diff --git a/assets/universal-crossplane/universal-crossplane-1.4.300101.tgz b/assets/universal-crossplane/universal-crossplane-1.4.300101.tgz new file mode 100644 index 000000000..5a6d5038b Binary files /dev/null and b/assets/universal-crossplane/universal-crossplane-1.4.300101.tgz differ diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/.helmignore b/charts/universal-crossplane/universal-crossplane/1.4.300101/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/Chart.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/Chart.yaml new file mode 100644 index 000000000..c379ae756 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/Chart.yaml @@ -0,0 +1,40 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Upbound Universal Crossplane + catalog.cattle.io/release-name: universal-crossplane +apiVersion: v1 +appVersion: 1.4.3001 +description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade + distribution of Crossplane. +home: https://upbound.io +icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png +keywords: +- cloud +- infrastructure +- services +- application +- database +- cache +- bucket +- infra +- app +- ops +- oam +- gcp +- azure +- aws +- alibaba +- cloudsql +- rds +- s3 +- azuredatabase +- asparadb +- gke +- aks +- eks +kubeVersion: '>= 1.15' +maintainers: +- email: info@upbound.io + name: Upbound Inc. +name: universal-crossplane +version: 1.4.300101 diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/app-readme.md b/charts/universal-crossplane/universal-crossplane/1.4.300101/app-readme.md new file mode 100644 index 000000000..c6d8ecfe0 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/app-readme.md @@ -0,0 +1,36 @@ +# Upbound Universal Crossplane (UXP) + +Upbound Universal Crossplane (UXP) is [Upbound's](https://upbound.io) official enterprise-grade distribution of [Crossplane](https://crossplane.io). It's fully compatible with upstream Crossplane, [open source](https://github.com/upbound/universal-crossplane), capable of connecting to [Upbound Cloud](https://cloud.upbound.io) for real-time dashboard visibility, and maintained by Upbound. It's the easiest way for both individual community members and enterprises to build their production control planes. + +## Connecting to Upbound Cloud + +You can optionally connect your Universal Crossplane instance to Upbound Cloud. +Follow the steps below to connect your Universal Crossplane cluster to your Upbound Cloud Console. + +1. Install Upbound CLI + + You will need to make sure you have the Upbound CLI installed before you continue. If you need more information on how to install the Upbound CLI, you can read the [Installing Upbound CLI Documentation](https://cloud.upbound.io/docs/cli). + + ``` + curl -sL https://cli.upbound.io | sh + ``` + +2. Log in to Upbound Cloud + + ``` + up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT + ``` + + Or, to log in using an Upbound [API token](https://cloud.upbound.io/account/settings/tokens): + + ``` + up cloud login --profile=rancher --account=$UPBOUND_ACCOUNT --token=$API_TOKEN + ``` + +3. Create a Self-Hosted Control Plane + + ``` + up cloud controlplane attach $CONTROL_PLANE_NAME --profile=rancher + ``` + +4. Provide the token obtained in the previous step as `upbound.controlPlane.token` under `Upbound Cloud` section \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/questions.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/questions.yaml new file mode 100644 index 000000000..c5cb628bf --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/questions.yaml @@ -0,0 +1,184 @@ +questions: +# Upbound Cloud configuration +- variable: upbound.controlPlane.token + label: upbound.controlPlane.token + required: false + type: password + description: Token used to connect Upbound Cloud + group: "Upbound Cloud" +- variable: upbound.controlPlane.permission + label: upbound.controlPlane.permission + required: false + type: enum + default: "edit" + options: + - "edit" + - "view" + description: Cluster permissions for Upbound Cloud + group: "Upbound Cloud" +# Basic Crossplane configuration +- variable: replicas + label: replicas + description: Number of replicas to run for Crossplane pods + type: int + default: 1 + required: true + group: "Crossplane" +# Advanced Crossplane configuration +- variable: advancedCrossplaneConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "Crossplane" + subquestions: + - variable: leaderElection + label: leaderElection + description: "Enable leader election for Crossplane Managers pod" + type: boolean + default: true + required: false + group: "Crossplane" + - variable: deploymentStrategy + label: deploymentStrategy + description: "The deployment strategy for the Crossplane and RBAC Manager (if enabled) pods" + type: enum + default: "RollingUpdate" + options: + - "RollingUpdate" + - "Recreate" + required: true + group: "Crossplane" + - variable: priorityClassName + label: priorityClassName + description: "Priority class name for Crossplane and RBAC Manager (if enabled) pods" + type: string + required: false + group: "Crossplane" + - variable: metrics.enabled + label: metrics.enabled + description: "Expose Crossplane and RBAC Manager metrics endpoint" + type: boolean + required: false + group: "Crossplane" +# Basic Crossplane RBAC Manager configuration +- variable: rbacManager.deploy + label: rbacManager.deploy + description: "Deploy RBAC Manager" + type: boolean + default: true + required: true + group: "Crossplane RBAC Manager" +- variable: rbacManager.replicas + label: rbacManager.replicas + description: "The number of replicas to run for the RBAC Manager pods" + type: int + default: 1 + required: true + group: "Crossplane RBAC Manager" +# Advanced Crossplane RBAC Manager configuration +- variable: advancedRBACManagerConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "Crossplane RBAC Manager" + subquestions: + - variable: rbacManager.leaderElection + label: rbacManager.leaderElection + description: "Enable leader election for RBAC Managers pod" + type: boolean + default: true + group: "Crossplane RBAC Manager" + - variable: rbacManager.managementPolicy + label: rbacManager.managementPolicy + description: RBAC manager permissions. 'All' enables management for every Crossplane controller and user role. 