Additional pod annotations podAnnotations: { } @@ -453,7 +458,8 @@ ingress: # -- Node Selector for the Ingress pods nodeSelector: kubernetes.io/os: linux - + # -- Tolerations for the Ingress pods + tolerations: [] podDisruptionBudget: # -- Whether to create a pod disruption budget enabled: false @@ -564,7 +570,8 @@ egress: # -- Node Selector for the Egress pods nodeSelector: kubernetes.io/os: linux - + # -- Tolerations for the Egress pods + tolerations: [] podDisruptionBudget: # -- Whether to create a pod disruption budget enabled: false @@ -644,7 +651,8 @@ hooks: # -- Node selector for the HELM hooks nodeSelector: kubernetes.io/os: linux - + # -- Tolerations for the HELM hooks + tolerations: [] # -- Security context at the pod level for crd/webhook/ns podSecurityContext: {} # # The values below are examples. More values can be added as needed, since the field resolves as free form. @@ -694,6 +702,14 @@ experimental: # @ignored for helm-docs plugins: policies: - - meshaccesslogs - - meshtraces - - meshtrafficpermissions + meshaccesslogs: {} + meshcircuitbreakers: {} + meshfaultinjections: {} + meshhealthchecks: {} + meshhttproutes: {} + meshproxypatches: {} + meshratelimits: {} + meshretries: {} + meshtimeouts: {} + meshtraces: {} + meshtrafficpermissions: {} diff --git a/charts/mongodb/community-operator/Chart.lock b/charts/mongodb/community-operator/Chart.lock index 1451b07ca..08e8e21f5 100644 --- a/charts/mongodb/community-operator/Chart.lock +++ b/charts/mongodb/community-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: community-operator-crds repository: https://mongodb.github.io/helm-charts - version: 0.7.7 -digest: sha256:b9572658c463827912234b6e4837f9b30ddad7b7e4759283eee4eea98991aad5 -generated: "2023-01-10T16:44:14.781274016Z" + version: 0.7.8 +digest: sha256:8e7705672eefdf0c4d53629c122d643a5aad42c26c85171d089a268e5f140186 +generated: "2023-01-30T12:57:52.51061305Z" diff --git a/charts/mongodb/community-operator/Chart.yaml b/charts/mongodb/community-operator/Chart.yaml index 924817a27..c7be6349c 100644 --- a/charts/mongodb/community-operator/Chart.yaml +++ b/charts/mongodb/community-operator/Chart.yaml @@ -4,12 +4,12 @@ annotations: catalog.cattle.io/kube-version: '>=1.16-0' catalog.cattle.io/release-name: community-operator apiVersion: v2 -appVersion: 0.7.7 +appVersion: 0.7.8 dependencies: - condition: community-operator-crds.enabled name: community-operator-crds repository: file://./charts/community-operator-crds - version: 0.7.7 + version: 0.7.8 description: MongoDB Kubernetes Community Operator home: https://github.com/mongodb/mongodb-kubernetes-operator icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png @@ -23,4 +23,4 @@ maintainers: name: MongoDB name: community-operator type: application -version: 0.7.7 +version: 0.7.8 diff --git a/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml b/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml index 920da6c21..bed14d1da 100644 --- a/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml +++ b/charts/mongodb/community-operator/charts/community-operator-crds/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: 0.7.7 +appVersion: 0.7.8 description: MongoDB Kubernetes Community Operator - CRDs home: https://github.com/mongodb/mongodb-kubernetes-operator icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png @@ -13,4 +13,4 @@ maintainers: name: MongoDB name: community-operator-crds type: application -version: 0.7.7 +version: 0.7.8 diff --git a/charts/mongodb/community-operator/values.yaml b/charts/mongodb/community-operator/values.yaml index e19fbdc20..9f2f8c482 100644 --- a/charts/mongodb/community-operator/values.yaml +++ b/charts/mongodb/community-operator/values.yaml @@ -11,7 +11,7 @@ operator: deploymentName: mongodb-kubernetes-operator # Version of mongodb-kubernetes-operator - version: 0.7.6 + version: 0.7.8 # Uncomment this line to watch all namespaces # watchNamespace: "*" diff --git a/charts/nats/nats/Chart.yaml b/charts/nats/nats/Chart.yaml index c60e8f324..04757d42a 100644 --- a/charts/nats/nats/Chart.yaml +++ b/charts/nats/nats/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>=1.16-0' catalog.cattle.io/release-name: nats apiVersion: v2 -appVersion: 2.9.11-alpine +appVersion: 2.9.12-alpine description: A Helm chart for the NATS.io High Speed Cloud Native Distributed Communications Technology. home: http://github.com/nats-io/k8s @@ -24,4 +24,4 @@ maintainers: name: Caleb Lloyd url: https://github.com/caleblloyd name: nats -version: 0.19.5 +version: 0.19.8 diff --git a/charts/nats/nats/README.md b/charts/nats/nats/README.md index 59252866f..5c8aed206 100644 --- a/charts/nats/nats/README.md +++ b/charts/nats/nats/README.md @@ -73,6 +73,15 @@ nats: terminationGracePeriodSeconds: 60 ``` +#### Setting Go Memory Limit (Recommended) + +Since NATS Server v2.9 release, it is possible to use the `GOMEMLIMIT` environment variable to signal memory limits to the Go runtime (which is by default unaware of cgroups memory limits). You should set this to about 90% of the intended available memory resources for the NATS Server container. + +```yaml +nats: + gomemlimit: "4GiB" +``` + ### Logging *Note*: It is not recommended to enable trace or debug in production since enabling it will significantly degrade performance. @@ -699,6 +708,48 @@ natsbox: # key: sys.creds ``` +You can also add volumes to nats-box, for example given a PVC like: + +```yaml +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: nsc-pvc +spec: + accessModes: + - ReadWriteOnce + volumeMode: Filesystem + resources: + requests: + storage: 1Gi +``` + +You can give state to nats-box by using the `extraVolumes` and `extraVolumeMounts` options: + +```yaml +natsbox: + enabled: true + extraVolumes: + - name: nsc + persistentVolumeClaim: + claimName: nsc-pvc + extraVolumeMounts: + - mountPath: /nsc + name: nsc +``` + +example: + +```sh +$ helm install nats-nsc nats/nats -f examples/nats-box-persistent.yaml +$ kubectl exec -it deployment/nats-nsc-box -- /bin/sh + +# cd /nsc +/nsc # curl -fSl https://nats-io.github.io/k8s/setup/nsc-setup.sh | sh +/nsc # source .nsc.env +/nsc # nsc list accounts +``` + ### Configuration Checksum A configuration checksum annotation is enabled by default on StatefulSet Pods in order to force a rollout when the NATS configuration changes. This checksum is only applied by `helm` commands, and will not change if configuration is modified outside of setting `helm` values. diff --git a/charts/nats/nats/templates/configmap.yaml b/charts/nats/nats/templates/configmap.yaml index 4c318c4c4..523675c44 100644 --- a/charts/nats/nats/templates/configmap.yaml +++ b/charts/nats/nats/templates/configmap.yaml @@ -99,6 +99,10 @@ data: {{- if .Values.nats.jetstream.uniqueTag }} unique_tag: {{ .Values.nats.jetstream.uniqueTag }} {{- end }} + + {{- if .Values.nats.jetstream.maxOutstandingCatchup }} + max_outstanding_catchup: {{ .Values.nats.jetstream.maxOutstandingCatchup }} + {{- end }} } {{- end }} {{- if .Values.mqtt.enabled }} diff --git a/charts/nats/nats/templates/statefulset.yaml b/charts/nats/nats/templates/statefulset.yaml index a1b01b207..384611c4d 100644 --- a/charts/nats/nats/templates/statefulset.yaml +++ b/charts/nats/nats/templates/statefulset.yaml @@ -535,6 +535,10 @@ spec: - "-config" - {{ . | quote }} {{- end }} + {{- range .Values.nats.config }} + - "-config" + - "/etc/nats-config/{{ .name }}/{{ .name }}.conf" + {{- end}} volumeMounts: - name: config-volume mountPath: /etc/nats-config @@ -544,6 +548,12 @@ spec: {{- if .Values.additionalVolumeMounts }} {{- toYaml .Values.additionalVolumeMounts | nindent 8 }} {{- end }} + {{- /* User extended config volumes*/}} + {{- range .Values.nats.config }} + # User extended config volumes + - name: {{ .name }} + mountPath: /etc/nats-config/{{ .name }} + {{- end }} {{- end }} ############################## diff --git a/charts/nats/nats/values.yaml b/charts/nats/nats/values.yaml index 4892da4f7..5254849c8 100644 --- a/charts/nats/nats/values.yaml +++ b/charts/nats/nats/values.yaml @@ -6,7 +6,7 @@ nats: image: repository: nats - tag: 2.9.11-alpine + tag: 2.9.12-alpine pullPolicy: IfNotPresent # registry: docker.io @@ -228,6 +228,8 @@ nats: # Jetstream Unique Tag prevent placing a stream in the same availability zone twice. uniqueTag: + max_outstanding_catchup: + ########################## # # # Jetstream Encryption # @@ -490,7 +492,7 @@ gateway: bootconfig: image: repository: natsio/nats-boot-config - tag: 0.8.0 + tag: 0.9.2 pullPolicy: IfNotPresent # registry: docker.io @@ -504,7 +506,7 @@ natsbox: enabled: true image: repository: natsio/nats-box - tag: 0.13.3 + tag: 0.13.4 pullPolicy: IfNotPresent # registry: docker.io @@ -566,7 +568,7 @@ reloader: enabled: true image: repository: natsio/nats-server-config-reloader - tag: 0.8.0 + tag: 0.9.2 pullPolicy: IfNotPresent # registry: docker.io diff --git a/charts/avesha/kubeslice-worker/charts/jaeger/.helmignore b/charts/percona/psmdb-operator/.helmignore similarity index 100% rename from charts/avesha/kubeslice-worker/charts/jaeger/.helmignore rename to charts/percona/psmdb-operator/.helmignore diff --git a/charts/percona/psmdb-operator/Chart.yaml b/charts/percona/psmdb-operator/Chart.yaml index d71f4b259..0b72188c4 100644 --- a/charts/percona/psmdb-operator/Chart.yaml +++ b/charts/percona/psmdb-operator/Chart.yaml @@ -16,4 +16,4 @@ maintainers: - email: sergey.pronin@percona.com name: spron-in name: psmdb-operator -version: 1.13.2 +version: 1.13.3 diff --git a/charts/percona/psmdb-operator/README.md b/charts/percona/psmdb-operator/README.md index a96f91e4b..f54183f56 100644 --- a/charts/percona/psmdb-operator/README.md +++ b/charts/percona/psmdb-operator/README.md @@ -35,6 +35,8 @@ The chart can be customized using the following configurable parameters: | `resources` | Resource requests and limits | `{}` | | `nodeSelector` | Labels for Pod assignment | `{}` | | `watchNamespace` | Set when a different from default namespace is needed to watch | `""` | +| `rbac.create` | If false RBAC will not be created. RBAC resources will need to be created manually | `true` | +| `serviceAccount.create` | If false the ServiceAccounts will not be created. The ServiceAccounts must be created manually | `true` | Specify parameters using `--set key=value[,key=value]` argument to `helm install` diff --git a/charts/percona/psmdb-operator/templates/role-binding.yaml b/charts/percona/psmdb-operator/templates/role-binding.yaml index 84195d3f3..599694984 100644 --- a/charts/percona/psmdb-operator/templates/role-binding.yaml +++ b/charts/percona/psmdb-operator/templates/role-binding.yaml @@ -1,8 +1,11 @@ +{{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "psmdb-operator.fullname" . }} --- +{{- end }} +{{- if .Values.rbac.create }} {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} kind: ClusterRoleBinding {{- else }} @@ -30,3 +33,4 @@ roleRef: {{- end }} name: {{ include "psmdb-operator.fullname" . }} apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/charts/percona/psmdb-operator/templates/role.yaml b/charts/percona/psmdb-operator/templates/role.yaml index 35b0b390e..5e99400f8 100644 --- a/charts/percona/psmdb-operator/templates/role.yaml +++ b/charts/percona/psmdb-operator/templates/role.yaml @@ -1,3 +1,4 @@ +{{- if .Values.rbac.create }} {{- if or .Values.watchNamespace .Values.watchAllNamespaces }} kind: ClusterRole {{- else }} @@ -144,3 +145,4 @@ rules: - patch - delete - deletecollection +{{- end }} diff --git a/charts/percona/psmdb-operator/values.yaml b/charts/percona/psmdb-operator/values.yaml index 53fc0bf5e..bfc0d5fc2 100644 --- a/charts/percona/psmdb-operator/values.yaml +++ b/charts/percona/psmdb-operator/values.yaml @@ -16,6 +16,16 @@ image: # set if operator should be deployed in cluster wide mode. defaults to false watchAllNamespaces: false +# rbac: settings for deployer RBAC creation +rbac: + # rbac.create: if false RBAC resources should be in place + create: true + +# serviceAccount: settings for Service Accounts used by the deployer +serviceAccount: + # serviceAccount.create: Whether to create the Service Accounts or not + create: true + # set if you want to use a different operator name # defaults to `percona-server-mongodb-operator` # operatorName: diff --git a/charts/redpanda/redpanda/Chart.yaml b/charts/redpanda/redpanda/Chart.yaml index 2a8000a3c..cc782c758 100644 --- a/charts/redpanda/redpanda/Chart.yaml +++ b/charts/redpanda/redpanda/Chart.yaml @@ -26,4 +26,4 @@ name: redpanda sources: - https://github.com/redpanda-data/helm-charts type: application -version: 2.6.1 +version: 2.8.1 diff --git a/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml b/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml index 44cb538aa..c59597561 100644 --- a/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml +++ b/charts/redpanda/redpanda/ci/04-one-node-cluster-no-tls-sasl-values.yaml @@ -19,9 +19,11 @@ tls: auth: sasl: enabled: true + secretRef: "redpanda-users" users: - name: admin password: hunter2 + storage: persistentVolume: size: 3Gi diff --git a/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml b/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml index 814cf130b..8e690ff77 100644 --- a/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml +++ b/charts/redpanda/redpanda/ci/05-one-node-cluster-tls-sasl-values.yaml @@ -19,9 +19,8 @@ tls: auth: sasl: enabled: true - users: - - name: admin - password: hunter2 + secretRef: "redpanda-users" + storage: persistentVolume: size: 3Gi diff --git a/charts/redpanda/redpanda/ci/07-multiple-listeners.yaml b/charts/redpanda/redpanda/ci/07-multiple-listeners.yaml new file mode 100644 index 000000000..221402570 --- /dev/null +++ b/charts/redpanda/redpanda/ci/07-multiple-listeners.yaml @@ -0,0 +1,60 @@ +tls: + certs: + cert2: + caEnabled: false +listeners: + kafka: + tls: + enabled: false + external: + ext2: + port: 19094 + advertisedPorts: + - 31292 + tls: + enabled: true + ext3: + port: 29094 + advertisedPorts: + - 31392 + tls: + enabled: true + cert: cert2 + requireClientAuth: true + schemaRegistry: + tls: + enabled: false + external: + ext2: + port: 18081 + advertisedPorts: + - 30181 + tls: + enabled: true + ext3: + port: 28081 + advertisedPorts: + - 30281 + tls: + enabled: true + cert: cert2 + requireClientAuth: true + http: + tls: + enabled: false + external: + ext2: + port: 18083 + advertisedPorts: + - 30183 + tls: + enabled: true + ext3: + port: 28083 + advertisedPorts: + - 30283 + tls: + enabled: true + cert: cert2 + requireClientAuth: true + diff --git a/charts/redpanda/redpanda/templates/NOTES.txt b/charts/redpanda/redpanda/templates/NOTES.txt index 5983ae16c..aa3d82c77 100644 --- a/charts/redpanda/redpanda/templates/NOTES.txt +++ b/charts/redpanda/redpanda/templates/NOTES.txt @@ -16,8 +16,23 @@ limitations under the License. */}} {{/* -Any rpk command that's given to the user in in this file must be defined in _example-commands.tpl and tested in a test. + Add warnings to the warnings template */}} +{{ $warnings := (fromJson (include "warnings" .)).result }} +{{- if $warnings }} +--- +{{ range $warning := $warnings }} +{{ $warning }} +{{- end }} + +--- +{{- end }} + +{{- +/* +Any rpk command that's given to the user in in this file must be defined in _example-commands.tpl and tested in a test. +*/ +-}} {{- $anySASL := (include "sasl-enabled" . | fromJson).bool }} {{- $rpk := deepCopy . }} diff --git a/charts/redpanda/redpanda/templates/_example-commands.tpl b/charts/redpanda/redpanda/templates/_example-commands.tpl index 5bc2574a6..b2d5fbd62 100644 --- a/charts/redpanda/redpanda/templates/_example-commands.tpl +++ b/charts/redpanda/redpanda/templates/_example-commands.tpl @@ -23,36 +23,63 @@ and tested in a test. {{/* tested in tests/test-kafka-sasl-status.yaml */}} {{- define "rpk-acl-user-create" -}} -{{ .rpk }} acl user create myuser --new-password changeme --mechanism {{ include "sasl-mechanism" . }} {{ include "rpk-common-flags" . }} +{{ .rpk }} acl user create myuser --new-password changeme --mechanism {{ include "sasl-mechanism" . }} {{ include "rpk-flags-no-sasl" . }} {{- end -}} -{{/* tested in tests/test-kafka-sasl-status.yaml */}} {{- define "rpk-acl-create" -}} -{{ .rpk }} acl create --allow-principal 'myuser' --allow-host '*' --operation all --topic 'test-topic' {{ include "rpk-topic-flags" . }} +{{ .rpk }} acl create --allow-principal 'myuser' --allow-host '*' --operation all --topic 'test-topic' {{ include "rpk-flags-no-admin-no-sasl" . }} {{ include "rpk-dummy-sasl" . }} {{- end -}} -{{/* tested in tests/test-kafka-sasl-status.yaml */}} {{- define "rpk-cluster-info" -}} -{{ .rpk }} cluster info {{ include "rpk-topic-flags" . }} +{{ .rpk }} cluster info {{ include "rpk-flags-no-admin-no-sasl" . }} {{ include "rpk-dummy-sasl" . }} {{- end -}} -{{/* tested in tests/test-kafka-sasl-status.yaml */}} {{- define "rpk-topic-create" -}} -{{- $sasl := mustDeepCopy . -}} -{{- $_ := set $sasl "auth" (dict "username" "myuser" "password" "changeme") -}} -{{ .rpk }} topic create test-topic {{ include "rpk-topic-flags" $sasl }} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ .rpk }} topic create test-topic {{ include "rpk-flags-no-admin-no-sasl" . }} {{ include "rpk-dummy-sasl" . }} {{- end -}} -{{/* tested in tests/test-kafka-sasl-status.yaml */}} {{- define "rpk-topic-describe" -}} -{{- $sasl := mustDeepCopy . -}} -{{- $_ := set $sasl "auth" (dict "username" "myuser" "password" "changeme") -}} -{{ .rpk }} topic describe test-topic {{ include "rpk-topic-flags" $sasl }} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ .rpk }} topic describe test-topic {{ include "rpk-flags-no-admin-no-sasl" . }} {{ include "rpk-dummy-sasl" . }} +{{- end -}} + +{{- define "rpk-topic-delete" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ .rpk }} topic delete test-topic {{ include "rpk-flags-no-admin-no-sasl" . }} {{ include "rpk-dummy-sasl" . }} +{{- end -}} + + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-acl-user-create-no-dummy-sasl" -}} +{{ .rpk }} acl user create myuser --new-password changeme --mechanism {{ include "sasl-mechanism" . }} {{ include "rpk-flags-no-sasl" . }} {{- end -}} {{/* tested in tests/test-kafka-sasl-status.yaml */}} -{{- define "rpk-topic-delete" -}} -{{- $sasl := mustDeepCopy . -}} -{{- $_ := set $sasl "auth" (dict "username" "myuser" "password" "changeme") -}} -{{ .rpk }} topic delete test-topic {{ include "rpk-topic-flags" $sasl }} +{{- define "rpk-acl-create-no-dummy-sasl" -}} +{{ .rpk }} acl create --allow-principal 'myuser' --allow-host '*' --operation all --topic 'test-topic' {{ include "rpk-flags-no-admin" . }} {{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-cluster-info-no-dummy-sasl" -}} +{{ .rpk }} cluster info {{ include "rpk-flags-no-admin" . }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-topic-create-no-dummy-sasl" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ .rpk }} topic create test-topic {{ include "rpk-flags-no-admin" . }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-topic-describe-no-dummy-sasl" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ .rpk }} topic describe test-topic {{ include "rpk-flags-no-admin" . }} +{{- end -}} + +{{/* tested in tests/test-kafka-sasl-status.yaml */}} +{{- define "rpk-topic-delete-no-dummy-sasl" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ .rpk }} topic delete test-topic {{ include "rpk-flags-no-admin" . }} +{{- end -}} + diff --git a/charts/redpanda/redpanda/templates/_helpers.tpl b/charts/redpanda/redpanda/templates/_helpers.tpl index 819e178a8..32e56e0bb 100644 --- a/charts/redpanda/redpanda/templates/_helpers.tpl +++ b/charts/redpanda/redpanda/templates/_helpers.tpl @@ -19,19 +19,19 @@ Expand the name of the chart. */}} {{- define "redpanda.name" -}} {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} +{{- end -}} {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "redpanda.