Added chart versions:
codefresh/cf-runtime:
- 6.4.5
dynatrace/dynatrace-operator:
- 1.3.1
paravela/chronicle:
- 0.1.27
redpanda/redpanda:
- 5.9.7
pull/1079/head
github-actions[bot]
parent
d5d8d89507
commit
421bfb800e
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,3 @@
|
|||
tests/
|
||||
.ci/
|
||||
test-values/
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: added
|
||||
description: "add changelog into release"
|
||||
artifacthub.io/containsSecurityUpdates: "false"
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: Codefresh
|
||||
catalog.cattle.io/kube-version: '>=1.18-0'
|
||||
catalog.cattle.io/release-name: cf-runtime
|
||||
apiVersion: v2
|
||||
dependencies:
|
||||
- name: cf-common
|
||||
repository: oci://quay.io/codefresh/charts
|
||||
version: 0.16.0
|
||||
description: A Helm chart for Codefresh Runner
|
||||
home: https://codefresh.io/
|
||||
icon: file://assets/icons/cf-runtime.png
|
||||
keywords:
|
||||
- codefresh
|
||||
- runner
|
||||
kubeVersion: '>=1.18-0'
|
||||
maintainers:
|
||||
- name: codefresh
|
||||
url: https://codefresh-io.github.io/
|
||||
name: cf-runtime
|
||||
sources:
|
||||
- https://github.com/codefresh-io/venona
|
||||
version: 6.4.5
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,37 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "-----"
|
||||
echo "API_HOST: ${API_HOST}"
|
||||
echo "AGENT_NAME: ${AGENT_NAME}"
|
||||
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
|
||||
echo "AGENT: ${AGENT}"
|
||||
echo "AGENT_SECRET_NAME: ${AGENT_SECRET_NAME}"
|
||||
echo "DIND_SECRET_NAME: ${DIND_SECRET_NAME}"
|
||||
echo "-----"
|
||||
|
||||
auth() {
|
||||
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
|
||||
}
|
||||
|
||||
remove_runtime() {
|
||||
if [ "$AGENT" == "true" ]; then
|
||||
codefresh delete re ${RUNTIME_NAME} || true
|
||||
else
|
||||
codefresh delete sys-re ${RUNTIME_NAME} || true
|
||||
fi
|
||||
}
|
||||
|
||||
remove_agent() {
|
||||
codefresh delete agent ${AGENT_NAME} || true
|
||||
}
|
||||
|
||||
remove_secrets() {
|
||||
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
|
||||
kubectl delete secret $AGENT_SECRET_NAME || true
|
||||
kubectl delete secret $DIND_SECRET_NAME || true
|
||||
}
|
||||
|
||||
auth
|
||||
remove_runtime
|
||||
remove_agent
|
||||
remove_secrets
|
||||
|
|
@ -0,0 +1,132 @@
|
|||
#!/usr/bin/env bash
|
||||
#
|
||||
|
||||
#---
|
||||
fatal() {
|
||||
echo "ERROR: $1"
|
||||
exit 1
|
||||
}
|
||||
|
||||
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
|
||||
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
|
||||
|
||||
exit_trap () {
|
||||
local lc="$BASH_COMMAND" rc=$?
|
||||
if [ $rc != 0 ]; then
|
||||
if [[ -n "$SLEEP_ON_ERROR" ]]; then
|
||||
echo -e "\nSLEEP_ON_ERROR is set - Sleeping to fix error"
|
||||
sleep $SLEEP_ON_ERROR
|
||||
fi
|
||||
fi
|
||||
}
|
||||
trap exit_trap EXIT
|
||||
|
||||
usage() {
|
||||
echo "Usage:
|
||||
$0 [-n | --namespace] [--server-cert-cn] [--server-cert-extra-sans] codefresh-api-host codefresh-api-token
|
||||
|
||||
Example:
|
||||
$0 -n workflow https://g.codefresh.io 21341234.423141234.412431234
|
||||
|
||||
"
|
||||
}
|
||||
|
||||
# Args
|
||||
while [[ $1 =~ ^(-(n|h)|--(namespace|server-cert-cn|server-cert-extra-sans|help)) ]]
|
||||
do
|
||||
key=$1
|
||||
value=$2
|
||||
|
||||
case $key in
|
||||
-h|--help)
|
||||
usage
|
||||
exit
|
||||
;;
|
||||
-n|--namespace)
|
||||
NAMESPACE="$value"
|
||||
shift
|
||||
;;
|
||||
--server-cert-cn)
|
||||
SERVER_CERT_CN="$value"
|
||||
shift
|
||||
;;
|
||||
--server-cert-extra-sans)
|
||||
SERVER_CERT_EXTRA_SANS="$value"
|
||||
shift
|
||||