'Basic' enables management just for Crossplane controller roles and the crossplane-admin, crossplane-edit, and crossplane-view user roles. + type: enum + default: "Basic" + options: + - "Basic" + - "All" + required: true + group: "Crossplane RBAC Manager" + - variable: rbacManager.skipAggregatedClusterRoles + label: rbacManager.skipAggregatedClusterRoles + description: "Opt out of deploying aggregated ClusterRoles" + type: boolean + default: true + group: "Crossplane RBAC Manager" +# Basic Package configuration +- variable: provider.packages + label: provider.packages + description: List of Provider packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. + type: string + required: false + group: "Packages" +- variable: configuration.packages + label: configuration.packages + description: List of Configuration packages to install with Crossplane. Select 'Edit as YAML' for the best editing experience. + type: string + required: false + group: "Packages" +# Advanced Package configuration +- variable: advancedPackageConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "Packages" + subquestions: + - variable: packageCache.sizeLimit + label: packageCache.sizeLimit + description: "Size limit for package cache. If medium is Memory then maximum usage would be the minimum of this value the sum of all memory limits on containers in the Crossplane pod" + type: string + default: "5Mi" + group: "Packages" + - variable: packageCache.medium + label: packageCache.medium + description: "Storage medium for package cache. Memory means volume will be backed by tmpfs, which can be useful for development" + type: string + group: "Packages" + - variable: packageCache.pvc + label: packageCache.pvc + description: "Name of the PersistentVolumeClaim to be used as the package cache. Providing a value will cause the default emptyDir volume to not be mounted" + type: string + group: "Packages" +# Basic XGQL configuration +- variable: xgql.config.debugMode + label: xgql.config.debugMode + description: "Enable debug mode for XGQL" + type: boolean + default: false + group: "XGQL" +# Advanced Crossplane configuration +- variable: advancedXGQLConfiguration + description: View advanced configuration settings + label: View advanced configuration + type: boolean + default: false + show_subquestion_if: true + group: "XGQL" + subquestions: + - variable: xgql.metrics.enabled + label: xgql.metrics.enabled + description: "Expose XGQL metrics endpoint" + type: boolean + required: false + group: "XGQL" +# Basic Agent configuration +- variable: agent.config.debugMode + label: agent.config.debugMode + description: "Enable debug mode for Upbound Agent" + type: boolean + default: false + group: "Upbound Agent" +# Basic Bootstrapper configuration +- variable: bootstrapper.config.debugMode + label: bootstrapper.config.debugMode + description: "Enable debug mode for Bootstrapper" + type: boolean + default: false + group: "Bootstrapper" \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/NOTES.txt new file mode 100644 index 000000000..33260c04f --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/NOTES.txt @@ -0,0 +1,15 @@ +By proceeding, you are accepting to comply with terms and conditions in https://licenses.upbound.io/upbound-software-license.html + +✨ Thank you for installing Universal Crossplane! +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +🚀 You can now connect your cluster to Upbound Cloud! + +Example command: +{{ if eq .Values.upbound.controlPlane.permission "edit" }} +$ up cloud controlplane attach | \ +up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - +{{- else if eq .Values.upbound.controlPlane.permission "view" }} +$ up cloud controlplane attach --view-only | \ +up uxp connect --token-secret-name {{ .Values.upbound.controlPlane.tokenSecretName }} --namespace {{ .Release.Namespace }} - +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/_helpers.tpl new file mode 100644 index 000000000..7ba5d8058 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/_helpers.tpl @@ -0,0 +1,21 @@ +{{/* vim: set filetype=mustache: */}} + +{{/* +Common labels +*/}} +{{- define "labels" -}} +helm.sh/chart: {{ include "chart" . }} +{{ include "selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "selectorLabels" -}} +app.kubernetes.io/name: {{ include "name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/_helpers.tpl new file mode 100644 index 000000000..bdca1ae09 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/_helpers.tpl @@ -0,0 +1,21 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "bootstrapper-name" -}} +{{- "upbound-bootstrapper" -}} +{{- end -}} + +{{/* +Labels - bootstrapper +*/}} +{{- define "labelsBootstrapper" -}} +{{ include "labels" . }} +app.kubernetes.io/component: bootstrapper +{{- end }} + +{{/* +Selector labels - bootstrapper +*/}} +{{- define "selectorLabelsBootstrapper" -}} +{{ include "selectorLabels" . }} +app.kubernetes.io/component: bootstrapper +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/clusterrole.yaml new file mode 100644 index 000000000..162abdd7a --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/clusterrole.yaml @@ -0,0 +1,26 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +rules: + # Bootstrapper needs to identify the cluster uniquely and it does that by using + # UID of kube-system namespace. + - apiGroups: + - "" + resources: + - namespaces + resourceNames: + - "kube-system" + verbs: + - "get" + # Controller-runtime requires watch and list permissions to build its resource + # cache of the kind that any client query is made for. + - apiGroups: + - "" + resources: + - namespaces + verbs: + - "list" + - "watch" diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/clusterrolebinding.yaml new file mode 100644 index 000000000..33fd634cd --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/clusterrolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "bootstrapper-name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "bootstrapper-name" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/deployment.yaml new file mode 100644 index 000000000..0030f4139 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/deployment.yaml @@ -0,0 +1,64 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + {{- include "selectorLabelsBootstrapper" . | nindent 6 }} + template: + metadata: + labels: + {{- include "selectorLabelsBootstrapper" . | nindent 8 }} + spec: + serviceAccountName: {{ template "bootstrapper-name" . }} + {{- if .Values.billing.awsMarketplace.enabled }} + securityContext: + # Providing this is not required for 1.19 or later clusters. + # See https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-technical-overview.html + fsGroup: 1337 + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range $index, $secret := .Values.imagePullSecrets }} + - name: {{ $secret }} + {{- end }} + {{ end }} + containers: + - name: bootstrapper + image: "{{ .Values.bootstrapper.image.repository }}:{{ .Values.bootstrapper.image.tag }}" + args: + - start + - --namespace + - {{ .Release.Namespace }} + - --upbound-api-url + - {{ .Values.upbound.apiURL }} + - --upbound-token-secret + - {{ .Values.upbound.controlPlane.tokenSecretName }} + - --agent-manifest + - {{ include "agent-spec" . | b64enc }} + - --controller + - upbound-agent + - --controller + - tls-secrets + {{- if .Values.billing.awsMarketplace.enabled }} + - --controller + - aws-marketplace + {{- end }} + {{- if .Values.bootstrapper.config.debugMode }} + - "--debug" + {{- end }} + {{- range $arg := .Values.bootstrapper.config.args }} + - {{ $arg }} + {{- end }} + env: + {{- range $key, $value := .Values.bootstrapper.config.envVars }} + - name: {{ $key | replace "." "_" }} + value: {{ $value | quote }} + {{- end}} + imagePullPolicy: {{ .Values.bootstrapper.image.pullPolicy }} + resources: + {{- toYaml .Values.bootstrapper.resources | nindent 12 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/role.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/role.yaml new file mode 100644 index 000000000..cb19df19f --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/role.