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} {{/* Create chart name and version as used by the chart label. @@ -283,8 +283,8 @@ Generate configuration needed for rpk {{- if eq $result 0 -}} {{- "unable to get memory value" | fail -}} {{- end -}} - {{- if lt $result 2000 -}} - {{- printf "\n%d is below the minimum recommended value for Redpanda" $result | fail -}} + {{- if lt $result 256 -}} + {{- printf "\n%d is below the minimum value for Redpanda" $result | fail -}} {{- end -}} {{- if gt (add $result (include "redpanda-reserve-memory" .)) (include "container-memory" . | int64) -}} {{- printf "\nNot enough container memory for Redpanda memory values\nredpanda: %d, reserve: %d, container: %d" $result (include "redpanda-reserve-memory" . | int64) (include "container-memory" . | int64) | fail -}} @@ -300,10 +300,6 @@ Generate configuration needed for rpk {{- dig "sasl" "mechanism" "SCRAM-SHA-512" .Values.auth -}} {{- end -}} -{{- define "sasl-user-mechanism" -}} -{{- dig "mechanism" (include "sasl-mechanism" $) $.user -}} -{{- end -}} - {{- define "rpk-flags" -}} {{- $root := . -}} {{- $admin := list -}} @@ -325,11 +321,10 @@ Generate configuration needed for rpk {{- end -}} {{- $sasl := list -}} {{- if (include "sasl-enabled" . | fromJson).bool -}} - {{- $root := . | toJson | fromJson -}} {{- $sasl = concat $sasl (list - "--user" (dig "auth" "username" (first .Values.auth.sasl.users).name $root) - "--password" (dig "auth" "password" (first .Values.auth.sasl.users).password $root) - "--sasl-mechanism " (include "sasl-mechanism" .) + "--user" ( print "$(find /etc/secrets/users/* -print | sed -n 1p | xargs cat | sed -n 1p | tr ':' '\n' | sed -n 1p )" | quote ) + "--password" ( print "$(find /etc/secrets/users/* -print | sed -n 1p | xargs cat | sed -n 1p | tr ':' '\n' | sed -n 2p )" | quote ) + "--sasl-mechanism" ( printf "$(find /etc/secrets/users/* -print | sed -n 1p | xargs cat | sed -n 1p | tr ':' '\n' | sed -n 3p | grep . || echo %s )" (include "sasl-mechanism" .) | quote ) ) -}} {{- end -}} @@ -351,9 +346,36 @@ Generate configuration needed for rpk {{ join " " (list $flags.brokers $flags.admin $flags.sasl $flags.kafka)}} {{- end -}} +{{- define "rpk-flags-no-admin" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ join " " (list $flags.brokers $flags.kafka $flags.sasl)}} +{{- end -}} + +{{- define "rpk-flags-no-sasl" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ join " " (list $flags.brokers $flags.admin $flags.kafka)}} +{{- end -}} + +{{- define "rpk-flags-no-admin-no-sasl" -}} +{{- $flags := fromJson (include "rpk-flags" .) -}} +{{ join " " (list $flags.brokers $flags.kafka)}} +{{- end -}} + +{{- define "rpk-dummy-sasl" -}} +{{- if (include "sasl-enabled" . | fromJson).bool -}} +{{ "--user --password --sasl-mechanism " -}} +{{- else -}} +{{ "" }} +{{- end -}} +{{- end -}} + {{- define "rpk-topic-flags" -}} {{- $flags := fromJson (include "rpk-flags" .) -}} -{{ join " " (list $flags.brokers $flags.sasl $flags.kafka)}} + {{- if (include "sasl-enabled" . | fromJson).bool -}} + {{- join " " (list $flags.brokers $flags.kafka $flags.sasl) -}} + {{- else -}} + {{- join " " (list $flags.brokers $flags.kafka) -}} + {{- end -}} {{- end -}} {{- define "storage-min-free-bytes" -}} @@ -366,22 +388,22 @@ Generate configuration needed for rpk {{- end -}} {{- define "tunable" -}} -{{- $tunable := dig "tunable" dict .Values.config }} -{{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool }} -{{- toYaml $tunable | nindent 4 }} -{{- else if (include "redpanda-atleast-22-2-0" . | fromJson).bool }} -{{- $tunable = unset $tunable "log_segment_size_min" }} -{{- $tunable = unset $tunable "log_segment_size_max" }} -{{- $tunable = unset $tunable "kafka_batch_max_bytes" }} -{{- toYaml $tunable | nindent 4 }} -{{- else if (include "redpanda-atleast-22-1-1" . | fromJson).bool }} -{{- $tunable = unset $tunable "log_segment_size_min" }} -{{- $tunable = unset $tunable "log_segment_size_max" }} -{{- $tunable = unset $tunable "kafka_batch_max_bytes" }} -{{- $tunable = unset $tunable "topic_partitions_per_shard" }} -{{- toYaml $tunable | nindent 4 }} -{{- end }} -{{- end }} +{{- $tunable := dig "tunable" dict .Values.config -}} +{{- if (include "redpanda-atleast-22-3-0" . | fromJson).bool -}} +{{- toYaml $tunable | nindent 4 -}} +{{- else if (include "redpanda-atleast-22-2-0" . | fromJson).bool -}} +{{- $tunable = unset $tunable "log_segment_size_min" -}} +{{- $tunable = unset $tunable "log_segment_size_max" -}} +{{- $tunable = unset $tunable "kafka_batch_max_bytes" -}} +{{- toYaml $tunable | nindent 4 -}} +{{- else if (include "redpanda-atleast-22-1-1" . | fromJson).bool -}} +{{- $tunable = unset $tunable "log_segment_size_min" -}} +{{- $tunable = unset $tunable "log_segment_size_max" -}} +{{- $tunable = unset $tunable "kafka_batch_max_bytes" -}} +{{- $tunable = unset $tunable "topic_partitions_per_shard" -}} +{{- toYaml $tunable | nindent 4 -}} +{{- end -}} +{{- end -}} {{- define "redpanda-atleast-22-1-1" -}} {{- toJson (dict "bool" (or (not (eq .Values.image.repository "vectorized/redpanda")) (include "redpanda.semver" . | semverCompare ">=22.1.1"))) -}} @@ -407,9 +429,9 @@ runAsUser: {{ dig "podSecurityContext" "runAsUser" .Values.statefulset.securityC runAsGroup: {{ dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset }} {{- end -}} -{{- define "tls-curl-flags" -}} +{{- define "admin-tls-curl-flags" -}} {{- $result := "" -}} - {{- if (include "tls-enabled" . | fromJson).bool -}} + {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} {{- $path := (printf "/etc/tls/certs/%s" .Values.listeners.admin.tls.cert) -}} {{- $result = (printf "--cacert %s/tls.crt" $path) -}} {{- if .Values.listeners.admin.tls.requireClientAuth -}} @@ -419,9 +441,9 @@ runAsGroup: {{ dig "podSecurityContext" "fsGroup" .Values.statefulset.securityCo {{- $result -}} {{- end -}} -{{- define "http-protocol" -}} +{{- define "admin-http-protocol" -}} {{- $result := "http" -}} - {{- if (include "tls-enabled" . | fromJson).bool -}} + {{- if (include "admin-internal-tls-enabled" . | fromJson).bool -}} {{- $result = "https" -}} {{- end -}} {{- $result -}} @@ -466,12 +488,27 @@ advertised-host returns a json sring with the data neded for configuring the adv {{- end -}} {{/* -Set default path for tiered storage cache or use one provided +"warnings" is an aggregate that returns a list of warnings to be shown in NOTES.txt */}} -{{- define "tieredStorage.cacheDirectory" -}} -{{- if empty .Values.storage.tieredConfig.cloud_storage_cache_directory }} - {{- printf "/var/lib/redpanda/data/cloud_storage_cache" }} -{{- else }} - {{- .Values.storage.tieredConfig.cloud_storage_cache_directory }} -{{- end }} -{{- end }} +{{- define "warnings" -}} + {{- $result := list -}} + {{- $warnings := list "redpanda-memory-warning" -}} + {{- range $t := $warnings -}} + {{- $warning := include $t $ -}} + {{- if $warning -}} + {{- $result = append $result (printf "**Warning**: %s" $warning) -}} + {{- end -}} + {{- end -}} + {{/* fromJson cannot decode list */}} + {{- toJson (dict "result" $result) -}} +{{- end -}} + +{{/* +return a warning if the chart is configured with insufficient memory +*/}} +{{- define "redpanda-memory-warning" -}} + {{- $result := (include "redpanda-memory" .) | int -}} + {{- if lt $result 2000 -}} + {{- printf "%d is below the minimum recommended value for Redpanda" $result -}} + {{- end -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/_statefulset-helpers.tpl b/charts/redpanda/redpanda/templates/_statefulset-helpers.tpl new file mode 100644 index 000000000..c64846303 --- /dev/null +++ b/charts/redpanda/redpanda/templates/_statefulset-helpers.tpl @@ -0,0 +1,38 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{/* +Set tolerations for statefulset, defaults to global tolerations if not defined in statefulset +*/}} +{{- define "statefulset-tolerations" -}} +{{- $tolerations := .Values.tolerations -}} +{{- if not ( empty .Values.statefulset.tolerations ) -}} +{{- $tolerations = .Values.statefulset.tolerations -}} +{{- end -}} +{{- toYaml $tolerations -}} +{{- end -}} + +{{/* +Set nodeSelector for statefulset, defaults to global nodeSelector if not defined in statefulset +*/}} +{{- define "statefulset-nodeSelectors" -}} +{{- $nodeSelectors := .Values.nodeSelector -}} +{{- if not ( empty .Values.statefulset.nodeSelector ) -}} +{{- $nodeSelectors = .Values.statefulset.nodeSelector -}} +{{- end -}} +{{- toYaml $nodeSelectors -}} +{{- end -}} diff --git a/charts/redpanda/redpanda/templates/_statefulset.tpl b/charts/redpanda/redpanda/templates/_statefulset.tpl new file mode 100644 index 000000000..ecaba2809 --- /dev/null +++ b/charts/redpanda/redpanda/templates/_statefulset.tpl @@ -0,0 +1,46 @@ +{{/* +Licensed to the Apache Software Foundation (ASF) under one or more +contributor license agreements. See the NOTICE file distributed with +this work for additional information regarding copyright ownership. +The ASF licenses this file to You under the Apache License, Version 2.0 +(the "License"); you may not use this file except in compliance with +the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- define "statefulset-pod-labels" -}} +{{- /* + StatefulSets cannot change their selector. Use the existing one even if it's broken. + New installs will get better selectors. +*/ -}} +{{- $sts := lookup "apps/v1" "StatefulSet" .Release.Namespace (include "redpanda.fullname" .) -}} +{{- $labels := dig "spec" "selector" "matchLabels" "" $sts -}} +{{- if not (empty $labels) -}} +{{ $labels | toYaml }} +{{- else -}} +app.kubernetes.io/name: {{ template "redpanda.name" . }} +app.kubernetes.io/instance: {{ .Release.Name | quote }} +app.kubernetes.io/component: {{ (include "redpanda.name" .) | trunc 51 }}-statefulset +{{- with .Values.commonLabels }} +{{ toYaml . }} +{{- end }} +{{- end -}} +{{- end -}} + +{{/* +Set default path for tiered storage cache or use one provided +*/}} +{{- define "tieredStorage.cacheDirectory" -}} +{{- if empty .Values.storage.tieredConfig.cloud_storage_cache_directory -}} + {{- printf "/var/lib/redpanda/data/cloud_storage_cache" -}} +{{- else -}} + {{- .Values.storage.tieredConfig.cloud_storage_cache_directory -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/redpanda/redpanda/templates/configmap.yaml b/charts/redpanda/redpanda/templates/configmap.yaml index 879994011..80597a113 100644 --- a/charts/redpanda/redpanda/templates/configmap.yaml +++ b/charts/redpanda/redpanda/templates/configmap.yaml @@ -1,4 +1,4 @@ -{{/* +{{- /* Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. @@ -95,59 +95,105 @@ data: {{- with dig "node" dict .Values.config }} {{- . | toYaml | nindent 6 }} {{- end }} +{{- /* LISTENERS */}} +{{- /* Admin API */}} +{{- $service := .Values.listeners.admin }} admin: name: admin address: 0.0.0.0 - port: {{ .Values.listeners.admin.port }} + port: {{ $service.port }} {{- if (include "admin-internal-tls-enabled" . | fromJson).bool }} admin_api_tls: - - name: admin - enabled: true - cert_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/tls.key - truststore_file: /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt - require_client_auth: {{ .Values.listeners.admin.tls.requireClientAuth }} + name: admin + enabled: true + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + require_client_auth: {{ $service.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} +{{- /* Kafka API */}} +{{- $service = .Values.listeners.kafka }} kafka_api: - name: internal address: 0.0.0.0 - port: {{ .Values.listeners.kafka.port }} + port: {{ $service.port }} {{- range $name, $listener := .Values.listeners.kafka.external }} - name: {{ $name }} address: 0.0.0.0 port: {{ $listener.port }} {{- end }} kafka_api_tls: -{{- $service := .Values.listeners.kafka }} {{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} - name: internal enabled: true cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key - truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt require_client_auth: {{ $service.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} {{- range $name, $listener := $service.external }} {{- $k := dict "Values" $values "listener" $listener }} {{- if (include "kafka-external-tls-enabled" $k | fromJson).bool }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "kafka-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} - name: {{ $name }} enabled: true - cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.crt - key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/tls.key - truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt - require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }} + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} {{- end }} +{{- /* RPC Server */}} +{{- $service = .Values.listeners.rpc }} rpc_server: address: 0.0.0.0 - port: {{ .Values.listeners.rpc.port }} + port: {{ $service.port }} {{- if (include "rpc-tls-enabled" . | fromJson).bool }} rpc_server_tls: enabled: true - require_client_auth: {{ .Values.listeners.rpc.tls.requireClientAuth }} - cert_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/tls.key - truststore_file: /etc/tls/certs/{{ .Values.listeners.rpc.tls.cert }}/ca.crt + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + require_client_auth: {{ $service.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} seed_servers: {{- range untilStep 0 (.Values.statefulset.replicas|int) 1 }} @@ -162,70 +208,127 @@ data: {{- unset .Values.storage.tieredConfig "cloud_storage_credentials_source" | toYaml | nindent 6 }} {{- end }} {{- end }} +{{- /* Schema Registry API */}} {{- if .Values.listeners.schemaRegistry.enabled }} + {{- $service = .Values.listeners.schemaRegistry }} schema_registry: schema_registry_api: - name: internal address: 0.0.0.0 - port: {{ .Values.listeners.schemaRegistry.port }} -{{- range $name, $listener := .Values.listeners.schemaRegistry.external }} + port: {{ $service.port }} + {{- range $name, $listener := $service.external }} - name: {{ $name }} address: 0.0.0.0 - port: {{ $listener.port }} -{{- end }} + {{- /* + when upgrading from an older version that had a missing port, fail if we cannot guess a default + this should work in all cases as the older versions would have failed with multiple listeners anyway + */}} + {{- if and (empty $listener.port) (ne (len $service.external) 1) }} + {{- fail "missing required port for schemaRegistry listener $listener.name" }} + {{- end }} + port: {{ $listener.port | default 8084 }} + {{- end }} schema_registry_api_tls: {{- if (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool }} - name: internal enabled: true - cert_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/tls.key - truststore_file: /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt - require_client_auth: {{ .Values.listeners.schemaRegistry.tls.requireClientAuth }} + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + require_client_auth: {{ $service.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} - {{- range $i, $listener := .Values.listeners.schemaRegistry.external }} + {{- range $name, $listener := $service.external }} {{- $k := dict "Values" $values "listener" $listener }} {{- if (include "schemaRegistry-external-tls-enabled" $k | fromJson).bool }} - - name: {{ $listener.name }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "schemaRegistry-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + - name: {{ $name }} enabled: true - cert_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.crt - key_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/tls.key - truststore_file: /etc/tls/certs/{{ template "schemaRegistry-external-tls-cert" $k }}/ca.crt - require_client_auth: {{ dig "tls" "requireClientAuth" false $listener}} + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} {{- end }} {{- end }} +{{- /* HTTP Proxy */}} {{- if .Values.listeners.http.enabled }} + {{- $service = .Values.listeners.http }} pandaproxy: pandaproxy_api: - name: internal address: 0.0.0.0 - port: {{ .Values.listeners.http.port }} - {{- range $name, $listener := .Values.listeners.http.external }} + port: {{ $service.port }} + {{- range $name, $listener := $service.external }} - name: {{ $name }} address: 0.0.0.0 port: {{ $listener.port }} {{- end }} pandaproxy_api_tls: {{- if (include "http-internal-tls-enabled" . | fromJson).bool }} - - name: internal - enabled: true - cert_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.crt - key_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/tls.key - truststore_file: /etc/tls/certs/{{ .Values.listeners.http.tls.cert }}/ca.crt - require_client_auth: {{ .Values.listeners.http.tls.requireClientAuth }} + - name: internal + enabled: true + cert_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.crt + key_file: /etc/tls/certs/{{ $service.tls.cert }}/tls.key + require_client_auth: {{ $service.tls.requireClientAuth }} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + {{- if $cert.caEnabled }} + truststore_file: /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} - {{- range $name, $listener := .Values.listeners.http.external }} + {{- range $name, $listener := $service.external }} {{- $k := dict "Values" $values "listener" $listener }} {{- if (include "http-external-tls-enabled" $k | fromJson).bool }} - - name: {{ $name }} - enabled: true - cert_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.crt - key_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k }}/tls.key - truststore_file: /etc/tls/certs/{{ template "kafka-external-tls-cert" $k}}/ca.crt - require_client_auth: {{ dig "tls" "requireClientAuth" false $listener }} + {{- $mtls := dig "tls" "requireClientAuth" false $listener }} + {{- $mtls = dig "tls" "requireClientAuth" $mtls $k }} + {{- $certName := include "http-external-tls-cert" $k }} + {{- $certPath := printf "/etc/tls/certs/%s" $certName }} + {{- $cert := get $values.tls.certs $certName }} + {{- if empty $cert }} + {{- fail (printf "Certificate, '%s', used but not defined")}} + {{- end }} + - name: {{ $name }} + enabled: true + cert_file: {{ $certPath }}/tls.crt + key_file: {{ $certPath }}/tls.key + require_client_auth: {{ $mtls }} + {{- if $cert.caEnabled }} + truststore_file: {{ $certPath }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + truststore_file: /etc/ssl/certs/ca-certificates.crt + {{- end }} {{- end }} {{- end }} {{- end }} +{{- /* END LISTENERS */}} + rpk: enable_usage_stats: {{ .Values.logging.usageStats.enabled }} overprovisioned: {{ dig "cpu" "overprovisioned" false .Values.resources }} diff --git a/charts/redpanda/redpanda/templates/poddisruptionbudget.yaml b/charts/redpanda/redpanda/templates/poddisruptionbudget.yaml index e3efea930..615b44330 100644 --- a/charts/redpanda/redpanda/templates/poddisruptionbudget.yaml +++ b/charts/redpanda/redpanda/templates/poddisruptionbudget.yaml @@ -14,24 +14,30 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} +{{- $budget := .Values.statefulset.budget.maxUnavailable -}} +{{- /* to maintain quorum, raft cannot lose more than half its members */ -}} +{{- $minReplicas := divf .Values.statefulset.replicas 2 | floor -}} +{{- /* the lowest we can go is 1 so allow that always */ -}} +{{- if and (gt $budget (float64 1)) (gt $budget $minReplicas) -}} + {{ fail "statefulset.budget.maxUnavailable is set too high to maintain quorum: $budget > $minReplicas" }} +{{- end -}} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: {{ template "redpanda.fullname" . }} - namespace: {{ .Release.Namespace | quote }} + namespace: {{ .Release.Namespace }} labels: helm.sh/chart: {{ template "redpanda.chart" . }} app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/component: {{ template "redpanda.name" . }} {{- with .Values.commonLabels }} {{- toYaml . | nindent 4 }} {{- end }} spec: + maxUnavailable: {{ $budget | int64 }} selector: - matchLabels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - maxUnavailable: {{ .Values.statefulset.budget.maxUnavailable | int64 }} + matchLabels: {{ (include "statefulset-pod-labels" .) | nindent 6 }} + redpanda.com/poddisruptionbudget: {{ template "redpanda.name" . }} diff --git a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml index a659a8ba5..73e6d73d0 100644 --- a/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml +++ b/charts/redpanda/redpanda/templates/post-install-upgrade-job.yaml @@ -15,6 +15,8 @@ See the License for the specific language governing permissions and limitations under the License. */}} {{- if .Values.post_install_job.enabled }} +{{- $values := .Values }} +{{- $sasl := $values.auth.sasl }} --- apiVersion: batch/v1 kind: Job @@ -49,11 +51,17 @@ spec: labels: app.kubernetes.io/name: {{ template "redpanda.name" . }} app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: {{ template "redpanda.name" . }} + app.kubernetes.io/component: {{ (include "redpanda.name" .) | trunc 50 }}-post-install {{- with .Values.commonLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} restartPolicy: Never securityContext: {{ include "pod-security-context" . | nindent 8 }} containers: @@ -67,42 +75,45 @@ spec: name: {{ .Values.license_secret_ref.secret_name }} key: {{ .Values.license_secret_ref.secret_key }} {{- end }} - command: - - bash - - -c + command: ["bash","-c"] args: - | set -e -{{- if .Values.auth.sasl.enabled }} - {{- $values := .Values }} - {{- range $user := .Values.auth.sasl.users }} - # To avoid `set -e` from exiting the command when a user exists; catch the stderr output and exit codes into `creation_result` - # and `creation_result_exit_code` for use later - creation_result=$(rpk acl user create {{ $user.name }} -p {{ $user.password | quote }} --mechanism {{ include "sasl-user-mechanism" (dict "user" $user "Values" $values) }} {{ template "rpk-common-flags" $ }} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? - - # On a non-success exit code - if [[ $creation_result_exit_code -ne 0 ]]; then - # Check if the stderr contains "User already exists" - if [[ $creation_result == *"User already exists"* ]]; then - printf "The %s user already exists, skipping creation.\n" {{ $user.name }} - else - # Another error occurred, so output the original message and exit code - echo "$creation_result" - exit $creation_result_exit_code + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + USERS_FILE=$(find /etc/secrets/users/* -print) + while read p; do + IFS=":" read -r USER_NAME PASSWORD MECHANISM <<< $p + # Do not process empty lines + if [ -z "$USER_NAME" ]; then + continue fi - # On a success, the user was created so output that - else - printf "Created user %s.\n" {{ $user.name }} - fi - {{- end }} -{{- end }} -{{- if (include "redpanda-atleast-22-2-0" . | fromJson).bool }} - {{- if not (empty .Values.license_secret_ref) }} - rpk cluster license set "$REDPANDA_LICENSE" {{ template "rpk-common-flags" $ }} - {{- else if not (empty .Values.license_key) }} - rpk cluster license set {{ .Values.license_key | quote }} {{ template "rpk-common-flags" $ }} - {{- end }} -{{- end }} + echo "Creating user ${USER_NAME}..." + MECHANISM=${MECHANISM:-{{- include "sasl-mechanism" . }}} + creation_result=$(rpk acl user create ${USER_NAME} --password=${PASSWORD} --mechanism ${MECHANISM} {{ template "rpk-flags-no-sasl" $ }} 2>&1) && creation_result_exit_code=$? || creation_result_exit_code=$? # On a non-success exit code + if [[ $creation_result_exit_code -ne 0 ]]; then + # Check if the stderr contains "User already exists" + if [[ $creation_result == *"User already exists"* ]]; then + # TODO: change user password instead in the future when api enables this. + echo "the user ${USER_NAME} already exists, skipping creation." + else + # Another error occurred, so output the original message and exit code + echo "error creating user ${USER_NAME}: ${creation_result}" + exit $creation_result_exit_code + fi + # On a success, the user was created so output that + else + echo "Created user ${USER_NAME}." + fi + done < $USERS_FILE + {{- end }} + + {{- if (include "redpanda-atleast-22-2-0" . | fromJson).bool }} + {{- if not (empty .Values.license_secret_ref) }} + rpk cluster license set "$REDPANDA_LICENSE" {{ template "rpk-flags-no-sasl" $ }} + {{- else if not (empty .Values.license_key) }} + rpk cluster license set {{ .Values.license_key | quote }} {{ template "rpk-flags-no-sasl" $ }} + {{- end }} + {{- end }} {{- with .Values.post_install_job.resources }} resources: {{- toYaml . | nindent 10 }} @@ -113,20 +124,25 @@ spec: mountPath: /tmp/base-config - name: config mountPath: /etc/redpanda -{{- if (include "tls-enabled" . | fromJson).bool }} - {{- range $name, $cert := .Values.tls.certs }} + {{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert mountPath: {{ printf "/etc/tls/certs/%s" $name }} - {{- end }} -{{- end }} + {{- end }} + {{- end }} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + mountPath: "/etc/secrets/users" + readOnly: true + {{- end}} volumes: - name: {{ template "redpanda.fullname" . }} configMap: name: {{ template "redpanda.fullname" . }} - name: config emptyDir: {} -{{- if (include "tls-enabled" . | fromJson).bool }} - {{- range $name, $cert := .Values.tls.certs }} + {{- if (include "tls-enabled" . | fromJson).bool }} + {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert secret: defaultMode: 420 @@ -135,11 +151,17 @@ spec: path: tls.key - key: tls.crt path: tls.crt - {{- if $cert.caEnabled }} + {{- if $cert.caEnabled }} - key: ca.crt path: ca.crt - {{- end }} + {{- end }} secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert - {{- end }} -{{- end -}} + {{- end }} + {{- end -}} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + secret: + secretName: {{ $sasl.secretRef }} + optional: false + {{- end }} {{- end -}} diff --git a/charts/redpanda/redpanda/templates/post-upgrade.yaml b/charts/redpanda/redpanda/templates/post-upgrade.yaml index 471db47b0..e471ae524 100644 --- a/charts/redpanda/redpanda/templates/post-upgrade.yaml +++ b/charts/redpanda/redpanda/templates/post-upgrade.yaml @@ -1,6 +1,7 @@ {{- if .Values.post_upgrade_job.enabled }} {{- if (include "redpanda-atleast-22-1-1" . | fromJson).bool }} -{{- $rpkFlags := include "rpk-common-flags" . }} +{{- $rpkFlags := include "rpk-flags-no-sasl" . }} +{{- $sasl := .Values.auth.sasl }} apiVersion: batch/v1 kind: Job metadata: @@ -33,11 +34,17 @@ spec: labels: app.kubernetes.io/name: {{ template "redpanda.name" . }} app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: {{ template "redpanda.name" . }} + app.kubernetes.io/component: {{ (include "redpanda.name" .) | trunc 50 }}-post-upgrade {{- with .Values.commonLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.nodeSelector }} + nodeSelector: {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: {{- toYaml . | nindent 8 }} + {{- end }} restartPolicy: Never securityContext: {{ include "pod-security-context" . | nindent 8 }} containers: @@ -77,6 +84,11 @@ spec: mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} {{- end }} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + mountPath: "/etc/secrets/users" + readOnly: true + {{- end}} volumes: - name: {{ template "redpanda.fullname" . }} configMap: @@ -100,5 +112,11 @@ spec: secretName: {{ template "redpanda.fullname" $ }}-{{ $name }}-cert {{- end }} {{- end -}} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + secret: + secretName: {{ $sasl.secretRef }} + optional: false + {{- end }} {{- end }} {{- end }} diff --git a/charts/redpanda/redpanda/templates/rbac.yaml b/charts/redpanda/redpanda/templates/rbac.yaml index 253018795..cbfdda0eb 100644 --- a/charts/redpanda/redpanda/templates/rbac.yaml +++ b/charts/redpanda/redpanda/templates/rbac.yaml @@ -43,6 +43,42 @@ rules: - list --- apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ include "redpanda.fullname" . }}-rpk-bundle + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +rules: + - apiGroups: + - "" + resources: + - configmaps + - endpoints + - events + - limitranges + - persistentvolumeclaims + - pods + - pods/log + - replicationcontrollers + - resourcequotas + - serviceaccounts + - services + verbs: + - get + - list +--- +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: {{ include "redpanda.fullname" . }} @@ -67,4 +103,30 @@ subjects: - kind: ServiceAccount name: {{ include "redpanda.serviceAccountName" . }} namespace: {{ .Release.Namespace | quote }} -{{- end }} \ No newline at end of file +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "redpanda.fullname" . }}-rpk-bundle + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "redpanda.fullname" . }}-rpk-bundle +subjects: + - kind: ServiceAccount + name: {{ include "redpanda.