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["events"] + verbs: ["create", "update", "patch", "delete"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["watch", "list"] + - apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "update", "patch"] + resourceNames: + - uxp-ca + - upbound-agent-public-certs + - upbound-agent-tls + - xgql-tls + - {{ .Values.upbound.controlPlane.tokenSecretName }} + {{- if .Values.billing.awsMarketplace.enabled }} + - upbound-entitlement + {{- end}} + - apiGroups: ["apps"] + resources: ["deployments"] + verbs: ["create", "update", "watch", "list"] diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/rolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/rolebinding.yaml new file mode 100644 index 000000000..aa41bb33a --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/rolebinding.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "bootstrapper-name" . }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "bootstrapper-name" . }} +subjects: + - kind: ServiceAccount + name: {{ template "bootstrapper-name" . }} + namespace: {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/secret-entitlement.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/secret-entitlement.yaml new file mode 100644 index 000000000..7e311b629 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/secret-entitlement.yaml @@ -0,0 +1,9 @@ +{{- if .Values.billing.awsMarketplace.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: upbound-entitlement + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +type: Opaque +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/serviceaccount.yaml new file mode 100644 index 000000000..1768272a3 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/serviceaccount.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "bootstrapper-name" . }} + {{- if and .Values.billing.awsMarketplace.enabled .Values.billing.awsMarketplace.iamRoleARN }} + annotations: + eks.amazonaws.com/role-arn: {{ .Values.billing.awsMarketplace.iamRoleARN | quote }} + {{- end }} + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/uxp-ca-tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/uxp-ca-tls-secret.yaml new file mode 100644 index 000000000..07163971e --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/uxp-ca-tls-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: uxp-ca + labels: + {{- include "labels" . | nindent 4 }} +type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/versions-configmap.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/versions-configmap.yaml new file mode 100644 index 000000000..008b62988 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/bootstrapper/versions-configmap.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: universal-crossplane-config + labels: + {{- include "labelsBootstrapper" . | nindent 4 }} +data: + crossplaneVersion: {{ (trimPrefix "v" .Values.image.tag) }} + xgqlVersion: {{ (trimPrefix "v" .Values.xgql.image.tag) }} + agentVersion: {{ (trimPrefix "v" .Values.agent.image.tag) }} + uxpVersion: {{ .Chart.Version }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/NOTES.txt b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/NOTES.txt new file mode 100644 index 000000000..f1c8a0c63 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/NOTES.txt @@ -0,0 +1,8 @@ +Release: {{.Release.Name}} + +Chart Name: {{.Chart.Name}} +Chart Description: {{.Chart.Description}} +Chart Version: {{.Chart.Version}} +Chart Application Version: {{.Chart.AppVersion}} + +Kube Version: {{.Capabilities.KubeVersion}} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/_helpers.tpl new file mode 100644 index 000000000..921e9df26 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/_helpers.tpl @@ -0,0 +1,14 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/clusterrole.yaml new file mode 100644 index 000000000..8a6b573cc --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/clusterrole.yaml @@ -0,0 +1,93 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-crossplane: "true" +rules: [] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:system:aggregate-to-crossplane + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + crossplane.io/scope: "system" + rbac.crossplane.io/aggregate-to-crossplane: "true" +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch + - delete +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - "*" +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - patch +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - "*" +- apiGroups: + - apiextensions.crossplane.io + - pkg.crossplane.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - extensions + - apps + resources: + - deployments + verbs: + - get + - list + - create + - update + - patch + - delete + - watch +- apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - create + - update + - patch + - watch + - delete diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/clusterrolebinding.yaml new file mode 100644 index 000000000..d0fb877c2 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/clusterrolebinding.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "name" . }} + namespace: {{ .Release.Namespace }} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/deployment.yaml new file mode 100644 index 000000000..c8ac46d7f --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/deployment.yaml @@ -0,0 +1,106 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + strategy: + type: {{ .Values.deploymentStrategy }} + template: + metadata: + {{- if .Values.metrics.enabled }} + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + {{- end }} + labels: + app: {{ template "name" . }} + release: {{ .Release.Name }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContextCrossplane | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + serviceAccountName: {{ template "name" . }} + initContainers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - core + - init + {{- range $arg := .Values.provider.packages }} + - --provider + - "{{ $arg }}" + {{- end }} + {{- range $arg := .Values.configuration.packages }} + - --configuration + - "{{ $arg }}" + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }}-init + resources: + {{- toYaml .Values.resourcesCrossplane | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContextCrossplane | nindent 12 }} + containers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - core + - start + {{- range $arg := .Values.args }} + - {{ $arg }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }} + resources: + {{- toYaml .Values.resourcesCrossplane | nindent 12 }} + {{- if .Values.metrics.enabled }} + ports: + - name: metrics + containerPort: 8080 + {{- end }} + securityContext: + {{- toYaml .Values.securityContextCrossplane | nindent 12 }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: LEADER_ELECTION + value: "{{ .Values.leaderElection }}" + {{- range $key, $value := .Values.extraEnvVarsCrossplane }} + - name: {{ $key | replace "." "_" }} + value: {{ $value | quote }} + {{- end}} + volumeMounts: + - mountPath: /cache + name: package-cache + volumes: + - name: package-cache + {{- if .Values.packageCache.pvc }} + persistentVolumeClaim: + claimName: {{ .Values.packageCache.pvc }} + {{- else }} + emptyDir: + medium: {{ .Values.packageCache.medium }} + sizeLimit: {{ .Values.packageCache.sizeLimit }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{ toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{ toYaml .Values.