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} +{{- end }} diff --git a/charts/redpanda/redpanda/templates/secret.yaml b/charts/redpanda/redpanda/templates/secrets.yaml similarity index 51% rename from charts/redpanda/redpanda/templates/secret.yaml rename to charts/redpanda/redpanda/templates/secrets.yaml index 5f6334480..002664b1c 100644 --- a/charts/redpanda/redpanda/templates/secret.yaml +++ b/charts/redpanda/redpanda/templates/secrets.yaml @@ -1,9 +1,26 @@ +{{/* + Licensed to the Apache Software Foundation (ASF) under one or more + contributor license agreements. See the NOTICE file distributed with + this work for additional information regarding copyright ownership. + The ASF licenses this file to You under the Apache License, Version 2.0 + (the "License"); you may not use this file except in compliance with + the License. You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/}} {{- if gt ( .Values.statefulset.replicas | int64 ) 2 }} --- apiVersion: v1 kind: Secret metadata: name: {{ template "redpanda.fullname" . }}-sts-lifecycle + namespace: {{ .Release.Namespace | quote }} labels: helm.sh/chart: {{ template "redpanda.chart" . }} app.kubernetes.io/name: {{ template "redpanda.name" . }} @@ -16,14 +33,14 @@ stringData: #!/usr/bin/env bash # the SERVICE_NAME comes from the metadata.name of the pod, essentially the POD_NAME - CURL_URL="{{ (include "http-protocol" . ) }}://${SERVICE_NAME}.{{ template "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.listeners.admin.port }}" + CURL_URL="{{ include "admin-http-protocol" . }}://${SERVICE_NAME}.{{ template "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain | trimSuffix "." }}:{{ .Values.listeners.admin.port }}" # commands used throughout - CURL_NODE_ID_CMD="curl --silent --fail {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/node_config" + CURL_NODE_ID_CMD="curl --silent --fail {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/node_config" - CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' + CURL_MAINTENANCE_DELETE_CMD_PREFIX='curl -X DELETE --silent -o /dev/null -w "%{http_code}"' CURL_MAINTENANCE_PUT_CMD_PREFIX='curl -X PUT --silent -o /dev/null -w "%{http_code}"' - CURL_MAINTENANCE_GET_CMD="curl -X GET --silent {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/maintenance" + CURL_MAINTENANCE_GET_CMD="curl -X GET --silent {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/maintenance" postStart.sh: |- #!/usr/bin/env bash @@ -33,14 +50,14 @@ stringData: # path below should match the path defined on the statefulset source /var/lifecycle/common.sh - set -e - + set -ex + until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do sleep 0.5 done - + echo "Clearing maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + CURL_MAINTENANCE_DELETE_CMD="${CURL_MAINTENANCE_DELETE_CMD_PREFIX} {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" # a 400 here would mean not in maintenance mode until [ "${status:-}" = '"200"' ] || [ "${status:-}" = '"400"' ]; do status=$(${CURL_MAINTENANCE_DELETE_CMD}) @@ -51,23 +68,23 @@ stringData: #!/usr/bin/env bash # This code should be similar if not exactly the same as that found in the panda-operator, see # https://github.com/redpanda-data/redpanda/blob/e51d5b7f2ef76d5160ca01b8c7a8cf07593d29b6/src/go/k8s/pkg/resources/secret.go - + # path below should match the path defined on the statefulset source /var/lifecycle/common.sh - set -e + set -ex until NODE_ID=$(${CURL_NODE_ID_CMD} | grep -o '\"node_id\":[^,}]*' | grep -o '[^: ]*$'); do sleep 0.5 done - - echo "Setting maintenance mode on node ${NODE_ID}" - CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} {{ (include "tls-curl-flags" . ) }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" + + echo "Setting maintenance mode on node ${NODE_ID}" + CURL_MAINTENANCE_PUT_CMD="${CURL_MAINTENANCE_PUT_CMD_PREFIX} {{ include "admin-tls-curl-flags" . }} ${CURL_URL}/v1/brokers/${NODE_ID}/maintenance" until [ "${status:-}" = '"200"' ]; do status=$(${CURL_MAINTENANCE_PUT_CMD}) sleep 0.5 done - + until [ "${finished:-}" = "true" ] || [ "${draining:-}" = "false" ]; do res=$(${CURL_MAINTENANCE_GET_CMD}) finished=$(echo $res | grep -o '\"finished\":[^,}]*' | grep -o '[^: ]*$') @@ -75,3 +92,28 @@ stringData: sleep 0.5 done {{- end }} +{{- if and (not (empty .Values.auth.sasl.secretRef)) (and .Values.auth.sasl.enabled .Values.auth.sasl.users) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.auth.sasl.secretRef | quote }} + namespace: {{ .Release.Namespace | quote }} + labels: + helm.sh/chart: {{ template "redpanda.chart" . }} + app.kubernetes.io/name: {{ template "redpanda.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/component: {{ template "redpanda.name" . }} +type: Opaque +stringData: + users.txt: |- + {{- range $user := .Values.auth.sasl.users }} + {{- if not (empty $user.mechanism) }} + {{ printf "%s:%s:%s" $user.name $user.password $user.mechanism }} + {{- else }} + {{ printf "%s:%s" $user.name $user.password}} + {{- end }} + {{- end }} + # intentional empty line +{{- end }} \ No newline at end of file diff --git a/charts/redpanda/redpanda/templates/services.nodeport.yaml b/charts/redpanda/redpanda/templates/services.nodeport.yaml index ebc1b7a22..33f9f0d2b 100644 --- a/charts/redpanda/redpanda/templates/services.nodeport.yaml +++ b/charts/redpanda/redpanda/templates/services.nodeport.yaml @@ -68,7 +68,7 @@ spec: {{- if $enabled }} - name: schema-{{ $name }} protocol: TCP - port: {{ $values.listeners.schemaRegistry.port }} + port: {{ dig "port" $values.listeners.schemaRegistry.port $listener }} nodePort: {{ dig "nodePort" (first (dig "advertisedPorts" (list $values.listeners.schemaRegistry.port) $listener)) $listener }} {{- end }} {{- end }} diff --git a/charts/redpanda/redpanda/templates/statefulset.yaml b/charts/redpanda/redpanda/templates/statefulset.yaml index 0f59f1f4b..e50f2b36e 100644 --- a/charts/redpanda/redpanda/templates/statefulset.yaml +++ b/charts/redpanda/redpanda/templates/statefulset.yaml @@ -21,6 +21,8 @@ limitations under the License. {{- if $values.external.domain -}} {{- $externalAdvertiseAddress = printf "$(SERVICE_NAME).%s" $values.external.domain -}} {{- end -}} +{{- $uid := dig "podSecurityContext" "runAsUser" .Values.statefulset.securityContext.runAsUser .Values.statefulset -}} +{{- $gid := dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset -}} --- apiVersion: apps/v1 kind: StatefulSet @@ -37,9 +39,7 @@ metadata: {{- end }} spec: selector: - matchLabels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} + matchLabels: {{ (include "statefulset-pod-labels" .) | nindent 6 }} serviceName: {{ template "redpanda.fullname" . }} replicas: {{ .Values.statefulset.replicas | int64 }} updateStrategy: @@ -47,13 +47,8 @@ spec: podManagementPolicy: {{ .Values.statefulset.podManagementPolicy }} template: metadata: - labels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/component: {{ template "redpanda.name" . }} -{{- with .Values.commonLabels }} - {{- toYaml . | nindent 8 }} -{{- end }} + labels: {{ (include "statefulset-pod-labels" .) | nindent 8 }} + redpanda.com/poddisruptionbudget: {{ template "redpanda.name" . }} annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- with $.Values.statefulset.annotations }} @@ -65,8 +60,6 @@ spec: initContainers: - name: set-datadir-ownership image: busybox:latest - {{- $uid := dig "podSecurityContext" "runAsUser" .Values.statefulset.securityContext.runAsUser .Values.statefulset }} - {{- $gid := dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset }} command: ["/bin/sh", "-c", "chown {{ $uid }}:{{ $gid }} -R /var/lib/redpanda/data"] volumeMounts: - name: datadir @@ -74,14 +67,12 @@ spec: {{- if and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled }} - name: set-tiered-storage-cache-dir-ownership image: busybox:latest - {{- $uid := dig "podSecurityContext" "runAsUser" .Values.statefulset.securityContext.runAsUser .Values.statefulset }} - {{- $gid := dig "podSecurityContext" "fsGroup" .Values.statefulset.securityContext.fsGroup .Values.statefulset }} command: ["/bin/sh", "-c", 'chown {{ $uid }}:{{ $gid }} -R {{ template "tieredStorage.cacheDirectory" . }}'] volumeMounts: - name: tiered-storage-dir mountPath: {{ template "tieredStorage.cacheDirectory" . }} {{- end }} - - name: {{ template "redpanda.name" . }}-configurator + - name: {{ (include "redpanda.name" .) | trunc 51 }}-configurator image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} command: ["/bin/bash", "-c"] env: @@ -331,7 +322,7 @@ spec: {{- if gt ( .Values.statefulset.replicas | int64 ) 2 }} - name: lifecycle-scripts secret: - secretName: {{ template "redpanda.fullname" . }}-sts-lifecycle + secretName: {{ (include "redpanda.fullname" . | trunc 50 ) }}-sts-lifecycle defaultMode: 0774 {{- end }} - name: datadir @@ -394,18 +385,14 @@ spec: requiredDuringSchedulingIgnoredDuringExecution: - topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} + matchLabels: {{ include "statefulset-pod-labels" . | nindent 18 }} {{- else if eq .Values.statefulset.podAntiAffinity.type "soft" }} preferredDuringSchedulingIgnoredDuringExecution: - weight: {{ .Values.statefulset.podAntiAffinity.weight | int64 }} podAffinityTerm: topologyKey: {{ .Values.statefulset.podAntiAffinity.topologyKey }} labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} + matchLabels: {{ include "statefulset-pod-labels" . | nindent 20 }} {{- end }} {{- else }} {{- toYaml .Values.statefulset.podAntiAffinity | nindent 10 }} @@ -415,23 +402,21 @@ spec: {{- if semverCompare ">=1.16-0" .Capabilities.KubeVersion.GitVersion }} topologySpreadConstraints: - labelSelector: - matchLabels: - app.kubernetes.io/name: {{ template "redpanda.name" . }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} + matchLabels: {{ include "statefulset-pod-labels" . | nindent 12 }} {{- with .Values.statefulset.topologySpreadConstraints }} maxSkew: {{ .maxSkew }} topologyKey: {{ .topologyKey }} whenUnsatisfiable: {{ .whenUnsatisfiable }} {{- end }} {{- end }} -{{- with .Values.statefulset.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} +{{- with ( include "statefulset-nodeSelectors" . ) }} + nodeSelector: {{- . | nindent 8 }} {{- end }} {{- if .Values.statefulset.priorityClassName }} priorityClassName: {{ .Values.statefulset.priorityClassName }} {{- end }} -{{- with .Values.statefulset.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} +{{- with ( include "statefulset-tolerations" . ) }} + tolerations: {{- . | nindent 8 }} {{- end }} {{- if or .Values.storage.persistentVolume.enabled (and (include "is-licensed" . | fromJson).bool .Values.storage.tieredConfig.cloud_storage_enabled .Values.storage.tieredStoragePersistentVolume.enabled) }} volumeClaimTemplates: diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml index 12e035d1d..5a587c1a5 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-internal-tls-status.yaml @@ -14,7 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} +{{- if and (include "kafka-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} apiVersion: v1 kind: Pod metadata: @@ -44,18 +44,32 @@ spec: - /bin/bash - -c - > + {{- $service := .Values.listeners.kafka -}} + {{- $cert := get .Values.tls.certs $service.tls.cert }} + {{- if (include "kafka-internal-tls-enabled" . | fromJson).bool }} rpk cluster info --brokers {{ include "redpanda.fullname" .}}-0.{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.kafka.port }} - --tls-enabled --tls-truststore /etc/tls/certs/{{ .Values.listeners.kafka.tls.cert }}/ca.crt + --tls-enabled + {{- if $cert.caEnabled }} + --tls-truststore /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- else }} + {{- /* This is a required field so we use the default in the redpanda debian container */}} + --tls-truststore /etc/ssl/certs/ca-certificates.crt + {{- end }} + {{- end }} + resources: +{{- toYaml .Values.statefulset.resources | nindent 12 }} volumeMounts: + - name: {{ template "redpanda.fullname" . }} + mountPath: /tmp/base-config - name: config mountPath: /etc/redpanda +{{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} - resources: -{{- toYaml .Values.statefulset.resources | nindent 12 }} +{{- end }} volumes: - name: {{ template "redpanda.fullname" . }} configMap: diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml index 1bb9d2e2e..232960e7a 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-produce-consume.yaml @@ -14,6 +14,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} +{{- $sasl := .Values.auth.sasl }} apiVersion: batch/v1 kind: Job metadata: @@ -47,7 +48,7 @@ spec: image: {{ .Values.image.repository}}:{{ template "redpanda.tag" . }} env: - name: REDPANDA_BROKERS - value: "{{ include "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.listeners.kafka.port }}" + value: "{{ include "redpanda.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain | trimSuffix "." }}:{{ .Values.listeners.kafka.port }}" - name: POD_NAME valueFrom: fieldRef: @@ -57,9 +58,11 @@ spec: - -c - | set -e + {{- if and (not $sasl.enabled) (and $sasl.enabled (not (empty $sasl.secretRef ))) }} rpk topic create produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} echo "Pandas are awesome!" | rpk topic produce produce.consume.test.$POD_NAME {{ include "rpk-topic-flags" . }} rpk topic consume produce.consume.test.$POD_NAME -n 1 {{ include "rpk-topic-flags" . }} | grep "Pandas are awesome!" + {{- end }} volumeMounts: - name: config mountPath: /etc/redpanda @@ -69,6 +72,11 @@ spec: mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} {{- end }} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + mountPath: "/etc/secrets/users" + readOnly: true + {{- end}} resources: {{ toYaml .Values.statefulset.resources | nindent 12 }} volumes: - name: {{ template "redpanda.fullname" . }} @@ -76,6 +84,12 @@ spec: name: {{ template "redpanda.fullname" . }} - name: config emptyDir: {} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + secret: + secretName: {{ $sasl.secretRef }} + optional: false + {{- end }} {{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert diff --git a/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml b/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml index bb9a153bf..3248ee288 100644 --- a/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-kafka-sasl-status.yaml @@ -18,6 +18,7 @@ limitations under the License. {{- $testTopicFlags := mustRegexReplaceAll "--user \\S+ " (include "rpk-topic-flags" . ) "--user myuser" }} {{- $testTopicFlags := mustRegexReplaceAll "--password \\S+ " $testTopicFlags "--password changeme" }} {{- $rpk := deepCopy . }} +{{- $sasl := .Values.auth.sasl }} {{- $_ := set $rpk "rpk" "rpk" }} apiVersion: v1 kind: Pod @@ -48,17 +49,20 @@ spec: - /bin/bash - -c - | + set -xe + {{- if and (not $sasl.enabled) (and $sasl.enabled (not (empty $sasl.secretRef ))) }} rpk acl user delete myuser {{ include "rpk-common-flags" . }} sleep 3 - set -e - {{ include "rpk-cluster-info" $rpk }} - {{ include "rpk-acl-user-create" $rpk }} - {{ include "rpk-acl-create" $rpk }} + + {{ include "rpk-cluster-info-no-dummy-sasl" $rpk }} + {{ include "rpk-acl-user-create-no-dummy-sasl" $rpk }} + {{ include "rpk-acl-create-no-dummy-sasl" $rpk }} sleep 3 - {{ include "rpk-topic-create" $rpk }} - {{ include "rpk-topic-describe" $rpk }} - {{ include "rpk-topic-delete" $rpk }} + {{ include "rpk-topic-create-no-dummy-sasl" $rpk }} + {{ include "rpk-topic-describe-no-dummy-sasl" $rpk }} + {{ include "rpk-topic-delete-no-dummy-sasl" $rpk }} rpk acl user delete myuser {{ include "rpk-common-flags" . }} + {{- end }} volumeMounts: - name: config mountPath: /etc/redpanda @@ -68,6 +72,11 @@ spec: mountPath: {{ printf "/etc/tls/certs/%s" $name }} {{- end }} {{- end }} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + mountPath: "/etc/secrets/users" + readOnly: true + {{- end}} resources: {{- toYaml .Values.statefulset.resources | nindent 12 }} volumes: @@ -76,6 +85,12 @@ spec: name: {{ template "redpanda.fullname" . }} - name: config emptyDir: {} + {{- if and $sasl.enabled (not (empty $sasl.secretRef )) }} + - name: {{ $sasl.secretRef }} + secret: + secretName: {{ $sasl.secretRef }} + optional: false + {{- end }} {{- if (include "tls-enabled" . | fromJson).bool }} {{- range $name, $cert := .Values.tls.certs }} - name: redpanda-{{ $name }}-cert diff --git a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml index 8be2630cd..bee1b24d6 100644 --- a/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-pandaproxy-internal-tls-status.yaml @@ -14,7 +14,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} +{{- if and (include "http-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" . | fromJson).bool) -}} +{{- $service := .Values.listeners.http -}} +{{- $cert := get .Values.tls.certs $service.tls.cert -}} apiVersion: v1 kind: Pod metadata: @@ -44,8 +46,10 @@ spec: - curl - -svm3 - --ssl-reqd + {{- if $cert.caEnabled }} - --cacert - - /etc/tls/certs/{{ .Values.listeners.admin.tls.cert }}/ca.crt + - /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- end }} - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.http.port }}/brokers volumeMounts: - name: config diff --git a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml index c113834af..e94a431dc 100644 --- a/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml +++ b/charts/redpanda/redpanda/templates/tests/test-schemaregistry-internal-tls-status.yaml @@ -14,7 +14,9 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */}} -{{- if and (include "tls-enabled" . | fromJson).bool (not (include "sasl-enabled" .|fromJson).bool) }} +{{- if and (include "schemaRegistry-internal-tls-enabled" . | fromJson).bool (not (include "sasl-enabled" .|fromJson).bool) }} +{{- $service := .Values.listeners.schemaRegistry -}} +{{- $cert := get .Values.tls.certs $service.tls.cert -}} apiVersion: v1 kind: Pod metadata: @@ -44,8 +46,10 @@ spec: - curl - -svm3 - --ssl-reqd + {{- if $cert.caEnabled }} - --cacert - - /etc/tls/certs/{{ .Values.listeners.schemaRegistry.tls.cert }}/ca.crt + - /etc/tls/certs/{{ $service.tls.cert }}/ca.crt + {{- end }} - https://{{ include "redpanda.internal.domain" . }}:{{ .Values.listeners.schemaRegistry.port }}/subjects volumeMounts: - name: config diff --git a/charts/redpanda/redpanda/values.schema.json b/charts/redpanda/redpanda/values.schema.json index 0b7f13518..002e6ada5 100644 --- a/charts/redpanda/redpanda/values.schema.json +++ b/charts/redpanda/redpanda/values.schema.json @@ -5,6 +5,24 @@ "image" ], "properties": { + "nameOverride": { + "type": "string" + }, + "fullnameOverride": { + "type": "string" + }, + "clusterDomain": { + "type": "string" + }, + "commonLabels": { + "type": "object" + }, + "nodeSelector": { + "type": "object" + }, + "tolerations": { + "type": "array" + }, "image": { "description": "Values used to define the container image to be used for Redpanda", "type": "object", @@ -72,65 +90,34 @@ "sasl": { "type": "object", "required": [ - "enabled", - "users" + "enabled" ], - "if": { - "properties": { - "enabled": { - "enum": [ - true - ] - } - } - }, - "then": { - "properties": { - "enabled": { - "type": "boolean" - }, - "users": { - "type": "array", - "minItems": 1, - "items": { - "properties": { - "name": { - "type": "string" - }, - "password": { - "type": "string" - }, - "mechanism": { - "type": "string", - "pattern": "^(SCRAM-SHA-512|SCRAM-SHA-256)$" - } + "properties": { + "enabled": { + "type": "boolean" + }, + "mechanism": { + "type": "string" + }, + "secretRef": { + "type": "string" + }, + "users": { + "type": "array", + "minItems": 0, + "items": { + "properties": { + "name": { + "type": "string" }, - "oneOf": [ - { - "required": [ - "name", - "password" - ] - }, - { - "required": [ - "name", - "secretName" - ] - } - ] + "password": { + "type": "string" + }, + "mechanism": { + "type": "string", + "pattern": "^(SCRAM-SHA-512|SCRAM-SHA-256)$" + } } - }, - "mechanism": { - "type": "string", - "pattern": "^(SCRAM-SHA-512|SCRAM-SHA-256)$" - } - } - }, - "else": { - "properties": { - "enabled": { - "type": "boolean" } } } diff --git a/charts/redpanda/redpanda/values.yaml b/charts/redpanda/redpanda/values.yaml index c084a56f0..3d01f539e 100644 --- a/charts/redpanda/redpanda/values.yaml +++ b/charts/redpanda/redpanda/values.yaml @@ -33,6 +33,13 @@ clusterDomain: cluster.local # Additional labels added to all Kubernetes objects commonLabels: {} +# Node selection constraints for scheduling Pods, can override this for statefulsets. +# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} +# Taints to be tolerated by Pods, can override this for statefulsets. +# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: [] + # Redpanda parameters # image: @@ -58,27 +65,30 @@ rackAwareness: # this if you have your own custom Node annotation to use instead. nodeAnnotation: topology.kubernetes.io/zone -# # Authentication auth: - # # SASL configuration sasl: + # When enabling SASL, you are required to have a secret available and referenced in secretRef enabled: false - # user list - # TODO create user at startup - users: - - name: admin - # Password for the user. This will be used to generate a secret - # password: password - # If password isn't given, then the secretName must point to an already existing secret - # secretName: adminPassword - # if the mecanism is unspecified, it defaults to .Values.auth.sasl.mechanism - # mechanism: SCRAM-SHA-512 # if unspecified, mechanism defaults to SCRAM-SHA-512 - # mechanism: SCRAM-SHA-512 + mechanism: SCRAM-SHA-512 + # A secret is expected to exist to contain a file with users in the following format: + # :: + # You can create these users in the following way: + # create a file with one entry per line in the following format: + # :: + # Ensure there is an empty line at the end of the file. + # kubectl -n redpanda create secret generic my-users --from-file=users.txt + # Then secretRef is required, regardless if created a users list (below) or not + secretRef: "redpanda-users" + # optional list of users + # If not an empty list, these users will be created in a secret whose name is defined in "secretRef" + users: + - name: admin + password: change-me + mechanism: SCRAM-SHA-512 -# # TLS configuration tls: # Enable global TLS, which turns on TLS by default for all listeners @@ -484,12 +494,14 @@ statefulset: # Does not apply for other anti-affinity types. weight: 100 # Node selection constraints for scheduling Pods of this StatefulSet. + # these override the global nodeSelector value # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} # PriorityClassName given to Pods of this StatefulSet # https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass priorityClassName: "" # Taints to be tolerated by Pods of this StatefulSet. + # these override the global tolerations value # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: [] # https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ @@ -636,6 +648,7 @@ listeners: external: default: # enabled: true + port: 8084 advertisedPorts: - 30081 diff --git a/charts/speedscale/speedscale-operator/Chart.yaml b/charts/speedscale/speedscale-operator/Chart.yaml index b2e64d92b..bcf211a86 100644 --- a/charts/speedscale/speedscale-operator/Chart.yaml +++ b/charts/speedscale/speedscale-operator/Chart.yaml @@ -4,7 +4,7 @@ annotations: catalog.cattle.io/kube-version: '>= 1.17.0-0' catalog.cattle.io/release-name: speedscale-operator apiVersion: v1 -appVersion: 1.2.267 +appVersion: 1.2.296 description: Stress test your APIs with real world scenarios. Collect and replay traffic without scripting. home: https://speedscale.com @@ -24,4 +24,4 @@ maintainers: - email: support@speedscale.com name: Speedscale Support name: speedscale-operator -version: 1.2.18 +version: 1.2.20 diff --git a/charts/speedscale/speedscale-operator/README.md b/charts/speedscale/speedscale-operator/README.md index 4768e57ba..a051f2333 100644 --- a/charts/speedscale/speedscale-operator/README.md +++ b/charts/speedscale/speedscale-operator/README.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.2.18 +### Upgrade to 1.2.20 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.18/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.20/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/app-readme.md b/charts/speedscale/speedscale-operator/app-readme.md index 4768e57ba..a051f2333 100644 --- a/charts/speedscale/speedscale-operator/app-readme.md +++ b/charts/speedscale/speedscale-operator/app-readme.md @@ -101,10 +101,10 @@ _See [helm upgrade](https://helm.sh/docs/helm/helm_upgrade/) for command documen A major chart version change (like v1.2.3 -> v2.0.0) indicates that there is an incompatible breaking change needing manual actions. -### Upgrade to 1.2.18 +### Upgrade to 1.2.20 ```bash -kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.18/templates/crds/trafficreplays.yaml +kubectl apply --server-side -f https://raw.githubusercontent.com/speedscale/operator-helm/main/1.2.20/templates/crds/trafficreplays.yaml ``` ### Upgrade to 1.1.0 diff --git a/charts/speedscale/speedscale-operator/values.yaml b/charts/speedscale/speedscale-operator/values.yaml index bdf3ac4ab..9d491195d 100644 --- a/charts/speedscale/speedscale-operator/values.yaml +++ b/charts/speedscale/speedscale-operator/values.yaml @@ -20,7 +20,7 @@ clusterName: "my-cluster" # Speedscale components image settings. image: registry: gcr.io/speedscale - tag: v1.2.267 + tag: v1.2.296 pullPolicy: Always # Log level for Speedscale components. diff --git a/charts/yugabyte/yugabyte/Chart.yaml b/charts/yugabyte/yugabyte/Chart.yaml index a3099ceb4..52b49a383 100644 --- a/charts/yugabyte/yugabyte/Chart.yaml +++ b/charts/yugabyte/yugabyte/Chart.yaml @@ -4,17 +4,17 @@ annotations: catalog.cattle.io/kube-version: '>=1.18-0' catalog.cattle.io/release-name: yugabyte apiVersion: v1 -appVersion: 2.14.6.0-b30 +appVersion: 2.16.1.0-b50 description: YugabyteDB is the high-performance distributed SQL database for building global, internet-scale apps. home: https://www.yugabyte.com icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 maintainers: -- email: ram@yugabyte.com - name: Ram Sri -- email: arnav@yugabyte.com - name: Arnav Agarwal +- email: sanketh@yugabyte.com + name: Sanketh Indarapu +- email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla name: yugabyte sources: - https://github.com/yugabyte/yugabyte-db -version: 2.14.6 +version: 2.16.1 diff --git a/charts/yugabyte/yugabyte/app-readme.md b/charts/yugabyte/yugabyte/app-readme.md index 151383309..415d3a539 100644 --- a/charts/yugabyte/yugabyte/app-readme.md +++ b/charts/yugabyte/yugabyte/app-readme.md @@ -1 +1 @@ -This chart bootstraps an RF3 Yugabyte DB version 2.14.6.0-b30 cluster using the Helm Package Manager. +This chart bootstraps an RF3 YugabyteDB version 2.16.1.0-b50 cluster using the Helm Package Manager. diff --git a/charts/yugabyte/yugabyte/generate_kubeconfig.py b/charts/yugabyte/yugabyte/generate_kubeconfig.py index b974c0f2d..3e2e1d5d7 100644 --- a/charts/yugabyte/yugabyte/generate_kubeconfig.py +++ b/charts/yugabyte/yugabyte/generate_kubeconfig.py @@ -11,84 +11,177 @@ from sys import exit import json import base64 import tempfile +import time +import os.path -def run_command(command_args, namespace=None, as_json=True): - command = ['kubectl'] +def run_command(command_args, namespace=None, as_json=True, log_command=True): + command = ["kubectl"] if namespace: - command.extend(['--namespace', namespace]) + command.extend(["--namespace", namespace]) command.extend(command_args) if as_json: - command.extend(['-o', 'json']) - return json.loads(check_output(command)) + command.extend(["-o", "json"]) + if log_command: + print("Running command: {}".format(" ".join(command))) + output = check_output(command) + if as_json: + return json.loads(output) else: - return check_output(command).decode('utf8') + return output.decode("utf8") -parser = argparse.ArgumentParser(description='Generate KubeConfig with Token') -parser.add_argument('-s', '--service_account', help='Service Account name', required=True) -parser.add_argument('-n', '--namespace', help='Kubernetes namespace', default='kube-system') -parser.add_argument('-c', '--context', help='kubectl context') +def create_sa_token_secret(directory, sa_name, namespace): + """Creates a service account token secret for sa_name in + namespace. Returns the name of the secret created. + + Ref: + https://k8s.io/docs/concepts/configuration/secret/#service-account-token-secrets + + """ + token_secret = { + "apiVersion": "v1", + "data": { + "do-not-delete-used-for-yugabyte-anywhere": "MQ==", + }, + "kind": "Secret", + "metadata": { + "annotations": { + "kubernetes.io/service-account.name": sa_name, + }, + "name": sa_name, + }, + "type": "kubernetes.io/service-account-token", + } + token_secret_file_name = os.path.join(directory, "token_secret.yaml") + with open(token_secret_file_name, "w") as token_secret_file: + json.dump(token_secret, token_secret_file) + run_command(["apply", "-f", token_secret_file_name], namespace) + return sa_name + + +def get_secret_data(secret, namespace): + """Returns the secret in JSON format if it has ca.crt and token in + it, else returns None. It retries 3 times with 1 second timeout + for the secret to be populated with this data. + + """ + secret_data = None + num_retries = 5 + timeout = 2 + while True: + secret_json = run_command(["get", "secret", secret], namespace) + if "ca.crt" in secret_json["data"] and "token" in secret_json["data"]: + secret_data = secret_json + break + + num_retries -= 1 + if num_retries == 0: + break + print( + "Secret '{}' is not populated. Sleep {}s, ({} retries left)".format( + secret, timeout, num_retries + ) + ) + time.sleep(timeout) + return secret_data + + +parser = argparse.ArgumentParser(description="Generate KubeConfig with Token") +parser.add_argument("-s", "--service_account", help="Service Account name", required=True) +parser.add_argument("-n", "--namespace", help="Kubernetes namespace", default="kube-system") +parser.add_argument("-c", "--context", help="kubectl context") +parser.add_argument("-o", "--output_file", help="output file path") args = vars(parser.parse_args()) # if the context is not provided we use the current-context -context = args['context'] +context = args["context"] if context is None: - context = run_command(['config', 'current-context'], - args['namespace'], as_json=False) + context = run_command(["config", "current-context"], args["namespace"], as_json=False) -cluster_attrs = run_command(['config', 'get-contexts', context.strip(), - '--no-headers'], args['namespace'], as_json=False) +cluster_attrs = run_command( + ["config", "get-contexts", context.strip(), "--no-headers"], args["namespace"], as_json=False +) cluster_name = cluster_attrs.strip().split()[2] -endpoint = run_command(['config', 'view', '-o', - 'jsonpath="{.clusters[?(@.name =="' + - cluster_name + '")].cluster.server}"'], - args['namespace'], as_json=False) -service_account_info = run_command(['get', 'sa', args['service_account']], - args['namespace']) +endpoint = run_command( + [ + "config", + "view", + "-o", + 'jsonpath="{.clusters[?(@.name =="' + cluster_name + '")].cluster.server}"', + ], + args["namespace"], + as_json=False, +) +service_account_info = run_command(["get", "sa", args["service_account"]], args["namespace"]) + +tmpdir = tempfile.TemporaryDirectory() + +# Get the token and ca.crt from service account secret. +sa_secrets = list() +# Kubernetes 1.22 onwards doesn't create a token secret, so we create +# it ourselves. +if "secrets" not in service_account_info: + token_secret = create_sa_token_secret(tmpdir.name, args["service_account"], args["namespace"]) + sa_secrets.append(token_secret) +else: + # some ServiceAccounts have multiple secrets, and not all them have a + # ca.crt and a token. + sa_secrets = [secret["name"] for secret in service_account_info["secrets"]] -# some ServiceAccounts have multiple secrets, and not all them have a -# ca.crt and a token. -sa_secrets = [secret['name'] for secret in service_account_info['secrets']] secret_data = None for secret in sa_secrets: - secret_json = run_command(['get', 'secret', secret], args['namespace']) - if 'ca.crt' not in secret_json['data'] and 'token' not in secret_json['data']: - continue - secret_data = secret_json + secret_data = get_secret_data(secret, args["namespace"]) + if secret_data is not None: + break if secret_data is None: - exit("No usable secret found for '{}'.".format(args['service_account'])) + exit("No usable secret found for '{}'.".format(args["service_account"])) -context_name = '{}-{}'.format(args['service_account'], cluster_name) -kube_config = '/tmp/{}.conf'.format(args['service_account']) +context_name = "{}-{}".format(args["service_account"], cluster_name) +kube_config = args["output_file"] +if not kube_config: + kube_config = "/tmp/{}.conf".format(args["service_account"]) -with tempfile.NamedTemporaryFile() as ca_crt_file: - ca_crt = base64.b64decode(secret_data['data']['ca.crt']) - ca_crt_file.write(ca_crt) - ca_crt_file.flush() - # create kubeconfig entry - set_cluster_cmd = ['config', 'set-cluster', cluster_name, - '--kubeconfig={}'.format(kube_config), - '--server={}'.format(endpoint.strip('"')), - '--embed-certs=true', - '--certificate-authority={}'.format(ca_crt_file.name)] - run_command(set_cluster_cmd, as_json=False) -user_token = base64.b64decode(secret_data['data']['token']).decode('utf-8') -set_credentials_cmd = ['config', 'set-credentials', context_name, - '--token={}'.format(user_token), - '--kubeconfig={}'.format(kube_config)] -run_command(set_credentials_cmd, as_json=False) +ca_crt_file_name = os.path.join(tmpdir.name, "ca.crt") +ca_crt_file = open(ca_crt_file_name, "wb") +ca_crt_file.write(base64.b64decode(secret_data["data"]["ca.crt"])) +ca_crt_file.close() -set_context_cmd = ['config', 'set-context', context_name, - '--cluster={}'.format(cluster_name), - '--user={}'.format(context_name), - '--kubeconfig={}'.format(kube_config)] +# create kubeconfig entry +set_cluster_cmd = [ + "config", + "set-cluster", + cluster_name, + "--kubeconfig={}".format(kube_config), + "--server={}".format(endpoint.strip('"')), + "--embed-certs=true", + "--certificate-authority={}".format(ca_crt_file_name), +] +run_command(set_cluster_cmd, as_json=False) + +user_token = base64.b64decode(secret_data["data"]["token"]).decode("utf-8") +set_credentials_cmd = [ + "config", + "set-credentials", + context_name, + "--token={}".format(user_token), + "--kubeconfig={}".format(kube_config), +] +run_command(set_credentials_cmd, as_json=False, log_command=False) + +set_context_cmd = [ + "config", + "set-context", + context_name, + "--cluster={}".format(cluster_name), + "--user={}".format(context_name), + "--kubeconfig={}".format(kube_config), +] run_command(set_context_cmd, as_json=False) -use_context_cmd = ['config', 'use-context', context_name, - '--kubeconfig={}'.format(kube_config)] +use_context_cmd = ["config", "use-context", context_name, "--kubeconfig={}".format(kube_config)] run_command(use_context_cmd, as_json=False) print("Generated the kubeconfig file: {}".format(kube_config)) diff --git a/charts/yugabyte/yugabyte/questions.yaml b/charts/yugabyte/yugabyte/questions.yaml index c88fd43c0..6befa49e1 100644 --- a/charts/yugabyte/yugabyte/questions.yaml +++ b/charts/yugabyte/yugabyte/questions.yaml @@ -16,7 +16,7 @@ questions: label: YugabyteDB image repository description: "YugabyteDB image repository" - variable: Image.tag - default: "2.14.1.0-b36" + default: "2.5.1.0-b153" required: true type: string label: YugabyteDB image tag diff --git a/charts/yugabyte/yugabyte/templates/_helpers.tpl b/charts/yugabyte/yugabyte/templates/_helpers.tpl index 460d711fe..72275d3d9 100644 --- a/charts/yugabyte/yugabyte/templates/_helpers.tpl +++ b/charts/yugabyte/yugabyte/templates/_helpers.tpl @@ -26,7 +26,7 @@ Generate common labels. {{- define "yugabyte.labels" }} heritage: {{ .Values.helm2Legacy | ternary "Tiller" (.Release.Service | quote) }} release: {{ .Release.Name | quote }} -chart: {{ .Values.oldNamingStyle | ternary .Chart.Name (include "yugabyte.chart" .) | quote }} +chart: {{ .Chart.Name | quote }} component: {{ .Values.Component | quote }} {{- if .Values.commonLabels}} {{ toYaml .Values.commonLabels }} @@ -122,10 +122,18 @@ Generate server FQDN. {{- define "yugabyte.server_fqdn" -}} {{- if (and .Values.istioCompatibility.enabled .Values.multicluster.createServicePerPod) -}} {{- printf "$(HOSTNAME).$(NAMESPACE).svc.%s" .Values.domainName -}} + {{- else if (and .Values.oldNamingStyle .Values.multicluster.createServiceExports) -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s.$(NAMESPACE).svc.clusterset.local" $membershipName .Service.name -}} {{- else if .Values.oldNamingStyle -}} - {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} + {{- printf "$(HOSTNAME).%s.$(NAMESPACE).svc.%s" .Service.name .Values.domainName -}} {{- else -}} - {{- printf "$(HOSTNAME).%s-%s.$(NAMESPACE).svc.%s" (include "yugabyte.fullname" .) .Service.name .Values.domainName -}} + {{- if .Values.multicluster.createServiceExports -}} + {{ $membershipName := required "A valid membership name is required! Please set multicluster.kubernetesClusterId" .Values.multicluster.kubernetesClusterId }} + {{- printf "$(HOSTNAME).%s.%s-%s.$(NAMESPACE).svc.clusterset.local" $membershipName (include "yugabyte.fullname" .) .Service.name -}} + {{- else -}} + {{- printf "$(HOSTNAME).%s-%s.$(NAMESPACE).svc.%s" (include "yugabyte.fullname" .) .Service.name .Values.domainName -}} + {{- end -}} {{- end -}} {{- end -}} @@ -140,7 +148,7 @@ Generate server broadcast address. Generate server RPC bind address. */}} {{- define "yugabyte.rpc_bind_address" -}} - {{- if .Values.istioCompatibility.enabled -}} + {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports -}} 0.0.0.0:{{ index .Service.ports "tcp-rpc-port" -}} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} @@ -158,7 +166,7 @@ Generate server web interface. Generate server CQL proxy bind address. */}} {{- define "yugabyte.cql_proxy_bind_address" -}} - {{- if .Values.istioCompatibility.enabled -}} + {{- if or .Values.istioCompatibility.enabled .Values.multicluster.createServiceExports -}} 0.0.0.0:{{ index .Service.ports "tcp-yql-port" -}} {{- else -}} {{- include "yugabyte.server_fqdn" . -}} @@ -203,10 +211,10 @@ Compute the maximum number of unavailable pods based on the number of master rep Set consistent issuer name. */}} {{- define "yugabyte.tls_cm_issuer" -}} - {{- if .Values.tls.certManager.useClusterIssuer -}} - {{ .Values.tls.certManager.clusterIssuer }} - {{- else -}} + {{- if .Values.tls.certManager.bootstrapSelfsigned -}} {{ .Values.oldNamingStyle | ternary "yugabyte-selfsigned" (printf "%s-selfsigned" (include "yugabyte.fullname" .)) }} + {{- else -}} + {{ .Values.tls.certManager.useClusterIssuer | ternary .Values.tls.certManager.clusterIssuer .Values.tls.certManager.issuer}} {{- end -}} {{- end -}} diff --git a/charts/yugabyte/yugabyte/templates/certificates.yaml b/charts/yugabyte/yugabyte/templates/certificates.yaml index f8dd4acb5..5c7814de4 100644 --- a/charts/yugabyte/yugabyte/templates/certificates.yaml +++ b/charts/yugabyte/yugabyte/templates/certificates.yaml @@ -1,7 +1,7 @@ {{- $root := . -}} --- {{- if $root.Values.tls.certManager.enabled }} -{{- if not $root.Values.tls.certManager.useClusterIssuer }} +{{- if $root.Values.tls.certManager.bootstrapSelfsigned }} --- apiVersion: cert-manager.io/v1 kind: Issuer @@ -37,13 +37,38 @@ spec: ca: secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-ca" (printf "%s-ca" (include "yugabyte.fullname" $root)) }} --- +{{- else }} +{{/* when bootstrapSelfsigned = false, ie. when using an external CA. +Create a Secret with just the rootCA.cert value and mount into master/tserver pods. +This will be used as a fall back in case the Secret generated by cert-manager does not +have a root ca.crt. This can happen for certain certificate issuers like LetsEncrypt. +*/}} +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + namespace: "{{ $root.Release.Namespace }}" + labels: + {{- include "yugabyte.labels" $root | indent 4 }} +type: Opaque +data: + ca.crt: {{ $root.Values.tls.rootCA.cert }} +--- {{- end }} +{{/* +The below Certificate resource will trigger cert-manager to issue crt/key into Secrets. +These secrets are mounted into master/tserver pods. +*/}} {{- range .Values.Services }} {{- $service := . -}} {{- $appLabelArgs := dict "label" .label "root" $root -}} {{- $serviceValues := (dict "Service" $service "Values" $root.Values "Chart" $root.Chart "Release" $root.Release) -}} +{{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} + +{{- if (gt (int $replicas) 0) }} --- apiVersion: cert-manager.io/v1 kind: Certificate @@ -65,18 +90,17 @@ spec: secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" $service.label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) $service.label) }} duration: {{ $root.Values.tls.certManager.certificates.duration | quote }} renewBefore: {{ $root.Values.tls.certManager.certificates.renewBefore | quote }} - commonName: yugabyte-{{ .name }} isCA: false privateKey: algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} encoding: PKCS8 size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always usages: - server auth - client auth # At least one of a DNS Name, URI, or IP address is required. dnsNames: - {{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} {{- range $index := until ( int ( $replicas ) ) }} {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} @@ -87,6 +111,7 @@ spec: ipAddresses: [] --- {{- end }} +{{- end }} --- apiVersion: cert-manager.io/v1 @@ -114,6 +139,7 @@ spec: algorithm: {{ $root.Values.tls.certManager.certificates.algorithm | quote }} encoding: PKCS8 size: {{ $root.Values.tls.certManager.certificates.keySize }} + rotationPolicy: Always usages: - client auth dnsNames: [] diff --git a/charts/yugabyte/yugabyte/templates/multi-cluster-services/gke/service-export.yaml b/charts/yugabyte/yugabyte/templates/multi-cluster-services/gke/service-export.yaml new file mode 100644 index 000000000..270cb9ab2 --- /dev/null +++ b/charts/yugabyte/yugabyte/templates/multi-cluster-services/gke/service-export.yaml @@ -0,0 +1,20 @@ +{{- /* + Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export +*/}} +{{- if .Values.multicluster.createServiceExports }} +kind: ServiceExport +apiVersion: net.gke.io/v1 +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-masters" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-masters") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +--- +kind: ServiceExport +apiVersion: net.gke.io/v1 +metadata: + name: {{ .Values.oldNamingStyle | ternary "yb-tservers" (printf "%s-%s" (include "yugabyte.fullname" .) "yb-tservers") | quote }} + namespace: "{{ .Release.Namespace }}" + labels: + {{- include "yugabyte.labels" . | indent 4 }} +{{ end -}} \ No newline at end of file diff --git a/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml b/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml index a26b39018..681231e29 100644 --- a/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml +++ b/charts/yugabyte/yugabyte/templates/multicluster-multiple-services.yaml @@ -11,6 +11,7 @@ metadata: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} {{- include "yugabyte.labels" $ | indent 4 }} + service-type: "non-endpoint" spec: ports: {{- range $label, $port := $server.ports }} diff --git a/charts/yugabyte/yugabyte/templates/service.yaml b/charts/yugabyte/yugabyte/templates/service.yaml index 697e4776d..8983707f6 100644 --- a/charts/yugabyte/yugabyte/templates/service.yaml +++ b/charts/yugabyte/yugabyte/templates/service.yaml @@ -46,10 +46,27 @@ data: {{- range $index := until ( int ( $replicas ) ) }} {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} + +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $nodeOldStyle = printf "%s-%d.