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{ toYaml .Values.affinity | nindent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml new file mode 100644 index 000000000..3b6ce2270 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-allowed-provider-permissions.yaml @@ -0,0 +1,16 @@ +{{- if .Values.rbacManager.deploy }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:allowed-provider-permissions + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-allowed-provider-permissions: "true" +{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-clusterrole.yaml new file mode 100644 index 000000000..de8478697 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-clusterrole.yaml @@ -0,0 +1,94 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-rbac-manager + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - namespaces + - serviceaccounts + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.crossplane.io + resources: + - compositeresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - pkg.crossplane.io + resources: + - providerrevisions + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + - roles + verbs: + - get + - list + - watch + - create + - update + - patch + # The RBAC manager may grant access it does not have. + - escalate +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterroles + verbs: + - bind +- apiGroups: + - rbac.authorization.k8s.io + resources: + - clusterrolebindings + verbs: + - "*" +- apiGroups: + - "" + - coordination.k8s.io + resources: + - configmaps + - leases + verbs: + - get + - list + - create + - update + - patch + - watch + - delete +{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-clusterrolebinding.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-clusterrolebinding.yaml new file mode 100644 index 000000000..bda467f24 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-rbac-manager + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-rbac-manager +subjects: +- kind: ServiceAccount + name: rbac-manager + namespace: {{ .Release.Namespace }} +{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-deployment.yaml new file mode 100644 index 000000000..c36144e70 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-deployment.yaml @@ -0,0 +1,87 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "name" . }}-rbac-manager + labels: + app: {{ template "name" . }}-rbac-manager + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.rbacManager.replicas }} + selector: + matchLabels: + app: {{ template "name" . }}-rbac-manager + release: {{ .Release.Name }} + strategy: + type: {{ .Values.deploymentStrategy }} + template: + metadata: + {{- if .Values.metrics.enabled }} + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "8080" + prometheus.io/scrape: "true" + {{- end }} + labels: + app: {{ template "name" . }}-rbac-manager + release: {{ .Release.Name }} + spec: + securityContext: + {{- toYaml .Values.podSecurityContextRBACManager | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + serviceAccountName: rbac-manager + initContainers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - rbac + - init + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }}-init + resources: + {{- toYaml .Values.resourcesRBACManager | nindent 12 }} + securityContext: + {{- toYaml .Values.securityContextRBACManager | nindent 12 }} + containers: + - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + args: + - rbac + - start + {{- if .Values.rbacManager.managementPolicy }} + - --manage={{ .Values.rbacManager.managementPolicy }} + {{- end }} + {{- range $arg := .Values.rbacManager.args }} + - {{ $arg }} + {{- end }} + - --provider-clusterrole={{ template "name" .}}:allowed-provider-permissions + imagePullPolicy: {{ .Values.image.pullPolicy }} + name: {{ .Chart.Name }} + resources: + {{- toYaml .Values.resourcesRBACManager | nindent 12 }} + {{- if .Values.metrics.enabled }} + ports: + - name: metrics + containerPort: 8080 + {{- end }} + securityContext: + {{- toYaml .Values.securityContextRBACManager | nindent 12 }} + env: + - name: LEADER_ELECTION + value: "{{ .Values.rbacManager.leaderElection }}" + {{- range $key, $value := .Values.extraEnvVarsRBACManager }} + - name: {{ $key | replace "." "_" }} + value: {{ $value | quote }} + {{- end}} + {{- if .Values.rbacManager.nodeSelector }} + nodeSelector: {{ toYaml .Values.rbacManager.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.rbacManager.tolerations }} + tolerations: {{ toYaml .Values.rbacManager.tolerations | nindent 8 }} + {{- end }} + {{- if .Values.rbacManager.affinity }} + affinity: {{ toYaml .Values.rbacManager.affinity | nindent 8 }} + {{- end }} +{{- end}} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-managed-clusterroles.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-managed-clusterroles.yaml new file mode 100644 index 000000000..3d41fb9b5 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-managed-clusterroles.yaml @@ -0,0 +1,279 @@ +{{- if .Values.rbacManager.deploy }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-admin +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: {{ template "name" . }}:masters +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-admin + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-admin: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-edit + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-edit: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-view + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-view: "true" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}-browse + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +aggregationRule: + clusterRoleSelectors: + - matchLabels: + rbac.crossplane.io/aggregate-to-browse: "true" +{{- if not .Values.rbacManager.skipAggregatedClusterRoles }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-admin + labels: + rbac.crossplane.io/aggregate-to-admin: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane administrators have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane administrators must create provider credential secrets, and may +# need to read or otherwise interact with connection secrets. They may also need +# to create or annotate namespaces. +- apiGroups: [""] + resources: [secrets, namespaces] + verbs: ["*"] +# Crossplane administrators have access to view the roles that they may be able +# to grant to other subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [clusterroles, roles] + verbs: [get, list, watch] +# Crossplane administrators have access to grant the access they have to other +# subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [clusterrolebindings, rolebindings] + verbs: ["*"] +# Crossplane administrators have full access to built in Crossplane types. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: ["*"] +- apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: ["*"] +# Crossplane administrators have access to view CRDs in order to debug XRDs. +- apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-edit + labels: + rbac.crossplane.io/aggregate-to-edit: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane editors have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane editors must create provider credential secrets, and may need to +# read or otherwise interact with connection secrets. +- apiGroups: [""] + resources: [secrets] + verbs: ["*"] +# Crossplane editors may see which namespaces exist, but not edit them. +- apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] +# Crossplane editors have full access to built in Crossplane types. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: ["*"] +- apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-view + labels: + rbac.crossplane.io/aggregate-to-view: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane viewers have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane viewers may see which namespaces exist. +- apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] +# Crossplane viewers have read-only access to built in Crossplane types. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: [get, list, watch] +- apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: [get, list, watch] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-browse + labels: + rbac.crossplane.io/aggregate-to-browse: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane browsers have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane browsers have read-only access to compositions and XRDs. This +# allows them to discover and select an appropriate composition when creating a +# resource claim. +- apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: [get, list, watch] +{{- if .Values.rbacManager.managementPolicy }} +--- +# The below ClusterRoles are aggregated to the namespaced RBAC roles created by +# the Crossplane RBAC manager when it is running in --manage=All mode. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-ns-admin + labels: + rbac.crossplane.io/aggregate-to-ns-admin: "true" + rbac.crossplane.io/base-of-ns-admin: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane namespace admins have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane namespace admins may need to read or otherwise interact with +# resource claim connection secrets. +- apiGroups: [""] + resources: [secrets] + verbs: ["*"] +# Crossplane namespace admins have access to view the roles that they may be +# able to grant to other subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [roles] + verbs: [get, list, watch] +# Crossplane namespace admins have access to grant the access they have to other +# subjects. +- apiGroups: [rbac.authorization.k8s.io] + resources: [rolebindings] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-ns-edit + labels: + rbac.crossplane.io/aggregate-to-ns-edit: "true" + rbac.crossplane.io/base-of-ns-edit: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane namespace editors have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +# Crossplane namespace editors may need to read or otherwise interact with +# resource claim connection secrets. +- apiGroups: [""] + resources: [secrets] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-ns-view + labels: + rbac.crossplane.io/aggregate-to-ns-view: "true" + rbac.crossplane.io/base-of-ns-view: "true" + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +# Crossplane namespace viewers have access to view events. +- apiGroups: [""] + resources: [events] + verbs: [get, list, watch] +{{- end }} +{{- end }} +{{- end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-serviceaccount.yaml new file mode 100644 index 000000000..dfefe4050 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/rbac-manager-serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rbacManager.deploy }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: rbac-manager + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end}} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/serviceaccount.yaml new file mode 100644 index 000000000..d3d47223c --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/crossplane/serviceaccount.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "name" . }} + labels: + app: {{ template "name" . }} + chart: {{ template "chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.imagePullSecrets }} +imagePullSecrets: +{{- range $index, $secret := .Values.imagePullSecrets }} +- name: {{ $secret }} +{{- end }} +{{ end }} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/_deployment-spec.tpl b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/_deployment-spec.tpl new file mode 100644 index 000000000..281f34e72 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/_deployment-spec.tpl @@ -0,0 +1,87 @@ +{{- define "agent-spec" -}} +replicas: 1 +selector: + matchLabels: + {{- include "selectorLabelsAgent" . | nindent 8 }} +template: + metadata: + labels: + {{- include "selectorLabelsAgent" . | nindent 10 }} + spec: + serviceAccountName: {{ template "agent-name" . }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range $index, $secret := .Values.imagePullSecrets }} + - name: {{ $secret }} + {{- end }} + {{ end }} + containers: + - name: agent + image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" + args: + - agent + - --tls-cert-file + - /etc/certs/upbound-agent/tls.crt + - --tls-key-file + - /etc/certs/upbound-agent/tls.key + - --xgql-ca-bundle-file + - /etc/certs/upbound-agent/ca.crt + - --nats-endpoint + - nats://{{ .Values.upbound.connectHost }}:{{ .Values.upbound.connectPort | default "443" }} + - --upbound-api-endpoint + - {{ .Values.upbound.apiURL }} + {{- if .Values.agent.config.debugMode }} + - "--debug" + {{- end }} + {{- range $arg := .Values.agent.config.args }} + - {{ $arg }} + {{- end }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CONTROL_PLANE_TOKEN + valueFrom: + secretKeyRef: + name: {{ .Values.upbound.controlPlane.tokenSecretName }} + key: token + {{- range $key, $value := .Values.agent.config.envVars }} + - name: {{ $key | replace "." "_" }} + value: {{ $value | quote }} + {{- end}} + imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + ports: + - name: agent + containerPort: 6443 + protocol: TCP + resources: + {{- toYaml .Values.agent.resources | nindent 14 }} + readinessProbe: + httpGet: + scheme: HTTPS + path: /readyz + port: 6443 + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 5 + failureThreshold: 3 + livenessProbe: + httpGet: + scheme: HTTPS + path: /livez + port: 6443 + initialDelaySeconds: 10 + timeoutSeconds: 5 + periodSeconds: 30 + failureThreshold: 5 + volumeMounts: + - mountPath: /etc/certs/upbound-agent + name: certs + readOnly: true + volumes: + - name: certs + secret: + defaultMode: 420 + secretName: upbound-agent-tls +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/_helpers.tpl new file mode 100644 index 000000000..4db04bfaa --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "agent-name" -}} +{{- "upbound-agent" -}} +{{- end -}} + +{{/* +Labels - agent +*/}} +{{- define "labelsAgent" -}} +{{ include "labels" . }} +app.kubernetes.io/component: agent +{{- end }} + +{{/* +Selector labels - agent +*/}} +{{- define "selectorLabelsAgent" -}} +{{ include "selectorLabels" . }} +app.kubernetes.io/component: agent +{{- end }} + diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrole.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrole.yaml new file mode 100644 index 000000000..9dc24441e --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrole.yaml @@ -0,0 +1,40 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["namespaces"] + resourceNames: ["kube-system"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "agent-name" . }}-impersonator + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["users"] + verbs: ["impersonate"] + resourceNames: ["upbound-cloud-impersonator"] + - apiGroups: ["authentication.k8s.io"] + resources: ["userextras/upbound-id"] + verbs: ["impersonate"] + - apiGroups: [""] + resources: ["groups"] + resourceNames: + # system:authenticated is required for calls to discovery API. Some Kubernetes + # clients like kubectl use it to figure out exactly which endpoints to call + # for given arguments. + - "system:authenticated" + - "upbound:view" +{{- if eq .Values.upbound.controlPlane.permission "edit" }} + - "upbound:edit" +{{- end }} + verbs: ["impersonate"] +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrolebindings-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrolebindings-managed.yaml new file mode 100644 index 000000000..66e157620 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrolebindings-managed.yaml @@ -0,0 +1,34 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-view + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-view +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:view +{{- if eq .Values.upbound.controlPlane.permission "edit" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "name" . }}-edit + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "name" . }}-edit +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:edit +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrolebindings.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrolebindings.yaml new file mode 100644 index 000000000..ec99faf43 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterrolebindings.yaml @@ -0,0 +1,31 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "agent-name" . }} +subjects: +- kind: ServiceAccount + name: {{ template "agent-name" . }} + namespace: {{ .Release.Namespace }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "agent-name" . }}-impersonator + labels: + {{- include "labelsAgent" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "agent-name" . }}-impersonator +subjects: + - kind: ServiceAccount + name: {{ template "agent-name" . }} + namespace: {{ .Release.Namespace }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterroles-managed.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterroles-managed.yaml new file mode 100644 index 000000000..fcca427a0 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/clusterroles-managed.yaml @@ -0,0 +1,66 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +# There are more permissions in upstream aggregated ClusterRoles than we'd like +# to have, so, we have our own ClusterRoles with only the permissions we need. +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-view + labels: + rbac.crossplane.io/aggregate-to-view: "true" + {{- include "labelsAgent" . | nindent 4 }} +rules: + # Universal Crossplane viewers have access to view events. + - apiGroups: [""] + resources: [events] + verbs: [get, list, watch] + # Universal Crossplane viewers may see which namespaces exist. + - apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] + # Universal Crossplane viewers may see CRDs installed in the cluster. + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch] + # Universal Crossplane viewers have read-only access to built in Crossplane types. + - apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: [get, list, watch] + - apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: [get, list, watch] +{{- if eq .Values.upbound.controlPlane.permission "edit" }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "name" . }}:aggregate-to-edit + labels: + rbac.crossplane.io/aggregate-to-edit: "true" + {{- include "labelsAgent" . | nindent 4 }} +rules: + # Universal Crossplane editors have access to view events. + - apiGroups: [""] + resources: [events] + verbs: [get, list, watch] + # Universal Crossplane editors may see which namespaces exist, but not edit them. + - apiGroups: [""] + resources: [namespaces] + verbs: [get, list, watch] + # Universal Crossplane editors may see CRDs installed in the cluster. + - apiGroups: [apiextensions.k8s.io] + resources: [customresourcedefinitions] + verbs: [get, list, watch] + # Universal Crossplane editors have full access to built in Crossplane types. + - apiGroups: + - apiextensions.crossplane.io + resources: ["*"] + verbs: ["*"] + - apiGroups: + - pkg.crossplane.io + resources: [providers, configurations, providerrevisions, configurationrevisions] + verbs: ["*"] +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/control-plane-token-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/control-plane-token-secret.yaml new file mode 100644 index 000000000..897846ae7 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/control-plane-token-secret.yaml @@ -0,0 +1,11 @@ +{{- if .Values.upbound.controlPlane.token }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.upbound.controlPlane.tokenSecretName }} + labels: + {{- include "labels" . | nindent 4 }} +type: Opaque +data: + token: {{ .Values.upbound.controlPlane.token | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/role.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/role.yaml new file mode 100644 index 000000000..960bc4d48 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/role.yaml @@ -0,0 +1,66 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +--- +# We need to be able to read universal-crossplane-config configmap in the namespace +# where UXP is deployed to provide version/configuration information. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "agent-name" . }}-uxp-config + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["configmaps"] + resourceNames: ["universal-crossplane-config"] + verbs: ["get"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "agent-name" . }}-uxp-config + labels: + {{- include "labelsAgent" . | nindent 4 }} +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:view +{{- if eq .Values.upbound.controlPlane.permission "edit" }} + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:edit +{{- end }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "agent-name" . }}-uxp-config +{{- end }} +{{- if eq .Values.upbound.controlPlane.permission "edit" }} +--- +# We need to be able to manage Secrets in the namespace where UXP is deployed +# so that Secrets pointed by ProviderConfig objects can be created by the agent. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "agent-name" . }}-secret + labels: + {{- include "labelsAgent" . | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["*"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "agent-name" . }}-secret + labels: + {{- include "labelsAgent" . | nindent 4 }} +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: upbound:edit +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "agent-name" . }}-secret +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/service.