%s.%s.%s.svc.clusterset.local" $service.label $index $root.Values.multicluster.kubernetesClusterId $service.name $root.Release.Namespace }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.%s-%s.%s.svc.clusterset.local" (include "yugabyte.fullname" $root) $service.label $index $root.Values.multicluster.kubernetesClusterId (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace }} +{{- end -}} + +{{- if (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod) -}} + {{- $nodeOldStyle = printf "%s-%d.%s.svc.%s" $service.label $index $root.Release.Namespace $root.Values.domainName }} + {{- $nodeNewStyle = printf "%s-%s-%d.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index $root.Release.Namespace $root.Values.domainName }} +{{- end -}} + {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} {{- if $root.Values.tls.rootCA.key }} {{- $dns1 := printf "*.*.%s" $root.Release.Namespace }} {{- $dns2 := printf "%s.svc.%s" $dns1 $root.Values.domainName }} +{{- if $root.Values.multicluster.createServiceExports -}} + {{- $dns1 = printf "*.*.*.%s.svc.clusterset.local" $root.Release.Namespace }} +{{- end -}} +{{- if (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod) -}} + {{- $dns1 = printf "*.%s.svc.%s" $root.Release.Namespace $root.Values.domainName }} +{{- end -}} {{- $rootCA := buildCustomCert $root.Values.tls.rootCA.cert $root.Values.tls.rootCA.key -}} {{- $server := genSignedCert $node ( default nil ) (list $dns1 $dns2 ) 3650 $rootCA }} node.{{$node}}.crt: {{ $server.Cert | b64enc }} @@ -94,6 +111,7 @@ metadata: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 4 }} {{- include "yugabyte.labels" $root | indent 4 }} + service-type: "endpoint" spec: {{ if eq $root.Release.Service "Tiller" }} clusterIP: @@ -197,6 +215,9 @@ spec: labels: {{- include "yugabyte.applabel" ($appLabelArgs) | indent 8 }} {{- include "yugabyte.labels" $root | indent 8 }} + {{- if $root.Values.istioCompatibility.enabled }} + sidecar.istio.io/inject: "true" + {{- end }} {{- if eq .name "yb-masters" }} {{- with $root.Values.master.podLabels }}{{ toYaml . | nindent 8 }}{{ end }} {{- else }} @@ -214,7 +235,6 @@ spec: nodeSelector: {{ toYaml $root.Values.nodeSelector | indent 8 }} {{- end }} - terminationGracePeriodSeconds: 300 {{- if eq .name "yb-masters" }} # yb-masters {{- if $root.Values.master.tolerations }} tolerations: @@ -226,6 +246,7 @@ spec: {{- with $root.Values.tserver.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} {{- end }} {{- end }} + terminationGracePeriodSeconds: 300 affinity: # Set the anti-affinity selector scope to YB masters. {{ if $root.Values.AZ }} @@ -358,10 +379,13 @@ spec: {{- $rpcPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $rpcDict) -}} {{- if $rpcPreflight -}}{{ $rpcPreflight | nindent 12 }}{{ end -}} {{- $broadcastAddr := include "yugabyte.server_broadcast_address" $serviceValues -}} - {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} - {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} - {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} - {{- if $broadcastPreflight -}}{{ $broadcastPreflight | nindent 12 }}{{ end -}} + {{/* skip bind check for Istio multi-cluster, we cannot/don't bind to service IP */}} + {{- if (not (and $root.Values.istioCompatibility.enabled $root.Values.multicluster.createServicePerPod)) }} + {{- $broadcastPort := index $service.ports "tcp-rpc-port" -}} + {{- $broadcastDict := dict "Addr" $broadcastAddr "Port" $broadcastPort -}} + {{- $broadcastPreflight := include "yugabyte.preflight_check" (set $serviceValues "Preflight" $broadcastDict) -}} + {{- if $broadcastPreflight -}}{{ $broadcastPreflight | nindent 12 }}{{ end -}} + {{- end }} {{- $webserverAddr := include "yugabyte.webserver_interface" $serviceValues -}} {{- $webserverPort := index $service.ports "http-ui" -}} {{- $webserverDict := dict "Addr" $webserverAddr "Port" $webserverPort -}} @@ -372,6 +396,25 @@ spec: else k8s_parent="" fi && \ + {{- if and $root.Values.tls.enabled $root.Values.tls.certManager.enabled }} + echo "Creating ephemeral /opt/certs/yugabyte/ as symlink to persisted /mnt/disk0/certs/" && \ + mkdir -p /mnt/disk0/certs && \ + mkdir -p /opt/certs && \ + ln -s /mnt/disk0/certs /opt/certs/yugabyte && \ + if [[ ! -f /opt/certs/yugabyte/ca.crt ]]; then + echo "Fresh install of /opt/certs/yugabyte/ca.crt" + cp /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt; + fi && \ + cmp -s /home/yugabyte/cert-manager/ca.crt /opt/certs/yugabyte/ca.crt;sameRootCA=$? && \ + if [[ $sameRootCA -eq 0 ]]; then + echo "Refreshing tls certs at /opt/certs/yugabyte/"; + cp /home/yugabyte/cert-manager/tls.crt /opt/certs/yugabyte/node.{{$rpcAddr}}.crt; + cp /home/yugabyte/cert-manager/tls.key /opt/certs/yugabyte/node.{{$rpcAddr}}.key; + chmod 600 /opt/certs/yugabyte/* + else + echo "WARNING: Not refreshing certificates as the root ca.crt has changed" + fi && \ + {{- end }} {{- if eq .name "yb-masters" }} exec ${k8s_parent} /home/yugabyte/bin/yb-master \ {{- if not $root.Values.storage.ephemeral }} @@ -487,7 +530,7 @@ spec: {{- end }} {{- if $root.Values.tls.enabled }} - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} - mountPath: /opt/certs/yugabyte + mountPath: {{ $root.Values.tls.certManager.enabled | ternary "/home/yugabyte/cert-manager" "/opt/certs/yugabyte" }} readOnly: true - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} mountPath: /root/.yugabytedb/ @@ -537,25 +580,24 @@ spec: {{- end }} {{- end }} {{- if $root.Values.tls.enabled }} + {{- if $root.Values.tls.certManager.enabled }} + {{- /* certManager enabled */}} + - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + projected: + sources: + {{- if not $root.Values.tls.certManager.bootstrapSelfsigned }} + - secret: + name: {{ printf "%s-root-ca" (include "yugabyte.fullname" $root) }} + {{- end }} + - secret: + name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} + {{- else }} + {{/* certManager disabled */}} - name: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} secret: secretName: {{ $root.Values.oldNamingStyle | ternary (printf "%s-yugabyte-tls-cert" .label) (printf "%s-%s-tls-cert" (include "yugabyte.fullname" $root) .label) }} - {{- if $root.Values.tls.certManager.enabled }} - items: - {{- $replicas := (eq .name "yb-masters") | ternary $root.Values.replicas.master $root.Values.replicas.tserver -}} - {{- range $index := until ( int ( $replicas ) ) }} - {{- $nodeOldStyle := printf "%s-%d.%s.%s.svc.%s" $service.label $index $service.name $root.Release.Namespace $root.Values.domainName }} - {{- $nodeNewStyle := printf "%s-%s-%d.%s-%s.%s.svc.%s" (include "yugabyte.fullname" $root) $service.label $index (include "yugabyte.fullname" $root) $service.name $root.Release.Namespace $root.Values.domainName }} - {{- $node := $root.Values.oldNamingStyle | ternary $nodeOldStyle $nodeNewStyle }} - - key: tls.crt - path: node.{{$node}}.crt - - key: tls.key - path: node.{{$node}}.key - {{- end }} - - key: ca.crt - path: ca.crt - {{- end }} defaultMode: 256 + {{- end }} - name: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} secret: secretName: {{ $root.Values.oldNamingStyle | ternary "yugabyte-tls-client-cert" (printf "%s-client-tls" (include "yugabyte.fullname" $root)) }} diff --git a/charts/yugabyte/yugabyte/values.yaml b/charts/yugabyte/yugabyte/values.yaml index 1d14fe435..19b8ccf83 100644 --- a/charts/yugabyte/yugabyte/values.yaml +++ b/charts/yugabyte/yugabyte/values.yaml @@ -4,7 +4,7 @@ Component: "yugabytedb" Image: repository: "yugabytedb/yugabyte" - tag: 2.14.6.0-b30 + tag: 2.16.1.0-b50 pullPolicy: IfNotPresent storage: @@ -52,10 +52,14 @@ tls: # Set enabled to true to use cert-manager instead of providing your own rootCA certManager: enabled: false - # Will create own ca certificate and issuer when set to false + # Will create own ca certificate and issuer when set to true + bootstrapSelfsigned: true + # Use ClusterIssuer when set to true, otherwise use Issuer useClusterIssuer: false - # ignored when useClusterIssuer is false + # Name of ClusterIssuer to use when useClusterIssuer is true clusterIssuer: cluster-ca + # Name of Issuer to use when useClusterIssuer is false + issuer: yugabyte-ca certificates: # The lifetime before cert-manager will issue a new certificate. # The re-issued certificates will not be automatically reloaded by the service. @@ -67,10 +71,14 @@ tls: # Or 256, 384 or 521 for ECDSA keySize: 521 - # Will be ignored when certManager.enabled=true + ## When certManager.enabled=false, rootCA.cert and rootCA.key are used to generate TLS certs. + ## When certManager.enabled=true and boostrapSelfsigned=true, rootCA is ignored. + ## When certManager.enabled=true and bootstrapSelfsigned=false, only rootCA.cert is used + ## to verify TLS certs generated and signed by the external provider. rootCA: cert: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM2VENDQWRHZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFXTVJRd0VnWURWUVFERXd0WmRXZGgKWW5sMFpTQkVRakFlRncweE9UQXlNRGd3TURRd01qSmFGdzB5T1RBeU1EVXdNRFF3TWpKYU1CWXhGREFTQmdOVgpCQU1UQzFsMVoyRmllWFJsSUVSQ01JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBCnVOMWF1aWc4b2pVMHM0OXF3QXhrT2FCaHkwcTlyaVg2akVyZWJyTHJOWDJOeHdWQmNVcWJkUlhVc3VZNS96RUQKUC9CZTNkcTFuMm9EQ2ZGVEwweGkyNFdNZExRcnJBMndCdzFtNHM1WmQzcEJ1U04yWHJkVVhkeUx6dUxlczJNbgovckJxcWRscXp6LzAyTk9TOE9SVFZCUVRTQTBSOFNMQ1RjSGxMQmRkMmdxZ1ZmemVXRlVObXhWQ2EwcHA5UENuCmpUamJJRzhJWkh5dnBkTyt3aURQM1Y1a1ZEaTkvbEtUaGUzcTFOeDg5VUNFcnRJa1pjSkYvWEs3aE90MU1sOXMKWDYzb2lVMTE1Q2svbGFGRjR6dWgrZk9VenpOVXRXeTc2RE92cm5pVGlaU0tQZDBBODNNa2l2N2VHaDVkV3owWgpsKzJ2a3dkZHJaRzVlaHhvbGhGS3pRSURBUUFCbzBJd1FEQU9CZ05WSFE4QkFmOEVCQU1DQXFRd0hRWURWUjBsCkJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUE4R0ExVWRFd0VCL3dRRk1BTUJBZjh3RFFZSktvWkkKaHZjTkFRRUxCUUFEZ2dFQkFEQjVRbmlYd1ptdk52eG5VbS9sTTVFbms3VmhTUzRUZldIMHY4Q0srZWZMSVBTbwpVTkdLNXU5UzNEUWlvaU9SN1Vmc2YrRnk1QXljMmNUY1M2UXBxTCt0V1QrU1VITXNJNk9oQ05pQ1gvQjNKWERPCkd2R0RIQzBVOHo3aWJTcW5zQ2Rid05kajAyM0lwMHVqNE9DVHJ3azZjd0RBeXlwVWkwN2tkd28xYWJIWExqTnAKamVQMkwrY0hkc2dKM1N4WWpkK1kvei9IdmFrZG1RZDJTL1l2V0R3aU1SRDkrYmZXWkJVRHo3Y0QyQkxEVmU0aAp1bkFaK3NyelR2Sjd5dkVodzlHSDFyajd4Qm9VNjB5SUUrYSszK2xWSEs4WnBSV0NXMnh2eWNrYXJSKytPS2NKClFsL04wWExqNWJRUDVoUzdhOTdhQktTamNqY3E5VzNGcnhJa2tKST0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=" key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdU4xYXVpZzhvalUwczQ5cXdBeGtPYUJoeTBxOXJpWDZqRXJlYnJMck5YMk54d1ZCCmNVcWJkUlhVc3VZNS96RURQL0JlM2RxMW4yb0RDZkZUTDB4aTI0V01kTFFyckEyd0J3MW00czVaZDNwQnVTTjIKWHJkVVhkeUx6dUxlczJNbi9yQnFxZGxxenovMDJOT1M4T1JUVkJRVFNBMFI4U0xDVGNIbExCZGQyZ3FnVmZ6ZQpXRlVObXhWQ2EwcHA5UENualRqYklHOElaSHl2cGRPK3dpRFAzVjVrVkRpOS9sS1RoZTNxMU54ODlVQ0VydElrClpjSkYvWEs3aE90MU1sOXNYNjNvaVUxMTVDay9sYUZGNHp1aCtmT1V6ek5VdFd5NzZET3ZybmlUaVpTS1BkMEEKODNNa2l2N2VHaDVkV3owWmwrMnZrd2RkclpHNWVoeG9saEZLelFJREFRQUJBb0lCQUJsdW1tU3gxR1djWER1Mwpwei8wZEhWWkV4c2NsU3U0SGRmZkZPcTF3cFlCUjlmeGFTZGsxQzR2YXF1UjhMaWl6WWVtVWViRGgraitkSnlSCmpwZ2JNaDV4S1BtRkw5empwU3ZUTkN4UHB3OUF5bm5sM3dyNHZhcU1CTS9aZGpuSGttRC9kQzBadEEvL0JIZ3YKNHk4d3VpWCsvUWdVaER0Z1JNcmR1ZUZ1OVlKaFo5UE9jYXkzSkkzMFhEYjdJSS9vNFNhYnhTcFI3bTg5WjY0NwpUb3hsOEhTSzl0SUQxbkl1bHVpTmx1dHI1RzdDdE93WTBSc2N5dmZ2elg4a1d2akpLZVJVbmhMSCtXVFZOaExICjdZc0tMNmlLa1NkckMzeWVPWnV4R0pEbVdrZVgxTzNPRUVGYkc4TjVEaGNqL0lXbDh1dGt3LzYwTEthNHBCS2cKTXhtNEx3RUNnWUVBNnlPRkhNY2pncHYxLzlHZC8yb3c2YmZKcTFjM1dqQkV2cnM2ZXNyMzgrU3UvdVFneXJNcAo5V01oZElpb2dYZjVlNjV5ZlIzYVBXcjJJdWMxZ0RUNlYycDZFR2h0NysyQkF1YkIzczloZisycVNRY1lkS3pmCnJOTDdKalE4ZEVGZWdYd041cHhKOTRTTVFZNEI4Qm9hOHNJWTd3TzU4dHpVMjZoclVnanFXQ1VDZ1lFQXlVUUIKNzViWlh6MGJ5cEc5NjNwYVp0bGlJY0cvUk1XMnVPOE9rVFNYSGdDSjBob25uRm5IMGZOc1pGTHdFWEtnTTRORworU3ZNbWtUekE5eVVSMHpIMFJ4UW44L1YzVWZLT2k5RktFeWx6NzNiRkV6ZW1QSEppQm12NWQ4ZTlOenZmU0E0CkdpRTYrYnFyV3VVWWRoRWlYTnY1SFNPZ3I4bUx1TzJDbGlmNTg0a0NnWUFlZzlDTmlJWmlOODAzOHNNWFYzZWIKalI5ZDNnYXY3SjJ2UnVyeTdvNDVGNDlpUXNiQ3AzZWxnY1RnczY5eWhkaFpwYXp6OGNEVndhREpyTW16cHF4cQpWY1liaFFIblppSWM5MGRubS9BaVF2eWJWNUZqNnQ5b05VVWtreGpaV1haalJXOGtZMW55QmtDUmJWVnhER0k4CjZOV0ZoeTFGaUVVVGNJcms3WVZFQlFLQmdRREpHTVIrYWRFamtlRlUwNjVadkZUYmN0VFVPY3dzb1Foalc2akkKZVMyTThxakNYeE80NnhQMnVTeFNTWFJKV3FpckQ3NDRkUVRvRjRCaEdXS21veGI3M3pqSGxWaHcwcXhDMnJ4VQorZENxODE0VXVJR3BlOTBMdWU3QTFlRU9kRHB1WVdUczVzc1FmdTE3MG5CUWQrcEhzaHNFZkhhdmJjZkhyTGpQCjQzMmhVUUtCZ1FDZ3hMZG5Pd2JMaHZLVkhhdTdPVXQxbGpUT240SnB5bHpnb3hFRXpzaDhDK0ZKUUQ1bkFxZXEKZUpWSkNCd2VkallBSDR6MUV3cHJjWnJIN3IyUTBqT2ZFallwU1dkZGxXaWh4OTNYODZ0aG83UzJuUlYrN1hNcQpPVW9ZcVZ1WGlGMWdMM1NGeHZqMHhxV3l0d0NPTW5DZGFCb0M0Tkw3enJtL0lZOEUwSkw2MkE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" + ## When tls.certManager.enabled=false ## nodeCert and clientCert will be used only when rootCA.key is empty. ## Will be ignored and genSignedCert will be used to generate ## node and client certs if rootCA.key is provided. @@ -139,7 +147,8 @@ Services: http-yedis-met: "11000" http-ysql-met: "13000" -## Should be set to true only if Istio is being used. +## Should be set to true only if Istio is being used. This also adds +## the Istio sidecar injection labels to the pods. ## TODO: remove this once ## https://github.com/yugabyte/yugabyte-db/issues/5641 is fixed. ## @@ -156,6 +165,18 @@ multicluster: ## failover. Useful when using new naming style. createCommonTserverService: false + ## Enable it to deploy YugabyteDB in a multi-cluster services enabled + ## Kubernetes cluster (KEP-1645). This will create ServiceExport. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#registering_a_service_for_export + ## You can use this gist for the reference to deploy the Yugabyte DB in a multi-cluster scenario. + ## Gist - https://gist.github.com/baba230896/78cc9bb6f4ba0b3d0e611cd49ed201bf + createServiceExports: false + + ## Mandatory variable when createServiceExports is set to true. + ## Use: In case of GKE, you need to pass GKE Hub Membership Name. + ## GKE Ref - https://cloud.google.com/kubernetes-engine/docs/how-to/multi-cluster-services#enabling + kubernetesClusterId: "" + serviceMonitor: ## If true, two ServiceMonitor CRs are created. One for yb-master ## and one for yb-tserver diff --git a/charts/yugabyte/yugaware/Chart.yaml b/charts/yugabyte/yugaware/Chart.yaml index 860771f80..41f39b7b8 100644 --- a/charts/yugabyte/yugaware/Chart.yaml +++ b/charts/yugabyte/yugaware/Chart.yaml @@ -4,8 +4,11 @@ annotations: catalog.cattle.io/kube-version: '>=1.18-0' catalog.cattle.io/release-name: yugaware apiVersion: v1 -appVersion: 2.14.6.0-b30 -description: YugaWare is YugaByte Database's Orchestration and Management console. +appVersion: 2.16.1.0-b50 +description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB cluster + with multiple pods provided by Kubernetes or OpenShift and logically grouped together + to form one logical distributed database. home: https://www.yugabyte.com icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 maintainers: @@ -14,4 +17,4 @@ maintainers: - email: arnav@yugabyte.com name: Arnav Agarwal name: yugaware -version: 2.14.6 +version: 2.16.1 diff --git a/charts/yugabyte/yugaware/README.md b/charts/yugabyte/yugaware/README.md index fa27ce3e0..0d190c0be 100644 --- a/charts/yugabyte/yugaware/README.md +++ b/charts/yugabyte/yugaware/README.md @@ -1,5 +1,7 @@ YugabyteDB Anywhere gives you the simplicity and support to deliver a private database-as-a-service (DBaaS) at scale. Use YugabyteDB Anywhere to deploy YugabyteDB across any cloud anywhere in the world with a few clicks, simplify day 2 operations through automation, and get the services needed to realize business outcomes with the database. -YugabyteDB Anywhere can be deployed using this helm chart. Detailed documentation is available at +YugabyteDB Anywhere can be deployed using this Helm chart. Detailed documentation is available at: +- [Install YugabyteDB Anywhere software - Kubernetes](https://docs.yugabyte.com/preview/yugabyte-platform/install-yugabyte-platform/install-software/kubernetes/) +- [Install YugabyteDB Anywhere software - OpenShift (Helm based)](https://docs.yugabyte.com/preview/yugabyte-platform/install-yugabyte-platform/install-software/openshift/#helm-based-installation) [![Artifact HUB](https://img.shields.io/endpoint?url=https://artifacthub.io/badge/repository/yugabyte)](https://artifacthub.io/packages/search?repo=yugabyte) diff --git a/charts/yugabyte/yugaware/questions.yaml b/charts/yugabyte/yugaware/questions.yaml index 0f2a48dd3..904b9cf75 100644 --- a/charts/yugabyte/yugaware/questions.yaml +++ b/charts/yugabyte/yugaware/questions.yaml @@ -15,7 +15,7 @@ questions: label: Yugabyte Platform image repository description: "Yugabyte Platform image repository" - variable: image.tag - default: "2.14.1.0-b36" + default: "2.5.1.0-b153" required: false type: string label: Yugabyte Platform image tag diff --git a/charts/yugabyte/yugaware/templates/configs.yaml b/charts/yugabyte/yugaware/templates/configs.yaml index 6b3270bff..64702e65c 100644 --- a/charts/yugabyte/yugaware/templates/configs.yaml +++ b/charts/yugabyte/yugaware/templates/configs.yaml @@ -180,7 +180,7 @@ data: {{- end }} proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Host $host; @@ -211,11 +211,18 @@ metadata: data: pg-upgrade-11-to-14.sh: | #!/bin/bash + set -x -o errexit - if [ ! "$(ls -A /var/lib/postgresql/14/data)" ] && [ "$(ls -A /var/lib/postgresql/11/data)" ]; + cd /pg_upgrade_logs/ + if [ ! "$(ls -A ${PGDATANEW})" ] && [ "$(ls -A ${PGDATAOLD})" ]; then - docker-upgrade pg_upgrade >> /pg_upgrade_logs/pg_upgrade_11_to_14.log; - echo "host all all all scram-sha-256" >> /var/lib/postgresql/14/data/pg_hba.conf; + echo "Upgrading PG data from ${PGDATAOLD} to ${PGDATANEW}" + # if fsGroup is set, we need to remove the sticky bit, and group + # write permission from the directories + chmod -R g-w-s "${PGDATAOLD}" + chmod g-w-s "${PGDATAOLD}" + docker-upgrade pg_upgrade | tee -a /pg_upgrade_logs/pg_upgrade_11_to_14.log; + echo "host all all all scram-sha-256" >> "${PGDATANEW}/pg_hba.conf"; fi --- apiVersion: v1 @@ -245,6 +252,8 @@ data: uwsgi_temp_path /tmp/uwsgi_temp; scgi_temp_path /tmp/scgi_temp; + proxy_read_timeout {{ .Values.nginx.proxyReadTimeoutSec }}; + include /etc/nginx/mime.types; default_type application/octet-stream; diff --git a/charts/yugabyte/yugaware/templates/statefulset.yaml b/charts/yugabyte/yugaware/templates/statefulset.yaml index 8997fba53..4a45694d9 100644 --- a/charts/yugabyte/yugaware/templates/statefulset.yaml +++ b/charts/yugabyte/yugaware/templates/statefulset.yaml @@ -25,6 +25,9 @@ spec: {{- end }} labels: app: {{ .Release.Name }}-yugaware +{{- if .Values.yugaware.pod.labels }} +{{ toYaml .Values.yugaware.pod.labels | indent 8 }} +{{- end }} spec: serviceAccountName: {{ .Release.Name }} imagePullSecrets: @@ -36,6 +39,30 @@ spec: fsGroupChangePolicy: {{ .Values.securityContext.fsGroupChangePolicy }} {{- end }} {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8}} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- with .Values.tolerations }}{{ toYaml . | nindent 8 }}{{ end }} + {{- end }} + {{- if .Values.zoneAffinity }} + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: failure-domain.beta.kubernetes.io/zone + operator: In + values: +{{ toYaml .Values.zoneAffinity | indent 18 }} + - matchExpressions: + - key: topology.kubernetes.io/zone + operator: In + values: +{{ toYaml .Values.zoneAffinity | indent 18 }} + {{- end }} volumes: - name: yugaware-storage persistentVolumeClaim: @@ -136,13 +163,26 @@ spec: - 'bash' - '-c' - /bin/bash /pg_upgrade_11_to_14/pg-upgrade-11-to-14.sh; + env: + - name: PGDATANEW + value: /var/lib/postgresql/14/pgdata + - name: PGDATAOLD + value: /var/lib/postgresql/11/pgdata + # https://github.com/tianon/docker-postgres-upgrade/issues/10#issuecomment-523020113 + - name: PGUSER + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-yugaware-global-config + key: postgres_user + - name: POSTGRES_INITDB_ARGS + value: "-U $PGUSER" volumeMounts: - name: yugaware-storage - mountPath: /var/lib/postgresql/11/data - subPath: postgres_data/pgdata + mountPath: /var/lib/postgresql/11/ + subPath: postgres_data - name: yugaware-storage - mountPath: /var/lib/postgresql/14/data - subPath: postgres_data_14/pgdata + mountPath: /var/lib/postgresql/14/ + subPath: postgres_data_14 - name: pg-upgrade-11-to-14 mountPath: /pg_upgrade_11_to_14 - name: yugaware-storage @@ -153,6 +193,7 @@ spec: - name: postgres image: {{ include "full_image" (dict "containerName" "postgres" "root" .) }} imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["-c", "huge_pages=off"] env: - name: POSTGRES_USER valueFrom: @@ -230,6 +271,9 @@ spec: - --web.enable-admin-api - --web.enable-lifecycle - --storage.tsdb.retention.time={{ .Values.prometheus.retentionTime }} + - --query.max-concurrency={{ .Values.prometheus.queryConcurrency }} + - --query.max-samples={{ .Values.prometheus.queryMaxSamples }} + - --query.timeout={{ .Values.prometheus.queryTimeout }} ports: - containerPort: 9090 - name: yugaware @@ -288,6 +332,9 @@ spec: - name: yugaware-storage mountPath: /opt/yugabyte/releases/ subPath: releases + - name: yugaware-storage + mountPath: /opt/yugabyte/ybc/releases/ + subPath: ybc_releases # old path for backward compatibility - name: yugaware-storage mountPath: /opt/releases/ diff --git a/charts/yugabyte/yugaware/values.yaml b/charts/yugabyte/yugaware/values.yaml index ca110f661..d14a04898 100644 --- a/charts/yugabyte/yugaware/values.yaml +++ b/charts/yugabyte/yugaware/values.yaml @@ -8,7 +8,7 @@ image: # including the yugaware image repository: quay.io/yugabyte/yugaware - tag: 2.14.6.0-b30 + tag: 2.16.1.0-b50 pullPolicy: IfNotPresent pullSecret: yugabyte-k8s-pull-secret ## Docker config JSON File name @@ -32,12 +32,12 @@ image: prometheus: registry: "" - tag: v2.37.0 + tag: v2.41.0 name: prom/prometheus nginx: registry: "" - tag: 1.23.1 + tag: 1.23.3 name: nginxinc/nginx-unprivileged yugaware: @@ -58,6 +58,7 @@ yugaware: type: "LoadBalancer" pod: annotations: {} + labels: {} health: username: "" password: "" @@ -69,7 +70,7 @@ yugaware: enableProxyMetricsAuth: true ## List of additional alowed CORS origins in case of complex rev-proxy additionAllowedCorsOrigins: [] - proxyEndpointTimeoutMs: 1 minute + proxyEndpointTimeoutMs: 3 minute ## Enables features specific for cloud deployments cloud: enabled: false @@ -150,6 +151,8 @@ nginx: cpu: 0.25 memory: 300Mi + proxyReadTimeoutSec: 600 + rbac: ## Set this to false if you don't have enough permissions to create ## ClusterRole and Binding, for example an OpenShift cluster. When @@ -165,11 +168,41 @@ ocpCompatibility: # Extra containers to add to the pod. sidecars: [] +## Following two controls for placement of pod - nodeSelector and AZ affinity. +## Note: Remember to also provide a yugaware.StorageClass that has a olumeBindingMode of +## WaitForFirstConsumer so that the PVC is created in the right topology visible to this pod. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector +## eg. +## nodeSelector: +## topology.kubernetes.io/region: us-west1 +nodeSelector: {} + +## Affinity to a particular zone for the pod. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## eg. +## nodeAffinity: +## requiredDuringSchedulingIgnoredDuringExecution: +## nodeSelectorTerms: +## - matchExpressions: +## - key: failure-domain.beta.kubernetes.io/zone +## operator: In +## values: +## - us-west1-a +## - us-west1-b +zoneAffinity: {} + +## The tolerations that the pod should have. +## See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ +tolerations: [] + ## Don't want prometheus to scrape nodes and evaluate alert rules in some cases (for example - cloud). prometheus: scrapeNodes: true evaluateAlertRules: true retentionTime: 15d + queryConcurrency: 20 + queryMaxSamples: 5000000 + queryTimeout: 30s resources: requests: diff --git a/index.yaml b/index.yaml index 317a83401..2a5709aee 100644 --- a/index.yaml +++ b/index.yaml @@ -80,6 +80,96 @@ entries: - assets/datawiza/access-broker-0.1.1.tgz version: 0.1.1 airflow: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Airflow + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: airflow + category: WorkFlow + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.5.1 + created: "2023-02-02T16:55:17.244407806Z" + dependencies: + - condition: redis.enabled + name: redis + repository: file://./charts/redis + version: 17.x.x + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Airflow is a tool to express and execute workflows as directed + acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task + progress and handle task dependencies. + digest: 7f934a1cc35596ffa6c354a0b87377d42f84d87e2439615bbfbcc422759eeba8 + home: https://github.com/bitnami/charts/tree/main/bitnami/airflow + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg + keywords: + - apache + - airflow + - workflow + - dag + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: airflow + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/airflow + - https://airflow.apache.org/ + urls: + - assets/bitnami/airflow-14.0.11.tgz + version: 14.0.11 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Airflow + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: airflow + category: WorkFlow + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 2.5.1 + created: "2023-01-31T17:19:02.561710053Z" + dependencies: + - condition: redis.enabled + name: redis + repository: file://./charts/redis + version: 17.x.x + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 12.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Airflow is a tool to express and execute workflows as directed + acyclic graphs (DAGs). It includes utilities to schedule tasks, monitor task + progress and handle task dependencies. + digest: f0f724d331fb22ba41eb50549fbe891d99b3f0744805b8feae5db4705349ff27 + home: https://github.com/bitnami/charts/tree/main/bitnami/airflow + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/airflow-1.svg + keywords: + - apache + - airflow + - workflow + - dag + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: airflow + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/airflow + - https://airflow.apache.org/ + urls: + - assets/bitnami/airflow-14.0.10.tgz + version: 14.0.10 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Airflow @@ -556,6 +646,116 @@ entries: - assets/ambassador/ambassador-6.7.1100.tgz version: 6.7.1100 argo-cd: + - annotations: + artifacthub.io/changes: | + - kind: changed + description: Upgrade Argo CD to 2.6.0 + - kind: deprecated + description: ApplicationSet args, logFormat and logLevel superseded by configs.params + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.6.0 + created: "2023-02-07T20:32:18.354927972Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.22.4 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 40511311d5ecff5c78c5983a47c0282def91bab00e8a2ebdd9981d9698c711e9 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.22.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.20.0.tgz + version: 5.20.0 + - annotations: + artifacthub.io/changes: | + - kind: added + description: Configurable dnsPolicy / hostNetwork + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.5.10 + created: "2023-02-07T14:30:14.734475182Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.22.4 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: bfae976974c29068c9e3ba5ddb172b73048b9dc56029825b4322551d58b5068b + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.22.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.19.15.tgz + version: 5.19.15 + - annotations: + artifacthub.io/changes: | + - kind: fixed + description: Align changelog structure to show changelogs on Artifact Hub + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Argo CD + catalog.cattle.io/kube-version: '>=1.22.0-0' + catalog.cattle.io/release-name: argo-cd + apiVersion: v2 + appVersion: v2.5.9 + created: "2023-01-31T17:19:02.014032882Z" + dependencies: + - condition: redis-ha.enabled + name: redis-ha + repository: file://./charts/redis-ha + version: 4.22.4 + description: A Helm chart for Argo CD, a declarative, GitOps continuous delivery + tool for Kubernetes. + digest: 4ba993841e6b0165409af2f453d79c3651fab02cdc76e55899089e43ff5f4f92 + home: https://github.com/argoproj/argo-helm + icon: https://argo-cd.readthedocs.io/en/stable/assets/logo.png + keywords: + - argoproj + - argocd + - gitops + kubeVersion: '>=1.22.0-0' + maintainers: + - name: argoproj + url: https://argoproj.github.io/ + name: argo-cd + sources: + - https://github.com/argoproj/argo-helm/tree/main/charts/argo-cd + - https://github.com/argoproj/argo-cd + urls: + - assets/argo/argo-cd-5.19.12.tgz + version: 5.19.12 - annotations: artifacthub.io/changes: | - "[Added]: Added logFormat, logLevel and extraArgs to Slack bot" @@ -1472,6 +1672,39 @@ entries: - assets/argo/argo-cd-5.8.0.tgz version: 5.8.0 artifactory-ha: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Artifactory HA + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-ha + apiVersion: v2 + appVersion: 7.49.6 + created: "2023-01-31T17:19:05.25887462Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 10.3.18 + description: Universal Repository Manager supporting all major packaging formats, + build tools and CI servers. + digest: b34e0e1af71fd9620589e2e3f507bd5c3da5e8961f560c4a83fef4a18ac75dcd + home: https://www.jfrog.com/artifactory/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-ha/logo/artifactory-logo.png + keywords: + - artifactory + - jfrog + - devops + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: installers@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-ha + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-ha-107.49.6.tgz + version: 107.49.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Artifactory HA @@ -1928,6 +2161,40 @@ entries: - assets/jfrog/artifactory-ha-3.0.1400.tgz version: 3.0.1400 artifactory-jcr: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: JFrog Container Registry + catalog.cattle.io/kube-version: '>= 1.14.0-0' + catalog.cattle.io/release-name: artifactory-jcr + apiVersion: v2 + appVersion: 7.49.6 + created: "2023-01-31T17:19:05.464375452Z" + dependencies: + - name: artifactory + repository: file://./charts/artifactory + version: 107.49.6 + description: JFrog Container Registry + digest: 6b67a492bf23866f5013c97440e9912723126653a2e0c3f3159da2c4f9b493d3 + home: https://jfrog.com/container-registry/ + icon: https://raw.githubusercontent.com/jfrog/charts/ea5c3112c24a973f64f3ccd99747323db292a369/stable/artifactory-jcr/logo/jcr-logo.png + keywords: + - artifactory + - jfrog + - container + - registry + - devops + - jfrog-container-registry + kubeVersion: '>= 1.14.0-0' + maintainers: + - email: helm@jfrog.com + name: Chart Maintainers at JFrog + name: artifactory-jcr + sources: + - https://github.com/jfrog/charts + type: application + urls: + - assets/jfrog/artifactory-jcr-107.49.6.tgz + version: 107.49.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: JFrog Container Registry @@ -3361,6 +3628,42 @@ entries: - assets/aws-event-sources/aws-event-sources-0.1.901.tgz version: 0.1.901 cassandra: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Cassandra + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: cassandra + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 4.1.0 + created: "2023-02-02T16:55:17.405865076Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Cassandra is an open source distributed database management + system designed to handle large amounts of data across many servers, providing + high availability with no single point of failure. + digest: 2c6f99a41a0063e8e5a9b8c348df352dedc968d3faf1459468a1b1fd90467506 + home: https://github.com/bitnami/charts/tree/main/bitnami/cassandra + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/cassandra-4.svg + keywords: + - cassandra + - database + - nosql + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: cassandra + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/cassandra + - http://cassandra.apache.org + urls: + - assets/bitnami/cassandra-10.0.2.tgz + version: 10.0.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Cassandra @@ -4008,6 +4311,31 @@ entries: - assets/citrix/citrix-cpx-istio-sidecar-injector-1.11.0.tgz version: 1.11.0 citrix-cpx-with-ingress-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller + catalog.cattle.io/kube-version: '>=v1.16.0-0' + catalog.cattle.io/release-name: citrix-cpx-with-ingress-controller + apiVersion: v2 + appVersion: 1.29.5 + created: "2023-01-31T17:19:03.595225298Z" + description: A Helm chart for Citrix ADC CPX with Citrix ingress Controller running + as sidecar. + digest: 4ba2b04429dc71e584c981fb01452b03ecdad399a8de57092711fdd1a46587b7 + home: https://www.citrix.com + icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png + kubeVersion: '>=v1.16.0-0' + maintainers: + - email: priyanka.sharma@citrix.com + name: priyankash-citrix + - email: subash.dangol@citrix.com + name: subashd + name: citrix-cpx-with-ingress-controller + sources: + - https://github.com/citrix/citrix-k8s-ingress-controller + urls: + - assets/citrix/citrix-cpx-with-ingress-controller-1.29.5.tgz + version: 1.29.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Citrix Cpx with Ingress Controller @@ -4081,6 +4409,30 @@ entries: - assets/citrix/citrix-cpx-with-ingress-controller-1.8.2800.tgz version: 1.8.2800 citrix-ingress-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Citrix Ingress Controller + catalog.cattle.io/kube-version: '>=v1.16.0-0' + catalog.cattle.io/release-name: citrix-ingress-controller + apiVersion: v2 + appVersion: 1.29.5 + created: "2023-01-31T17:19:03.605897645Z" + description: A Helm chart for Citrix Ingress Controller configuring MPX/VPX. + digest: 5dd112bd395139c089286c8b678dc0b71cb35e51f221e746405fce7c630a98ac + home: https://www.citrix.com + icon: https://raw.githubusercontent.com/citrix/citrix-helm-charts/gh-pages/icon.png + kubeVersion: '>=v1.16.0-0' + maintainers: + - email: priyanka.sharma@citrix.com + name: priyankash-citrix + - email: subash.dangol@citrix.com + name: subashd + name: citrix-ingress-controller + sources: + - https://github.com/citrix/citrix-k8s-ingress-controller + urls: + - assets/citrix/citrix-ingress-controller-1.29.5.tgz + version: 1.29.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Citrix Ingress Controller @@ -4469,6 +4821,36 @@ entries: - assets/cockroach-labs/cockroachdb-4.1.200.tgz version: 4.1.200 community-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MongoDB Community Operator + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: community-operator + apiVersion: v2 + appVersion: 0.7.8 + created: "2023-01-31T17:19:06.050565728Z" + dependencies: + - condition: community-operator-crds.enabled + name: community-operator-crds + repository: file://./charts/community-operator-crds + version: 0.7.8 + description: MongoDB Kubernetes Community Operator + digest: 34dbf87a12f93768e51a01294642a4414060139c0bfe767106bd0b89865936ca + home: https://github.com/mongodb/mongodb-kubernetes-operator + icon: https://mongodb-images-new.s3.eu-west-1.amazonaws.com/leaf-green-dark.png + keywords: + - mongodb + - database + - nosql + kubeVersion: '>=1.16-0' + maintainers: + - email: support@mongodb.com + name: MongoDB + name: community-operator + type: application + urls: + - assets/mongodb/community-operator-0.7.8.tgz + version: 0.7.8 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MongoDB Community Operator @@ -4609,6 +4991,47 @@ entries: - assets/confluent/confluent-for-kubernetes-0.174.2101.tgz version: 0.174.2101 consul: + - annotations: + artifacthub.io/images: | + - name: consul + image: hashicorp/consul:1.14.4 + - name: consul-k8s-control-plane + image: hashicorp/consul-k8s-control-plane:1.0.3 + - name: consul-dataplane + image: hashicorp/consul-dataplane:1.0.1 + - name: envoy + image: envoyproxy/envoy:v1.23.1 + artifacthub.io/license: MPL-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://www.consul.io/docs/k8s + - name: hashicorp/consul + url: https://github.com/hashicorp/consul + - name: hashicorp/consul-k8s + url: https://github.com/hashicorp/consul-k8s + artifacthub.io/prerelease: "false" + artifacthub.io/signKey: | + fingerprint: C874011F0AB405110D02105534365D9472D7468F + url: https://keybase.io/hashicorp/pgp_keys.asc + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Hashicorp Consul + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: consul + apiVersion: v2 + appVersion: 1.14.4 + created: "2023-02-07T14:30:17.119540709Z" + description: Official HashiCorp Consul Chart + digest: fc8636902942f5b5704fca6b68581f6ad2ff4fc614e037b4c15ce961dfdee5ea + home: https://www.consul.io + icon: https://raw.githubusercontent.com/hashicorp/consul-k8s/main/assets/icon.png + kubeVersion: '>=1.21.0-0' + name: consul + sources: + - https://github.com/hashicorp/consul + - https://github.com/hashicorp/consul-k8s + urls: + - assets/hashicorp/consul-1.0.3.tgz + version: 1.0.3 - annotations: artifacthub.io/images: | - name: consul @@ -4870,8 +5293,8 @@ entries: catalog.cattle.io/featured: "2" catalog.cattle.io/release-name: cost-analyzer apiVersion: v2 - appVersion: 1.99.0 - created: "2022-12-15T10:24:40.690559713-07:00" + appVersion: 1.100.0 + created: "2023-02-07T20:32:26.665226969Z" dependencies: - condition: global.grafana.enabled name: grafana @@ -4887,7 +5310,38 @@ entries: version: ~0.29.0 description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor cloud costs. - digest: 1e4045a603ffa72902711fd9d78f489a14309cdbbfd8f0466805d11961205a0b + digest: d5453931b876f5b5554e45f2e7570ec3a1b2d4d553be4c52ae01cf2300263254 + icon: https://partner-charts.rancher.io/assets/logos/kubecost.png + name: cost-analyzer + urls: + - assets/kubecost/cost-analyzer-1.100.0.tgz + version: 1.100.0 + - annotations: + artifacthub.io/links: | + - name: Homepage + url: https://www.kubecost.com + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kubecost + catalog.cattle.io/release-name: cost-analyzer + apiVersion: v2 + appVersion: 1.99.0 + created: "2023-02-07T20:32:21.552768024Z" + dependencies: + - condition: global.grafana.enabled + name: grafana + repository: file://./charts/grafana + version: ~1.17.2 + - condition: global.prometheus.enabled + name: prometheus + repository: file://./charts/prometheus + version: ~11.0.2 + - condition: global.thanos.enabled + name: thanos + repository: file://./charts/thanos + version: ~0.29.0 + description: A Helm chart that sets up Kubecost, Prometheus, and Grafana to monitor + cloud costs. + digest: 09d527e0961160da95c021c965e019cdf312a17e7cf13dbe384f089589a91f89 icon: https://partner-charts.rancher.io/assets/logos/kubecost.png name: cost-analyzer urls: @@ -4989,6 +5443,28 @@ entries: - assets/kubecost/cost-analyzer-1.70.000.tgz version: 1.70.000 crate-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: CrateDB Operator + catalog.cattle.io/release-name: crate-operator + apiVersion: v2 + appVersion: 2.22.0 + created: "2023-01-31T17:19:03.700627151Z" + dependencies: + - condition: crate-operator-crds.enabled + name: crate-operator-crds + repository: file://./charts/crate-operator-crds + version: 2.22.0 + description: Crate Operator - Helm chart for installing and upgrading Crate Operator. + digest: 28fd1cfd52017f6dd4fc2eb898e2355fe5dfabc2f73702ff145872b3efba64a1 + icon: https://raw.githubusercontent.com/crate/crate/master/docs/_static/crate-logo.svg + maintainers: + - name: Crate.io + name: crate-operator + type: application + urls: + - assets/crate/crate-operator-2.22.0.tgz + version: 2.22.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: CrateDB Operator @@ -5362,6 +5838,117 @@ entries: - assets/weka/csi-wekafsplugin-0.6.400.tgz version: 0.6.400 datadog: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-02-07T20:32:19.72536861Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: 141e235978d9916426cb52284cd31a5bb9b0f3b7c7e653a6352e442856d54cba + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.10.6.tgz + version: 3.10.6 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-02-07T14:30:16.168918395Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: ff1fc4f072678cf29c393aaf3e89851fc8f3f29fdaf47844890ab2159c804dd8 + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.10.5.tgz + version: 3.10.5 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Datadog + catalog.cattle.io/kube-version: '>=1.10-0' + catalog.cattle.io/release-name: datadog + apiVersion: v1 + appVersion: "7" + created: "2023-02-02T16:55:18.414355067Z" + dependencies: + - condition: clusterAgent.metricsProvider.useDatadogMetrics + name: datadog-crds + repository: https://helm.datadoghq.com + tags: + - install-crds + version: 0.4.7 + - condition: datadog.kubeStateMetricsEnabled + name: kube-state-metrics + repository: https://prometheus-community.github.io/helm-charts + version: 2.13.2 + description: Datadog Agent + digest: 91275b56ff706bf49d29c3f2ecdb1c9640c63a91c26b37987519da766201c22b + home: https://www.datadoghq.com + icon: https://datadog-live.imgix.net/img/dd_logo_70x75.png + keywords: + - monitoring + - alerting + - metric + maintainers: + - email: support@datadoghq.com + name: Datadog + name: datadog + sources: + - https://app.datadoghq.com/account/settings#agent/kubernetes + - https://github.com/DataDog/datadog-agent + urls: + - assets/datadog/datadog-3.10.4.tgz + version: 3.10.4 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Datadog @@ -7449,6 +8036,70 @@ entries: - assets/inaccel/fpga-operator-2.5.201.tgz version: 2.5.201 gitlab: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: GitLab + catalog.cattle.io/release-name: gitlab + apiVersion: v1 + appVersion: 15.8.1 + created: "2023-01-31T17:19:04.802677835Z" + dependencies: + - name: gitlab + repository: "" + version: '*.*.*' + - name: certmanager-issuer + repository: "" + version: '*.*.*' + - name: minio + repository: "" + version: '*.*.*' + - name: registry + repository: "" + version: '*.*.*' + - alias: certmanager + condition: certmanager.install + name: cert-manager + repository: https://charts.jetstack.io/ + version: 1.5.4 + - condition: prometheus.install + name: prometheus + repository: https://prometheus-community.github.io/helm-charts + version: 15.0.4 + - condition: postgresql.install + name: postgresql + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 8.9.4 + - condition: gitlab-runner.install + name: gitlab-runner + repository: https://charts.gitlab.io/ + version: 0.48.1 + - condition: global.grafana.enabled + name: grafana + repository: https://grafana.github.io/helm-charts + version: 6.11.0 + - condition: redis.install + name: redis + repository: https://raw.githubusercontent.com/bitnami/charts/eb5f9a9513d987b519f0ecd732e7031241c50328/bitnami + version: 11.3.4 + - condition: nginx-ingress.enabled + name: nginx-ingress + repository: "" + version: '*.*.*' + description: The One DevOps Platform + digest: f1a2c78a9b3f772c4c83b87c03b7f47f26196a6bbdf05863d70df4d09bef7922 + home: https://about.gitlab.com/ + icon: https://gitlab.com/gitlab-com/gitlab-artwork/raw/master/logo/logo-square.png + keywords: + - gitlab + maintainers: + - email: support@gitlab.com + name: GitLab Inc. + name: gitlab + sources: + - https://gitlab.com/gitlab-org/charts/gitlab + urls: + - assets/gitlab/gitlab-6.8.1.tgz + version: 6.8.