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/service.yaml new file mode 100644 index 000000000..7e22879a3 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/service.yaml @@ -0,0 +1,16 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +spec: + selector: + {{- include "selectorLabelsAgent" . | nindent 4 }} + ports: + - port: 6443 + targetPort: 6443 + protocol: TCP + name: https +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/serviceaccount.yaml new file mode 100644 index 000000000..fe136d5c0 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/serviceaccount.yaml @@ -0,0 +1,8 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "agent-name" . }} + labels: + {{- include "labelsAgent" . | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/tls-secret.yaml new file mode 100644 index 000000000..19a5c9748 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/upbound-agent/tls-secret.yaml @@ -0,0 +1,9 @@ +{{- if or (eq .Values.upbound.controlPlane.permission "view") (eq .Values.upbound.controlPlane.permission "edit") }} +apiVersion: v1 +kind: Secret +metadata: + name: upbound-agent-tls + labels: + {{- include "labelsAgent" . | nindent 4 }} +type: Opaque +{{- end }} \ No newline at end of file diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/_helpers.tpl b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/_helpers.tpl new file mode 100644 index 000000000..bd1141516 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/_helpers.tpl @@ -0,0 +1,22 @@ +{{/* vim: set filetype=mustache: */}} + +{{- define "xgql-name" -}} +{{- "xgql" -}} +{{- end -}} + +{{/* +Labels - xgql +*/}} +{{- define "labelsXgql" -}} +{{ include "labels" . }} +app.kubernetes.io/component: xgql +{{- end }} + +{{/* +Selector labels - xgql +*/}} +{{- define "selectorLabelsXgql" -}} +{{ include "selectorLabels" . }} +app.kubernetes.io/component: xgql +{{- end }} + diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/deployment.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/deployment.yaml new file mode 100644 index 000000000..66f3694cc --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "xgql-name" . }} + labels: + {{- include "labelsXgql" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "selectorLabelsXgql" . | nindent 6 }} + template: + metadata: + labels: + {{- include "selectorLabelsXgql" . | nindent 8 }} + spec: + serviceAccountName: {{ template "xgql-name" . }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- range $index, $secret := .Values.imagePullSecrets }} + - name: {{ $secret }} + {{- end }} + {{ end }} + containers: + - name: xgql + image: "{{ .Values.xgql.image.repository }}:{{ .Values.xgql.image.tag }}" + imagePullPolicy: {{ .Values.xgql.image.pullPolicy }} + resources: + {{- toYaml .Values.xgql.resources | nindent 12 }} + ports: + - name: https + containerPort: 8443 + protocol: TCP + {{- if .Values.xgql.metrics.enabled }} + - name: metrics + containerPort: 8080 + {{- end }} + args: + - --tls-key=/etc/certs/xgql/tls.key + - --tls-cert=/etc/certs/xgql/tls.crt + {{- if .Values.xgql.config.debugMode }} + - "--debug" + {{- end }} + {{- range $arg := .Values.xgql.config.args }} + - {{ $arg }} + {{- end }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- range $key, $value := .Values.xgql.config.envVars }} + - name: {{ $key | replace "." "_" }} + value: {{ $value | quote }} + {{- end}} + volumeMounts: + - mountPath: /etc/certs/xgql + name: certs + readOnly: true + volumes: + - name: certs + secret: + defaultMode: 420 + secretName: xgql-tls diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/service.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/service.yaml new file mode 100644 index 000000000..80f822d3c --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/service.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "xgql-name" . }} + labels: + {{- include "labelsXgql" . | nindent 4 }} +spec: + selector: + {{- include "selectorLabelsXgql" . | nindent 4 }} + ports: + - port: 443 + targetPort: https + protocol: TCP + name: https diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/serviceaccount.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/serviceaccount.yaml new file mode 100644 index 000000000..88e8bbdb7 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/serviceaccount.yaml @@ -0,0 +1,6 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "xgql-name" . }} + labels: + {{- include "labelsXgql" . | nindent 4 }} diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/tls-secret.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/tls-secret.yaml new file mode 100644 index 000000000..4b06ca735 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/templates/xgql/tls-secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: xgql-tls + labels: + {{- include "labelsXgql" . | nindent 4 }} +type: Opaque diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/values.yaml b/charts/universal-crossplane/universal-crossplane/1.4.300101/values.yaml new file mode 100644 index 000000000..58a648af4 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/values.yaml @@ -0,0 +1,185 @@ +nameOverride: "crossplane" + +replicas: 1 + +deploymentStrategy: RollingUpdate + +image: + repository: upbound/crossplane + tag: v1.4.3-up.1 + pullPolicy: IfNotPresent + +nodeSelector: {} +tolerations: {} +affinity: {} + +leaderElection: true +args: {} + +provider: + packages: [] + +configuration: + packages: [] + +imagePullSecrets: + - dockerhub + +rbacManager: + deploy: true + skipAggregatedClusterRoles: true + replicas: 1 + managementPolicy: Basic + leaderElection: true + args: {} + nodeSelector: {} + tolerations: {} + affinity: {} + +priorityClassName: "" + +resourcesCrossplane: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextCrossplane: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +packageCache: + medium: "" + sizeLimit: 5Mi + pvc: "" + +resourcesRBACManager: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextRBACManager: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +metrics: + enabled: false + +# List of extra environment variables to set in the crossplane deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key: value1 +# ANOTHER.KEY: value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsCrossplane: {} + +# List of extra environment variables to set in the crossplane rbac manager deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key: value1 +# ANOTHER.KEY: value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsRBACManager: {} + +podSecurityContextCrossplane: {} + +podSecurityContextRBACManager: {} + +### Agent Values + +upbound: + apiURL: "https://api.upbound.io" + connectHost: "connect.upbound.io" + controlPlane: + permission: edit + tokenSecretName: upbound-control-plane-token + token: "" + +xgql: + image: + repository: upbound/xgql + tag: v0.1.5 + pullPolicy: IfNotPresent + resources: {} + metrics: + enabled: false + config: + debugMode: false + args: [] + envVars: {} + # List of extra environment variables to set in the xgql deployment. + # EXAMPLE + # envVars: + # sample.key: value1 + # ANOTHER.KEY: value2 + # RESULT + # - name: sample_key + # value: "value1" + # - name: ANOTHER_KEY + # value: "value2" + +agent: + image: + repository: upbound/upbound-agent + tag: v1.4.3-up.1 + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + envVars: {} + # List of extra environment variables to set in the agent deployment. + # EXAMPLE + # envVars: + # sample.key: value1 + # ANOTHER.KEY: value2 + # RESULT + # - name: sample_key + # value: "value1" + # - name: ANOTHER_KEY + # value: "value2" + +### Bootstrapper Values + +bootstrapper: + image: + repository: upbound/uxp-bootstrapper + tag: v1.4.3-up.1 + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + envVars: {} + # List of extra environment variables to set in the bootstrapper deployment. + # EXAMPLE + # envVars: + # sample.key: value1 + # ANOTHER.KEY: value2 + # RESULT + # - name: sample_key + # value: "value1" + # - name: ANOTHER_KEY + # value: "value2" + +billing: + awsMarketplace: + enabled: false + iamRoleARN: arn:aws:iam:::role/ diff --git a/charts/universal-crossplane/universal-crossplane/1.4.300101/values.yaml.tmpl b/charts/universal-crossplane/universal-crossplane/1.4.300101/values.yaml.tmpl new file mode 100644 index 000000000..2e91ec174 --- /dev/null +++ b/charts/universal-crossplane/universal-crossplane/1.4.300101/values.yaml.tmpl @@ -0,0 +1,185 @@ +nameOverride: "crossplane" + +replicas: 1 + +deploymentStrategy: RollingUpdate + +image: + repository: upbound/crossplane + tag: %%CROSSPLANE_TAG%% + pullPolicy: IfNotPresent + +nodeSelector: {} +tolerations: {} +affinity: {} + +leaderElection: true +args: {} + +provider: + packages: [] + +configuration: + packages: [] + +imagePullSecrets: + - dockerhub + +rbacManager: + deploy: true + skipAggregatedClusterRoles: true + replicas: 1 + managementPolicy: Basic + leaderElection: true + args: {} + nodeSelector: {} + tolerations: {} + affinity: {} + +priorityClassName: "" + +resourcesCrossplane: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextCrossplane: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +packageCache: + medium: "" + sizeLimit: 5Mi + pvc: "" + +resourcesRBACManager: + limits: + cpu: 100m + memory: 512Mi + requests: + cpu: 100m + memory: 256Mi + +securityContextRBACManager: + runAsUser: 65532 + runAsGroup: 65532 + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + +metrics: + enabled: false + +# List of extra environment variables to set in the crossplane deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key: value1 +# ANOTHER.KEY: value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsCrossplane: {} + +# List of extra environment variables to set in the crossplane rbac manager deployment. +# EXAMPLE +# extraEnvironmentVars: +# sample.key: value1 +# ANOTHER.KEY: value2 +# RESULT +# - name: sample_key +# value: "value1" +# - name: ANOTHER_KEY +# value: "value2" +extraEnvVarsRBACManager: {} + +podSecurityContextCrossplane: {} + +podSecurityContextRBACManager: {} + +### Agent Values + +upbound: + apiURL: "https://api.upbound.io" + connectHost: "connect.upbound.io" + controlPlane: + permission: edit + tokenSecretName: upbound-control-plane-token + token: "" + +xgql: + image: + repository: upbound/xgql + tag: %%XGQL_TAG%% + pullPolicy: IfNotPresent + resources: {} + metrics: + enabled: false + config: + debugMode: false + args: [] + envVars: {} + # List of extra environment variables to set in the xgql deployment. + # EXAMPLE + # envVars: + # sample.key: value1 + # ANOTHER.KEY: value2 + # RESULT + # - name: sample_key + # value: "value1" + # - name: ANOTHER_KEY + # value: "value2" + +agent: + image: + repository: upbound/upbound-agent + tag: %%AGENT_TAG%% + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + envVars: {} + # List of extra environment variables to set in the agent deployment. + # EXAMPLE + # envVars: + # sample.key: value1 + # ANOTHER.KEY: value2 + # RESULT + # - name: sample_key + # value: "value1" + # - name: ANOTHER_KEY + # value: "value2" + +### Bootstrapper Values + +bootstrapper: + image: + repository: upbound/uxp-bootstrapper + tag: %%BOOTSTRAPPER_TAG%% + pullPolicy: IfNotPresent + resources: {} + config: + debugMode: false + args: [] + envVars: {} + # List of extra environment variables to set in the bootstrapper deployment. + # EXAMPLE + # envVars: + # sample.key: value1 + # ANOTHER.KEY: value2 + # RESULT + # - name: sample_key + # value: "value1" + # - name: ANOTHER_KEY + # value: "value2" + +billing: + awsMarketplace: + enabled: false + iamRoleARN: arn:aws:iam:::role/ diff --git a/index.yaml b/index.yaml index 91f10a7c6..485b4f4d1 100755 --- a/index.yaml +++ b/index.yaml @@ -2455,6 +2455,50 @@ entries: - assets/traefik/traefik-10.6.0.tgz version: 10.6.0 universal-crossplane: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Upbound Universal Crossplane + catalog.cattle.io/release-name: universal-crossplane + apiVersion: v1 + appVersion: 1.4.3001 + created: "2021-12-09T08:45:29.476849+03:00" + description: Upbound Universal Crossplane (UXP) is Upbound's official enterprise-grade + distribution of Crossplane. + digest: 940ffad0fb56515de69f021e094530808b62af714c071c894a505ce6d27ed31a + home: https://upbound.io + icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png + keywords: + - cloud + - infrastructure + - services + - application + - database + - cache + - bucket + - infra + - app + - ops + - oam + - gcp + - azure + - aws + - alibaba + - cloudsql + - rds + - s3 + - azuredatabase + - asparadb + - gke + - aks + - eks + kubeVersion: '>= 1.15' + maintainers: + - email: info@upbound.io + name: Upbound Inc. + name: universal-crossplane + urls: + - assets/universal-crossplane/universal-crossplane-1.4.300101.tgz + version: 1.4.300101 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Upbound Universal Crossplane diff --git a/packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch b/packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch index 5853cb35d..44a482d9e 100644 --- a/packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch +++ b/packages/universal-crossplane/generated-changes/patch/Chart.yaml.patch @@ -2,9 +2,9 @@ +++ charts/Chart.yaml @@ -1,8 +1,13 @@ apiVersion: v1 --appVersion: 1.3.3-up.1 +-appVersion: 1.4.3-up.1 -description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade distribution of Crossplane. It''s fully compatible with upstream Crossplane, open source, capable of connecting to Upbound Cloud for real-time dashboard visibility, and maintained by Upbound. It''s the easiest way for both individual community members and enterprises to build their production control planes. ' -+appVersion: 1.3.3001 ++appVersion: 1.4.3001 +description: 'Upbound Universal Crossplane (UXP) is Upbound''s official enterprise-grade distribution of Crossplane.' home: https://upbound.io icon: https://raw.githubusercontent.com/upbound/universal-crossplane/66ce9eb2c5a0c3af8ed7d19551a2c4d743b933b9/docs/media/logo.png @@ -20,5 +20,5 @@ - email: info@upbound.io name: Upbound Inc. name: universal-crossplane --version: 1.3.3-up.1 -+version: 1.3.3001 +-version: 1.4.3-up.1 ++version: 1.4.3001 diff --git a/packages/universal-crossplane/package.yaml b/packages/universal-crossplane/package.yaml index ad3e815ac..55ef22745 100644 --- a/packages/universal-crossplane/package.yaml +++ b/packages/universal-crossplane/package.yaml @@ -1,2 +1,2 @@ -url: https://charts.upbound.io/stable/universal-crossplane-1.3.3-up.1.tgz +url: https://charts.upbound.io/stable/universal-crossplane-1.4.3-up.1.tgz packageVersion: 01