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: GitLab @@ -8693,6 +9344,34 @@ entries: - assets/gopaddle/gopaddle-4.2.5.tgz version: 4.2.5 haproxy: + - annotations: + artifacthub.io/changes: | + - Use Ingress Controller 1.9.1 version for base image + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller + catalog.cattle.io/kube-version: '>=1.19.0-0' + catalog.cattle.io/release-name: haproxy + apiVersion: v2 + appVersion: 1.9.1 + created: "2023-02-02T16:55:19.573127265Z" + description: A Helm chart for HAProxy Kubernetes Ingress Controller + digest: 9d79decc450cfb57ac4bc337939695e9ea3908c61869bd4f271893758aa2967e + home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress + icon: https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/chart-icon.png + keywords: + - ingress + - haproxy + kubeVersion: '>=1.19.0-0' + maintainers: + - email: dkorunic@haproxy.com + name: Dinko Korunic + name: haproxy + sources: + - https://github.com/haproxytech/kubernetes-ingress + type: application + urls: + - assets/haproxy/haproxy-1.27.1.tgz + version: 1.27.1 - annotations: artifacthub.io/changes: | - Additional internal-only service for metrics scraping @@ -9275,6 +9954,36 @@ entries: - assets/hpe/hpe-flexvolume-driver-3.1.000.tgz version: 3.1.000 instana-agent: + - annotations: + artifacthub.io/links: | + - name: Instana website + url: https://www.instana.com + - name: Instana Helm charts + url: https://github.com/instana/helm-charts + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Instana Agent + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: instana-agent + apiVersion: v2 + appVersion: 1.241.0 + created: "2023-01-31T17:19:05.018442908Z" + description: Instana Agent for Kubernetes + digest: 37d15c89f734fbe7a0ff86bc451dc8c865146c4e3d59a501fe574ba38bf82641 + home: https://www.instana.com/ + icon: https://agents.instana.io/helm/stan-logo-2020.png + maintainers: + - email: felix.marx@ibm.com + name: FelixMarxIBM + - email: henning.treu@ibm.com + name: htreu + - email: torsten.kohn@ibm.com + name: tkohn + name: instana-agent + sources: + - https://github.com/instana/instana-agent-docker + urls: + - assets/instana/instana-agent-1.2.52.tgz + version: 1.2.52 - annotations: artifacthub.io/links: | - name: Instana website @@ -9487,6 +10196,22 @@ entries: - assets/instana/instana-agent-1.0.2900.tgz version: 1.0.2900 intel-device-plugins-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Intel Device Plugins Operator + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: intel-device-plugins-operator + apiVersion: v2 + appVersion: 0.26.0 + created: "2023-02-07T14:30:17.16684447Z" + description: A Helm chart for Intel Device Plugins Operator for Kubernetes + digest: d214fbee747147c6414b903d5cbc6a1dcaf1c004cce4a6717b8b014e5ba8b42a + icon: https://avatars.githubusercontent.com/u/17888862?s=200&v=4 + name: intel-device-plugins-operator + type: application + urls: + - assets/intel/intel-device-plugins-operator-0.26.0.tgz + version: 0.26.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Intel Device Plugins Operator @@ -9657,6 +10382,54 @@ entries: - assets/jaeger/jaeger-operator-2.36.0.tgz version: 2.36.0 jenkins: + - annotations: + artifacthub.io/images: | + - name: jenkins + image: jenkins/jenkins:2.375.2-jdk11 + - name: k8s-sidecar + image: kiwigrid/k8s-sidecar:1.15.0 + - name: inbound-agent + image: jenkins/inbound-agent:4.11.2-4 + - name: backup + image: maorfr/kube-tasks:0.2.0 + artifacthub.io/links: | + - name: Chart Source + url: https://github.com/jenkinsci/helm-charts/tree/main/charts/jenkins + - name: Jenkins + url: https://www.jenkins.io/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Jenkins + catalog.cattle.io/kube-version: '>=1.14-0' + catalog.cattle.io/release-name: jenkins + apiVersion: v2 + appVersion: 2.375.2 + created: "2023-02-07T14:30:17.233687215Z" + description: Jenkins - Build great things at any scale! The leading open source + automation server, Jenkins provides hundreds of plugins to support building, + deploying and automating any project. + digest: d7e976f71cfd28fe81059391d20dfb0183edcf20e67fd53425915c869dab5f2f + home: https://jenkins.io/ + icon: https://get.jenkins.io/art/jenkins-logo/logo.svg + maintainers: + - email: maor.friedman@redhat.com + name: maorfr + - email: mail@torstenwalter.de + name: torstenwalter + - email: garridomota@gmail.com + name: mogaal + - email: wmcdona89@gmail.com + name: wmcdona89 + - email: timjacomb1@gmail.com + name: timja + name: jenkins + sources: + - https://github.com/jenkinsci/jenkins + - https://github.com/jenkinsci/docker-inbound-agent + - https://github.com/maorfr/kube-tasks + - https://github.com/jenkinsci/configuration-as-code-plugin + urls: + - assets/jenkins/jenkins-4.3.1.tgz + version: 4.3.1 - annotations: artifacthub.io/images: | - name: jenkins @@ -10934,12 +11707,83 @@ entries: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: K10 catalog.cattle.io/featured: "1" + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 5.5.4 + created: "2023-02-03T13:07:51.681650973+05:30" + dependencies: + - name: grafana + repository: file://./charts/grafana + version: 6.32.9 + - name: prometheus + repository: file://./charts/prometheus + version: 15.8.5 + description: Kasten’s K10 Data Management Platform + digest: 0cd5de4ce9cff4cb21f74e76019aeb339bc025d5b3c47b6607552af0fce6277b + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-5.5.401.tgz + version: 5.5.401 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 5.5.3 + created: "2023-02-03T13:06:27.239073035+05:30" + dependencies: + - name: grafana + repository: file://./charts/grafana + version: 6.32.9 + - name: prometheus + repository: file://./charts/prometheus + version: 15.8.5 + description: Kasten’s K10 Data Management Platform + digest: 4f202085e8d74f9e8c588c9f8e52033962b7248e4e36e6882875924a35b77d32 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-5.5.301.tgz + version: 5.5.301 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: k10 + apiVersion: v2 + appVersion: 5.5.2 + created: "2023-02-03T13:06:27.227488128+05:30" + description: Kasten’s K10 Data Management Platform + digest: af49c6f27803fcc389533d9129aa59f03e9c34fe63fc4ac42b3c49e29df22d79 + home: https://kasten.io/ + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png + maintainers: + - email: contact@kasten.io + name: kastenIO + name: k10 + urls: + - assets/kasten/k10-5.5.201.tgz + version: 5.5.201 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: K10 catalog.cattle.io/release-name: k10 apiVersion: v2 appVersion: 5.5.1 - created: "2022-11-28T22:18:51.187449-05:00" + created: "2023-02-03T13:06:27.215326217+05:30" description: Kasten’s K10 Data Management Platform - digest: 894fcbfbf4e895e353b240591124e7a6ba03391cc1d2834e0c2c275f6760ec63 + digest: 46bd8ade716098eae02d0500591750c406d5fbeb228e11ea67e7f6cbff199b83 home: https://kasten.io/ icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png kubeVersion: '>= 1.17.0-0' @@ -10948,7 +11792,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.5.100.tgz + - assets/kasten/k10-5.5.100.tgz version: 5.5.100 - annotations: catalog.cattle.io/certified: partner @@ -10967,7 +11811,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.5.0.tgz + - assets/kasten/k10-5.5.0.tgz version: 5.5.0 - annotations: catalog.cattle.io/certified: partner @@ -10986,7 +11830,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.1100.tgz + - assets/kasten/k10-5.0.1100.tgz version: 5.0.1100 - annotations: catalog.cattle.io/certified: partner @@ -11005,7 +11849,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.1000.tgz + - assets/kasten/k10-5.0.1000.tgz version: 5.0.1000 - annotations: catalog.cattle.io/certified: partner @@ -11024,7 +11868,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.900.tgz + - assets/kasten/k10-5.0.900.tgz version: 5.0.900 - annotations: catalog.cattle.io/certified: partner @@ -11043,7 +11887,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.800.tgz + - assets/kasten/k10-5.0.800.tgz version: 5.0.800 - annotations: catalog.cattle.io/certified: partner @@ -11062,7 +11906,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.700.tgz + - assets/kasten/k10-5.0.700.tgz version: 5.0.700 - annotations: catalog.cattle.io/certified: partner @@ -11081,7 +11925,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.600.tgz + - assets/kasten/k10-5.0.600.tgz version: 5.0.600 - annotations: catalog.cattle.io/certified: partner @@ -11100,7 +11944,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.500.tgz + - assets/kasten/k10-5.0.500.tgz version: 5.0.500 - annotations: catalog.cattle.io/certified: partner @@ -11119,7 +11963,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.400.tgz + - assets/kasten/k10-5.0.400.tgz version: 5.0.400 - annotations: catalog.cattle.io/certified: partner @@ -11138,7 +11982,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.300.tgz + - assets/kasten/k10-5.0.300.tgz version: 5.0.300 - annotations: catalog.cattle.io/certified: partner @@ -11157,7 +12001,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.200.tgz + - assets/kasten/k10-5.0.200.tgz version: 5.0.200 - annotations: catalog.cattle.io/certified: partner @@ -11176,7 +12020,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.100.tgz + - assets/kasten/k10-5.0.100.tgz version: 5.0.100 - annotations: catalog.cattle.io/certified: partner @@ -11195,7 +12039,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-5.0.0.tgz + - assets/kasten/k10-5.0.0.tgz version: 5.0.0 - annotations: catalog.cattle.io/certified: partner @@ -11214,7 +12058,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-4.5.1500.tgz + - assets/kasten/k10-4.5.1500.tgz version: 4.5.1500 - annotations: catalog.cattle.io/certified: partner @@ -11233,7 +12077,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-4.5.1400.tgz + - assets/kasten/k10-4.5.1400.tgz version: 4.5.1400 - annotations: catalog.cattle.io/certified: partner @@ -11252,7 +12096,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-4.5.1300.tgz + - assets/kasten/k10-4.5.1300.tgz version: 4.5.1300 - annotations: catalog.cattle.io/certified: partner @@ -11271,7 +12115,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-4.5.1200.tgz + - assets/kasten/k10-4.5.1200.tgz version: 4.5.1200 - annotations: catalog.cattle.io/certified: partner @@ -11290,7 +12134,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-4.5.1100.tgz + - assets/kasten/k10-4.5.1100.tgz version: 4.5.1100 - annotations: catalog.cattle.io/certified: partner @@ -11309,7 +12153,7 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-4.5.1000.tgz + - assets/kasten/k10-4.5.1000.tgz version: 4.5.1000 - annotations: catalog.cattle.io/certified: partner @@ -11328,9 +12172,51 @@ entries: name: kastenIO name: k10 urls: - - assets/k10/k10-4.5.900.tgz + - assets/kasten/k10-4.5.900.tgz version: 4.5.900 kafka: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Kafka + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: kafka + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.3.2 + created: "2023-01-31T17:19:02.919427487Z" + dependencies: + - condition: zookeeper.enabled + name: zookeeper + repository: file://./charts/zookeeper + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Kafka is a distributed streaming platform designed to build + real-time pipelines and can be used as a message broker or as a replacement + for a log aggregation solution for big data applications. + digest: 55196d7aa1115f198f5eae95bbc66d29078e711d942c9b2cee0676698bd57dd3 + home: https://github.com/bitnami/charts/tree/main/bitnami/kafka + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/kafka.svg + keywords: + - kafka + - zookeeper + - streaming + - producer + - consumer + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: kafka + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/kafka + - https://kafka.apache.org/ + urls: + - assets/bitnami/kafka-20.0.6.tgz + version: 20.0.6 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Kafka @@ -11870,6 +12756,37 @@ entries: - assets/bitnami/kafka-19.0.1.tgz version: 19.0.1 kamaji: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kamaji - Managed Kubernetes Service + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: kamaji + apiVersion: v2 + appVersion: v0.2.0 + created: "2023-02-07T14:30:16.048952595Z" + description: Kamaji is a tool aimed to build and operate a Managed Kubernetes + Service with a fraction of the operational burden. With Kamaji, you can deploy + and operate hundreds of Kubernetes clusters as a hyper-scaler. + digest: f9c72e2af76a60fbe32d8e7354f860fdb4bbaaf70c32d30f8607f4d746f04b5d + home: https://github.com/clastix/kamaji + icon: https://github.com/clastix/kamaji/raw/master/assets/kamaji-logo.png + kubeVersion: '>=1.21.0-0' + maintainers: + - email: dario@tranchitella.eu + name: Dario Tranchitella + - email: me@maxgio.it + name: Massimiliano Giovagnoli + - email: me@bsctl.io + name: Adriano Pezzuto + - email: iam@mendrugory.com + name: Gonzalo Gabriel Jiménez Fuentes + name: kamaji + sources: + - https://github.com/clastix/kamaji + type: application + urls: + - assets/clastix/kamaji-0.11.0.tgz + version: 0.11.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kamaji - Managed Kubernetes Service @@ -11976,6 +12893,60 @@ entries: - assets/elastic/kibana-7.17.3.tgz version: 7.17.3 kong: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.1" + created: "2023-02-07T20:32:21.477629792Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: 1a7127c42bb913ece64fe7c5b4cddf7c884f962abecba7b7cb66b20af3918969 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: harry@konghq.com + name: hbagdi + - email: traines@konghq.com + name: rainest + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.16.2.tgz + version: 2.16.2 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kong Gateway + catalog.cattle.io/release-name: kong + apiVersion: v2 + appVersion: "3.1" + created: "2023-02-07T14:30:17.900099701Z" + dependencies: + - condition: postgresql.enabled + name: postgresql + repository: file://./charts/postgresql + version: 11.9.13 + description: The Cloud-Native Ingress and API-management + digest: b8ce65ab479149876440f2c344af63c783f0d5e0b6b3268375065690ec96a555 + home: https://konghq.com/ + icon: https://s3.amazonaws.com/downloads.kong/universe/assets/icon-kong-inc-large.png + maintainers: + - email: harry@konghq.com + name: hbagdi + - email: traines@konghq.com + name: rainest + name: kong + sources: + - https://github.com/Kong/charts/tree/main/charts/kong + urls: + - assets/kong/kong-2.16.1.tgz + version: 2.16.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kong Gateway @@ -12110,6 +13081,49 @@ entries: - assets/kong/kong-2.3.1.tgz version: 2.3.1 kubeslice-controller: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Avesha Kubeslice Controller + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/namespace: kubeslice-controller + catalog.cattle.io/release-name: kubeslice-controller + apiVersion: v2 + appVersion: 0.5.0 + created: "2023-02-02T16:55:17.154512801Z" + description: Multi cloud networking (MCN), multi cluster, hybrid cloud networking + tool for efficient, secure, policy-enforced connectivity and true multi-tenancy + capabilities. KubeSlice enables enterprise platform teams to reduce infrastructure + costs, cluster/namespace sprawl, avoid complex firewall and gateway configurations + and more. + digest: 8b6cfd723cbb1d15ce54a93b9fe6a7e18c852cacd89b18799fc954926b8b9166 + icon: https://kubeslice.io/documentation/open-source/img/kubeslice-logo.svg + keywords: + - multicloud + - multi cloud + - multitenant + - multitenancy + - multi tenant + - multi tenancy + - federated mesh + - federated clusters + - federated k8s + - federated kubernetes + - cluster sprawl + - sprawl + - namespace sprawl + - network policy + - overlay network + - mesh network + - security + - networking + - infrastructure + - application + kubeVersion: '>= 1.19.0-0' + name: kubeslice-controller + type: application + urls: + - assets/avesha/kubeslice-controller-0.5.0.tgz + version: 0.5.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Avesha Kubeslice Controller @@ -12232,6 +13246,49 @@ entries: - assets/avesha/kubeslice-controller-0.4.2.tgz version: 0.4.2 kubeslice-worker: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Avesha Kubeslice Worker + catalog.cattle.io/kube-version: '>= 1.19.0-0' + catalog.cattle.io/namespace: kubeslice-system + catalog.cattle.io/release-name: kubeslice-worker + apiVersion: v2 + appVersion: 0.5.0 + created: "2023-02-02T16:55:17.163800371Z" + description: Multi cloud networking (MCN), multi cluster, hybrid cloud networking + tool for efficient, secure, policy-enforced connectivity and true multi-tenancy + capabilities. KubeSlice enables enterprise platform teams to reduce infrastructure + costs, cluster/namespace sprawl, avoid complex firewall and gateway configurations + and more. + digest: 4820d1bbb3d17cecd15188c1d69ac627a52d964882f70fe531bed30914614452 + icon: https://kubeslice.io/documentation/open-source/img/kubeslice-logo.svg + keywords: + - multicloud + - multi cloud + - multitenant + - multitenancy + - multi tenant + - multi tenancy + - federated mesh + - federated clusters + - federated k8s + - federated kubernetes + - cluster sprawl + - sprawl + - namespace sprawl + - network policy + - overlay network + - mesh network + - security + - networking + - infrastructure + - application + kubeVersion: '>= 1.19.0-0' + name: kubeslice-worker + type: application + urls: + - assets/avesha/kubeslice-worker-0.5.0.tgz + version: 0.5.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Avesha Kubeslice Worker @@ -12354,6 +13411,33 @@ entries: - assets/avesha/kubeslice-worker-0.4.5.tgz version: 0.4.5 kuma: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Kuma + catalog.cattle.io/namespace: kuma-system + catalog.cattle.io/release-name: kuma + apiVersion: v2 + appVersion: 2.1.0 + created: "2023-01-31T17:19:06.028496924Z" + description: A Helm chart for the Kuma Control Plane + digest: be47b1ea8083ba8d11ba3ece38d7ea2de9e502a9cb2010d301abb286b97ffdd1 + home: https://github.com/kumahq/kuma + icon: https://kuma.io/assets/images/brand/kuma-logo-new.svg + keywords: + - service mesh + - control plane + maintainers: + - email: austin.cawley@gmail.com + name: austince + - email: jakub.dyszkiewicz@konghq.com + name: jakubdyszkiewicz + - email: nikolay.nikolaev@konghq.com + name: nickolaev + name: kuma + type: application + urls: + - assets/kuma/kuma-2.1.0.tgz + version: 2.1.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Kuma @@ -12643,6 +13727,84 @@ entries: - assets/elastic/logstash-7.17.3.tgz version: 7.17.3 mariadb: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.6.12 + created: "2023-02-07T14:30:15.497208751Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 5c383c8eff41e68eb04ae9e664ef7e5289bc6d24e4bf39724ee55bf404a8f460 + home: https://github.com/bitnami/charts/tree/main/bitnami/mariadb + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/mariadb + - https://github.com/prometheus/mysqld_exporter + - https://mariadb.org + urls: + - assets/bitnami/mariadb-11.4.6.tgz + version: 11.4.6 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: MariaDB + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: mariadb + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.6.11 + created: "2023-01-31T17:19:02.962174076Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: MariaDB is an open source, community-developed SQL database server + that is widely in use around the world due to its enterprise features, flexibility, + and collaboration with leading tech firms. + digest: 0541941c15e6a888464f1bd1095394f5cc235282bc72b303907ef8d06d6db8c6 + home: https://github.com/bitnami/charts/tree/main/bitnami/mariadb + icon: https://mariadb.com/wp-content/uploads/2019/11/mariadb-logo-vert_black-transparent.png + keywords: + - mariadb + - mysql + - database + - sql + - prometheus + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: mariadb + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/mariadb + - https://github.com/prometheus/mysqld_exporter + - https://mariadb.org + urls: + - assets/bitnami/mariadb-11.4.5.tgz + version: 11.4.5 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: MariaDB @@ -13292,6 +14454,68 @@ entries: - assets/bitnami/mysql-9.4.1.tgz version: 9.4.1 nats: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.9.12-alpine + created: "2023-02-07T14:30:18.034057576Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: d25a1ec48b16b914b8aad2418d2ce751284ff592da085e12ae2d731f5b14cf8e + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: wally@nats.io + name: Waldemar Quevedo + url: https://github.com/wallyqs + - email: colin@nats.io + name: Colin Sullivan + url: https://github.com/ColinSullivan1 + - email: caleb@nats.io + name: Caleb Lloyd + url: https://github.com/caleblloyd + name: nats + urls: + - assets/nats/nats-0.19.8.tgz + version: 0.19.8 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: NATS Server + catalog.cattle.io/kube-version: '>=1.16-0' + catalog.cattle.io/release-name: nats + apiVersion: v2 + appVersion: 2.9.11-alpine + created: "2023-02-02T16:55:20.727833277Z" + description: A Helm chart for the NATS.io High Speed Cloud Native Distributed + Communications Technology. + digest: 88b9fd9831e380f8fccdafe165a95b347f501932fd1ffb94f5c31a9130777712 + home: http://github.com/nats-io/k8s + icon: https://nats.io/img/nats-icon-color.png + keywords: + - nats + - messaging + - cncf + maintainers: + - email: wally@nats.io + name: Waldemar Quevedo + url: https://github.com/wallyqs + - email: colin@nats.io + name: Colin Sullivan + url: https://github.com/ColinSullivan1 + - email: caleb@nats.io + name: Caleb Lloyd + url: https://github.com/caleblloyd + name: nats + urls: + - assets/nats/nats-0.19.7.tgz + version: 0.19.7 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: NATS Server @@ -15546,6 +16770,84 @@ entries: - assets/portworx/portworx-essentials-2.9.100.tgz version: 2.9.100 postgresql: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.1.0 + created: "2023-02-02T16:55:17.707636586Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: e6f992b4ede3e2371c06482f80227da4fa33c0c9692d416a17b1266cb980b193 + home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/postgresql + - https://www.postgresql.org/ + urls: + - assets/bitnami/postgresql-12.1.14.tgz + version: 12.1.14 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: PostgreSQL + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: postgresql + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 15.1.0 + created: "2023-01-31T17:19:03.036241897Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: PostgreSQL (Postgres) is an open source object-relational database + known for reliability and data integrity. ACID-compliant, it supports foreign + keys, joins, views, triggers and stored procedures. + digest: d9ce79d690607ee5e625808814c12630e4e77fa974754f4b7c752d939d0b6784 + home: https://github.com/bitnami/charts/tree/main/bitnami/postgresql + icon: https://wiki.postgresql.org/images/a/a4/PostgreSQL_logo.3colors.svg + keywords: + - postgresql + - postgres + - database + - sql + - replication + - cluster + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: postgresql + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/postgresql + - https://www.postgresql.org/ + urls: + - assets/bitnami/postgresql-12.1.13.tgz + version: 12.1.13 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: PostgreSQL @@ -16027,6 +17329,29 @@ entries: - assets/percona/psmdb-db-1.13.0.tgz version: 1.13.0 psmdb-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Percona Operator for MongoDB + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: psmdb-operator + apiVersion: v2 + appVersion: 1.13.0 + created: "2023-02-02T16:55:20.956973725Z" + description: A Helm chart for deploying the Percona Operator for MongoDB + digest: 27a0b34b88e0995e410f196357d802640f8d27db81c136e52e189150aa5c53cd + home: https://docs.percona.com/percona-operator-for-mongodb/ + icon: https://raw.githubusercontent.com/percona/percona-server-mongodb-operator/main/operator.png + maintainers: + - email: ivan.pylypenko@percona.com + name: cap1984 + - email: tomislav.plavcic@percona.com + name: tplavcic + - email: sergey.pronin@percona.com + name: spron-in + name: psmdb-operator + urls: + - assets/percona/psmdb-operator-1.13.3.tgz + version: 1.13.3 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Percona Operator for MongoDB @@ -16225,6 +17550,41 @@ entries: - assets/quobyte/quobyte-cluster-0.1.5.tgz version: 0.1.5 redis: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redis + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: redis + category: Database + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 7.0.8 + created: "2023-02-07T14:30:15.69225429Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Redis(R) is an open source, advanced key-value store. It is often + referred to as a data structure server since keys can contain strings, hashes, + lists, sets and sorted sets. + digest: 3fae9d96870c720dd46e1d15cfe6d9ab619216fddd5c124926128efdd561299d + home: https://github.com/bitnami/charts/tree/main/bitnami/redis + icon: https://redis.com/wp-content/uploads/2021/08/redis-logo.png + keywords: + - redis + - keyvalue + - database + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: redis + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/redis + urls: + - assets/bitnami/redis-17.7.2.tgz + version: 17.7.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Redis @@ -16738,6 +18098,138 @@ entries: - assets/bitnami/redis-17.3.7.tgz version: 17.3.7 redpanda: + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.3.10 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.3.10 + created: "2023-02-07T20:32:27.085061912Z" + description: Redpanda is the real-time engine for modern apps. + digest: b3905be182d9fab85df355b0f7aabb4f3270161f9b30bf0211c3db75a122c811 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.8.1.tgz + version: 2.8.1 + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.3.10 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.3.10 + created: "2023-02-07T14:30:18.326360003Z" + description: Redpanda is the real-time engine for modern apps. + digest: db673d40ee6b45e2d9d10183bd5963240cb3436923431303cd15e92162e0d954 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.8.0.tgz + version: 2.8.0 + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.3.10 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.3.10 + created: "2023-02-02T16:55:21.096764666Z" + description: Redpanda is the real-time engine for modern apps. + digest: d405f2b6009cb633b3ea1bf276f8f61f33a3a86bd9bfba151df5ab9d1bddcbe2 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.6.4.tgz + version: 2.6.4 + - annotations: + artifacthub.io/images: | + - name: redpanda + image: vectorized/redpanda:v22.3.10 + - name: busybox + image: busybox:latest + artifacthub.io/license: Apache-2.0 + artifacthub.io/links: | + - name: Documentation + url: https://docs.redpanda.com + - name: "Helm (>= 3.6.0)" + url: https://helm.sh/docs/intro/install/ + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Redpanda + catalog.cattle.io/kube-version: '>=1.21-0' + catalog.cattle.io/release-name: redpanda + apiVersion: v2 + appVersion: v22.3.10 + created: "2023-01-31T17:19:06.455286505Z" + description: Redpanda is the real-time engine for modern apps. + digest: 0caf22ef303e272e6b3a147fb741e69b89b09f00cda63e331ee3561ce83d6262 + icon: https://images.ctfassets.net/paqvtpyf8rwu/3cYHw5UzhXCbKuR24GDFGO/73fb682e6157d11c10d5b2b5da1d5af0/skate-stand-panda.svg + kubeVersion: '>=1.21-0' + maintainers: + - name: redpanda-data + url: https://github.com/orgs/redpanda-data/people + name: redpanda + sources: + - https://github.com/redpanda-data/helm-charts + type: application + urls: + - assets/redpanda/redpanda-2.6.3.tgz + version: 2.6.3 - annotations: artifacthub.io/images: | - name: redpanda @@ -17452,6 +18944,39 @@ entries: - assets/redpanda/redpanda-2.1.7.tgz version: 2.1.7 s3gw: + - annotations: + app.aquarist-labs.io/name: s3gw + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: S3 Gateway + catalog.cattle.io/experimental: "true" + catalog.cattle.io/kube-version: '>=1.14' + catalog.cattle.io/namespace: s3gw + catalog.cattle.io/release-name: s3gw + apiVersion: v2 + appVersion: latest + created: "2023-01-31T17:19:01.715240151Z" + description: 'Easy-to-use Open Source and Cloud Native S3 service for use on Rancher''s + Kubernetes. ' + digest: 37c3d885aab46174c2b894dff0c3b30bb92c01ed40e47085b676ce4ace58d6b0 + home: https://github.com/aquarist-labs/s3gw + icon: https://raw.githubusercontent.com/aquarist-labs/aquarium-website/gh-pages/images/logo-xl.png + keywords: + - storage + - s3 + kubeVersion: '>=1.14' + maintainers: + - email: s3gw@suse.com + name: s3gw maintainers + url: https://github.com/orgs/aquarist-labs/projects/5 + name: s3gw + sources: + - https://github.com/aquarist-labs/s3gw-charts + - https://github.com/aquarist-labs/s3gw + - https://github.com/aquarist-labs/ceph + type: application + urls: + - assets/aquarist-labs/s3gw-0.11.0.tgz + version: 0.11.0 - annotations: app.aquarist-labs.io/name: s3gw catalog.cattle.io/certified: partner @@ -17881,6 +19406,41 @@ entries: - assets/shipa/shipa-1.4.0.tgz version: 1.4.0 spark: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Spark + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: spark + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.3.1 + created: "2023-01-31T17:19:03.224744394Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Spark is a high-performance engine for large-scale computing + tasks, such as data processing, machine learning and real-time data streaming. + It includes APIs for Java, Python, Scala and R. + digest: 9d8da6521bfc9c1e11e411008b29a1e7ac194f3865c326eb05177a52460e027b + home: https://github.com/bitnami/charts/tree/main/bitnami/spark + icon: https://www.apache.org/logos/res/spark/default.png + keywords: + - apache + - spark + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: spark + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/spark + - https://spark.apache.org/ + urls: + - assets/bitnami/spark-6.3.16.tgz + version: 6.3.16 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Spark @@ -18157,6 +19717,68 @@ entries: - assets/bitnami/spark-6.3.8.tgz version: 6.3.8 speedscale-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.2.296 + created: "2023-02-07T14:30:18.388938945Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 60996dd4a5eab0583cab5e3b5bf069dc2141679b931e7fb0eae914a1477ae06a + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.2.20.tgz + version: 1.2.20 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Speedscale Operator + catalog.cattle.io/kube-version: '>= 1.17.0-0' + catalog.cattle.io/release-name: speedscale-operator + apiVersion: v1 + appVersion: 1.2.282 + created: "2023-02-02T16:55:21.172061119Z" + description: Stress test your APIs with real world scenarios. Collect and replay + traffic without scripting. + digest: 14fd0c6dc6809aaaebe2dc5e15d2094c5145ebad87de1b22a829ff3d83cd8c0a + home: https://speedscale.com + icon: https://raw.githubusercontent.com/speedscale/assets/main/logo/gold_logo_only.png + keywords: + - speedscale + - test + - testing + - regression + - reliability + - load + - replay + - network + - traffic + kubeVersion: '>= 1.17.0-0' + maintainers: + - email: support@speedscale.com + name: Speedscale Support + name: speedscale-operator + urls: + - assets/speedscale/speedscale-operator-1.2.19.tgz + version: 1.2.19 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Speedscale Operator @@ -19143,6 +20765,123 @@ entries: - assets/intel/tcs-issuer-0.1.0.tgz version: 0.1.0 tomcat: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.1.5 + created: "2023-02-07T14:30:15.740987249Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: 39ea08e1a44097a1c89031102500bc8cb73633a9ef5f0f940562696b67a5b73e + home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/tomcat + - http://tomcat.apache.org + urls: + - assets/bitnami/tomcat-10.5.14.tgz + version: 10.5.14 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.1.5 + created: "2023-02-02T16:55:17.912982713Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: 59691f9d85a32eba4994f7c43c7ca161b42bcf2850454491cea06dcc261b2974 + home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/tomcat + - http://tomcat.apache.org + urls: + - assets/bitnami/tomcat-10.5.13.tgz + version: 10.5.13 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Tomcat + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: tomcat + category: ApplicationServer + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 10.1.5 + created: "2023-01-31T17:19:03.251024556Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache Tomcat is an open-source web server designed to host and run + Java-based web applications. It is a lightweight server with a good performance + for applications running in production environments. + digest: 9096ea510f1d9aeba7128720c6f1dfb305f75e6c895c54a3660adc5f9e0822a9 + home: https://github.com/bitnami/charts/tree/main/bitnami/tomcat + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/tomcat.svg + keywords: + - tomcat + - java + - http + - web + - application server + - jsp + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: tomcat + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/tomcat + - http://tomcat.apache.org + urls: + - assets/bitnami/tomcat-10.5.10.tgz + version: 10.5.10 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Tomcat @@ -20221,10 +21960,10 @@ entries: catalog.cattle.io/release-name: vals-operator apiVersion: v2 appVersion: 0.7.0 - created: "2023-01-27T16:48:55.536683334Z" + created: "2023-01-31T09:06:16.575392897-07:00" description: This helm chart installs the Digitalis Vals Operator to manage sync secrets from supported backends into Kubernetes - digest: bdaf8bdb7218aba53e9371725c86c2c4e61b9a935e6dd2ebc20357e59c66330d + digest: d0d302d2b84c5bf5ce4308d81cb6134a0e77138fff3afc7a337b0f91bbe1eff3 icon: https://digitalis.io/wp-content/uploads/2020/06/cropped-Digitalis-512x512-Blue_Digitalis-512x512-Blue-32x32.png kubeVersion: '>= 1.19.0-0' maintainers: @@ -20233,8 +21972,8 @@ entries: name: vals-operator type: application urls: - - assets/digitalis/vals-operator-0.7.1.tgz - version: 0.7.1 + - assets/digitalis/vals-operator-0.7.0.tgz + version: 0.7.0 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Vals-Operator @@ -20465,6 +22204,150 @@ entries: - assets/hashicorp/vault-0.22.0.tgz version: 0.22.0 wordpress: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.1.1 + created: "2023-02-07T14:30:15.947490978Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: d127942c6b2661b3dda91181f563df2ce1872386109dfae18ddb8119a1d94b4b + home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/wordpress + - https://wordpress.org/ + urls: + - assets/bitnami/wordpress-15.2.38.tgz + version: 15.2.38 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.1.1 + created: "2023-02-02T16:55:18.157808509Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: 1b321dd2fcf03e9c1699cc142e6b5c240d252f2bf52a523980883e8cc64c58a0 + home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/wordpress + - https://wordpress.org/ + urls: + - assets/bitnami/wordpress-15.2.37.tgz + version: 15.2.37 + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: WordPress + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: wordpress + category: CMS + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 6.1.1 + created: "2023-01-31T17:19:03.485199982Z" + dependencies: + - condition: memcached.enabled + name: memcached + repository: file://./charts/memcached + version: 6.x.x + - condition: mariadb.enabled + name: mariadb + repository: file://./charts/mariadb + version: 11.x.x + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: WordPress is the world's most popular blogging and content management + platform. Powerful yet simple, everyone from students to global corporations + use it to build beautiful, functional websites. + digest: ec88d91bc86d99b958092111a6080c133d69f661cba9b05c5a1bd82edc6a1459 + home: https://github.com/bitnami/charts/tree/main/bitnami/wordpress + icon: https://s.w.org/style/images/about/WordPress-logotype-simplified.png + keywords: + - application + - blog + - cms + - http + - php + - web + - wordpress + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: wordpress + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/wordpress + - https://wordpress.org/ + urls: + - assets/bitnami/wordpress-15.2.36.tgz + version: 15.2.36 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: WordPress @@ -21271,6 +23154,30 @@ entries: - assets/bitnami/wordpress-15.2.6.tgz version: 15.2.6 yugabyte: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugabyte + apiVersion: v1 + appVersion: 2.16.1.0-b50 + created: "2023-02-07T14:30:18.885083981Z" + description: YugabyteDB is the high-performance distributed SQL database for building + global, internet-scale apps. + digest: 7b2f2e5b908f29f75245044bf5dbcba846452231f027cbc056c89df5b4c04697 + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + maintainers: + - email: sanketh@yugabyte.com + name: Sanketh Indarapu + - email: gjalla@yugabyte.com + name: Govardhan Reddy Jalla + name: yugabyte + sources: + - https://github.com/yugabyte/yugabyte-db + urls: + - assets/yugabyte/yugabyte-2.16.1.tgz + version: 2.16.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB @@ -21392,6 +23299,30 @@ entries: - assets/yugabyte/yugabyte-2.14.3.tgz version: 2.14.3 yugaware: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: YugabyteDB Anywhere + catalog.cattle.io/kube-version: '>=1.18-0' + catalog.cattle.io/release-name: yugaware + apiVersion: v1 + appVersion: 2.16.1.0-b50 + created: "2023-02-07T14:30:18.892900574Z" + description: YugabyteDB Anywhere provides deployment, orchestration, and monitoring + for managing YugabyteDB clusters. YugabyteDB Anywhere can create a YugabyteDB + cluster with multiple pods provided by Kubernetes or OpenShift and logically + grouped together to form one logical distributed database. + digest: 70b1756dfcce48912b71ba43d57286f9005b62c5e7a7652991fb471b0fefb819 + home: https://www.yugabyte.com + icon: https://avatars0.githubusercontent.com/u/17074854?s=200&v=4 + maintainers: + - email: ram@yugabyte.com + name: Ram Sri + - email: arnav@yugabyte.com + name: Arnav Agarwal + name: yugaware + urls: + - assets/yugabyte/yugaware-2.16.1.tgz + version: 2.16.1 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: YugabyteDB Anywhere @@ -21510,6 +23441,39 @@ entries: - assets/netfoundry/ziti-host-1.5.1.tgz version: 1.5.1 zookeeper: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Apache Zookeeper + catalog.cattle.io/kube-version: '>=1.19-0' + catalog.cattle.io/release-name: zookeeper + category: Infrastructure + licenses: Apache-2.0 + apiVersion: v2 + appVersion: 3.8.1 + created: "2023-01-31T17:19:03.563092456Z" + dependencies: + - name: common + repository: file://./charts/common + tags: + - bitnami-common + version: 2.x.x + description: Apache ZooKeeper provides a reliable, centralized register of configuration + data and services for distributed applications. + digest: 71feb7318511ace3c77fee89c2ae2fd991abe8d2b61271c2debe07c3c6350f0d + home: https://github.com/bitnami/charts/tree/main/bitnami/zookeeper + icon: https://svn.apache.org/repos/asf/comdev/project-logos/originals/zookeeper.svg + keywords: + - zookeeper + maintainers: + - name: Bitnami + url: https://github.com/bitnami/charts + name: zookeeper + sources: + - https://github.com/bitnami/containers/tree/main/bitnami/zookeeper + - https://zookeeper.apache.org/ + urls: + - assets/bitnami/zookeeper-11.1.2.tgz + version: 11.1.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Apache Zookeeper diff --git a/packages/digitalis/vals-operator/upstream.yaml b/packages/digitalis/vals-operator/upstream.yaml index 24d6ce6e7..99c3c65c2 100644 --- a/packages/digitalis/vals-operator/upstream.yaml +++ b/packages/digitalis/vals-operator/upstream.yaml @@ -2,4 +2,3 @@ HelmRepo: https://digitalis-io.github.io/helm-charts HelmChart: vals-operator Vendor: Digitalis DisplayName: Vals-Operator -PackageVersion: 01 diff --git a/packages/f5/nginx-service-mesh/overlay/questions.yaml b/packages/f5/nginx-service-mesh/overlay/questions.yaml index 6f908f660..d169437c5 100644 --- a/packages/f5/nginx-service-mesh/overlay/questions.yaml +++ b/packages/f5/nginx-service-mesh/overlay/questions.yaml @@ -8,7 +8,6 @@ questions: group: "Image Registry" subquestions: - variable: registry.server - default: "docker-registry.nginx.com/nsm" description: "Hostname:port (if needed) for registry and path to images." label: Image registry server type: string @@ -17,27 +16,22 @@ questions: label: Image tag type: string - variable: registry.key - default: "" description: "Contents of your Google Cloud JSON key file. Cannot be used with username or password." label: Image registry key type: string - variable: registry.username - default: "" description: "Username for accessing private registry." label: Image registry username type: string - variable: registry.password - default: "" description: "Password for accessing private registry." label: Image registry password type: string - variable: registry.disablePublicImages - default: false description: "Do not pull third party images from public repositories. If true, registry.server is used for all images." label: Disable public images type: boolean - variable: registry.imagePullPolicy - default: "IfNotPresent" description: "Image pull policy." label: Image pull policy type: string @@ -50,7 +44,6 @@ questions: group: "Mutual TLS" subquestions: - variable: mtls.mode - default: "permissive" description: "mTLS mode for pod-to-pod communication." label: mTLS mode type: enum @@ -59,22 +52,18 @@ questions: - "permissive" - "strict" - variable: mtls.caTTL - default: "720h" description: "The CA/signing key TTL in hours(h) or minutes(m)." label: mTLS caTTL type: string - variable: mtls.svidTTL - default: "1h" description: "The TTL of certificates issued to workloads in hours(h) or minutes(m)." label: mTLS svidTTL type: string - variable: mtls.trustDomain - default: "example.org" description: "The trust domain of the NGINX Service Mesh." label: mTLS trust domain type: string - variable: mtls.persistentStorage - default: "on" description: "Use persistent storage; 'on' assumes that a StorageClass exists." label: mTLS persistent storage type: enum @@ -82,7 +71,6 @@ questions: - "on" - "off" - variable: mtls.spireServerKeyManager - default: "disk" description: "Storage logic for SPIRE Server's private keys." label: mTLS spire server key manager type: enum @@ -90,7 +78,6 @@ questions: - "disk" - "memory" - variable: mtls.caKeyType - default: "ec-p256" description: "The key type used for the SPIRE Server CA." label: mTLS ca key type type: enum @@ -100,13 +87,11 @@ questions: - "rsa-2048" - "rsa-4096" - variable: disableAutoInjection - default: false description: "Disable automatic sidecar injection upon resource creation." label: Disable auto injection type: boolean group: "General Settings" - variable: accessControlMode - default: "allow" description: "Default access control mode for service-to-service communication." label: Access control mode type: enum @@ -115,7 +100,6 @@ questions: - "deny" group: "General Settings" - variable: nginxErrorLogLevel - default: "warn" description: "NGINX error log level." label: NGINX error log level. type: enum @@ -130,7 +114,6 @@ questions: - "emerg" group: "General Settings" - variable: nginxLogFormat - default: "default" description: "NGINX log format." label: NGINX log format. type: enum @@ -139,7 +122,6 @@ questions: - "json" group: "General Settings" - variable: nginxLBMethod - default: "least_time" description: "NGINX load balancing method." label: NGINX load balancing method. type: enum @@ -156,7 +138,6 @@ questions: - "round_robin" group: "General Settings" - variable: clientMaxBodySize - default: "1m" description: "NGINX client max body size." label: NGINX client max body size. type: string @@ -171,11 +152,4 @@ questions: description: "Enable UDP traffic proxying (beta). Linux kernel 4.18 or greater is required." label: Enable UDP type: boolean - default: false - group: "General Settings" -- variable: rancher - default: true - description: "Enables Rancher for NGINX Service Mesh (do not disable)." - label: Rancher - type: boolean group: "General Settings" diff --git a/packages/k10/generated-changes/patch/Chart.yaml.patch b/packages/k10/generated-changes/patch/Chart.yaml.patch deleted file mode 100644 index 440ee4291..000000000 --- a/packages/k10/generated-changes/patch/Chart.yaml.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- charts-original/Chart.yaml -+++ charts/Chart.yaml -@@ -2,9 +2,14 @@ - appVersion: 5.5.1 - description: Kasten’s K10 Data Management Platform - home: https://kasten.io/ --icon: https://docs.kasten.io/_static/kasten.png -+icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png - maintainers: - - email: contact@kasten.io - name: kastenIO - name: k10 - version: 5.5.1 -+kubeVersion: '>= 1.17.0-0' -+annotations: -+ catalog.cattle.io/certified: partner -+ catalog.cattle.io/display-name: K10 -+ catalog.cattle.io/release-name: k10 diff --git a/packages/k10/package.yaml b/packages/k10/package.yaml deleted file mode 100644 index 442cbf74f..000000000 --- a/packages/k10/package.yaml +++ /dev/null @@ -1,2 +0,0 @@ -url: https://charts.kasten.io/k10-5.5.1.tgz -packageVersion: 00 diff --git a/packages/k10/generated-changes/overlay/app-readme.md b/packages/kasten/k10/overlay/app-readme.md similarity index 100% rename from packages/k10/generated-changes/overlay/app-readme.md rename to packages/kasten/k10/overlay/app-readme.md diff --git a/packages/k10/generated-changes/overlay/questions.yaml b/packages/kasten/k10/overlay/questions.yaml similarity index 100% rename from packages/k10/generated-changes/overlay/questions.yaml rename to packages/kasten/k10/overlay/questions.yaml diff --git a/packages/kasten/k10/upstream.yaml b/packages/kasten/k10/upstream.yaml new file mode 100644 index 000000000..31ea66b7f --- /dev/null +++ b/packages/kasten/k10/upstream.yaml @@ -0,0 +1,9 @@ +HelmRepo: https://charts.kasten.io +HelmChart: k10 +Vendor: Kasten +DisplayName: K10 +PackageVersion: 01 +Fetch: newer +ChartMetadata: + kubeVersion: '>= 1.17.0-0' + icon: https://docs.kasten.io/_static/logo-kasten-k10-blue-white.png