;;
|
||||
esac
|
||||
shift # past argument or value
|
||||
done
|
||||
|
||||
API_HOST=${1:-"$CF_API_HOST"}
|
||||
API_TOKEN=${2:-"$CF_API_TOKEN"}
|
||||
|
||||
[[ -z "$API_HOST" ]] && usage && fatal "Missing API_HOST"
|
||||
[[ -z "$API_TOKEN" ]] && usage && fatal "Missing token"
|
||||
|
||||
|
||||
API_SIGN_PATH=${API_SIGN_PATH:-"api/custom_clusters/signServerCerts"}
|
||||
|
||||
NAMESPACE=${NAMESPACE:-default}
|
||||
RELEASE=${RELEASE:-cf-runtime}
|
||||
|
||||
DIR=$(dirname $0)
|
||||
TMPDIR=/tmp/codefresh/
|
||||
|
||||
TMP_CERTS_FILE_ZIP=$TMPDIR/cf-certs.zip
|
||||
TMP_CERTS_HEADERS_FILE=$TMPDIR/cf-certs-response-headers.txt
|
||||
CERTS_DIR=$TMPDIR/ssl
|
||||
SRV_TLS_CA_CERT=${CERTS_DIR}/ca.pem
|
||||
SRV_TLS_KEY=${CERTS_DIR}/server-key.pem
|
||||
SRV_TLS_CSR=${CERTS_DIR}/server-cert.csr
|
||||
SRV_TLS_CERT=${CERTS_DIR}/server-cert.pem
|
||||
CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
|
||||
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
|
||||
mkdir -p $TMPDIR $CERTS_DIR
|
||||
|
||||
K8S_CERT_SECRET_NAME=codefresh-certs-server
|
||||
echo -e "\n------------------\nGenerating server tls certificates ... "
|
||||
|
||||
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
|
||||
SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
|
||||
###
|
||||
|
||||
openssl genrsa -out $SRV_TLS_KEY 4096 || fatal "Failed to generate openssl key "
|
||||
openssl req -subj "/CN=${SERVER_CERT_CN}" -new -key $SRV_TLS_KEY -out $SRV_TLS_CSR || fatal "Failed to generate openssl csr "
|
||||
GENERATE_CERTS=true
|
||||
CSR=$(sed ':a;N;$!ba;s/\n/\\n/g' ${SRV_TLS_CSR})
|
||||
|
||||
SERVER_CERT_SANS="IP:127.0.0.1,DNS:dind,DNS:*.dind.${NAMESPACE},DNS:*.dind.${NAMESPACE}.svc${KUBE_DOMAIN},DNS:*.cf-cd.com,DNS:*.codefresh.io"
|
||||
if [[ -n "${SERVER_CERT_EXTRA_SANS}" ]]; then
|
||||
SERVER_CERT_SANS=${SERVER_CERT_SANS},${SERVER_CERT_EXTRA_SANS}
|
||||
fi
|
||||
echo "{\"reqSubjectAltName\": \"${SERVER_CERT_SANS}\", \"csr\": \"${CSR}\" }" > ${TMPDIR}/sign_req.json
|
||||
|
||||
rm -fv ${TMP_CERTS_HEADERS_FILE} ${TMP_CERTS_FILE_ZIP}
|
||||
|
||||
SIGN_STATUS=$(curl -k -sSL -d @${TMPDIR}/sign_req.json -H "Content-Type: application/json" -H "Authorization: ${API_TOKEN}" -H "Expect: " \
|
||||
-o ${TMP_CERTS_FILE_ZIP} -D ${TMP_CERTS_HEADERS_FILE} -w '%{http_code}' ${API_HOST}/${API_SIGN_PATH} )
|
||||
|
||||
echo "Sign request completed with HTTP_STATUS_CODE=$SIGN_STATUS"
|
||||
if [[ $SIGN_STATUS != 200 ]]; then
|
||||
echo "ERROR: Cannot sign certificates"
|
||||
if [[ -f ${TMP_CERTS_FILE_ZIP} ]]; then
|
||||
mv ${TMP_CERTS_FILE_ZIP} ${TMP_CERTS_FILE_ZIP}.error
|
||||
cat ${TMP_CERTS_FILE_ZIP}.error
|
||||
fi
|
||||
exit 1
|
||||
fi
|
||||
unzip -o -d ${CERTS_DIR}/ ${TMP_CERTS_FILE_ZIP} || fatal "Failed to unzip certificates to ${CERTS_DIR} "
|
||||
cp -v ${CF_SRV_TLS_CA_CERT} $SRV_TLS_CA_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains ca.pem"
|
||||
cp -v ${CF_SRV_TLS_CERT} $SRV_TLS_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains cf-server-cert.pem"
|
||||
|
||||
|
||||
echo -e "\n------------------\nCreating certificate secret "
|
||||
|
||||
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
|
||||
--from-file=$SRV_TLS_CA_CERT \
|
||||
--from-file=$SRV_TLS_KEY \
|
||||
--from-file=$SRV_TLS_CERT \
|
||||
--dry-run=client -o yaml | kubectl apply --overwrite -f -
|
||||
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
|
||||
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'
|
||||
|
|
@ -0,0 +1,80 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "-----"
|
||||
echo "API_HOST: ${API_HOST}"
|
||||
echo "AGENT_NAME: ${AGENT_NAME}"
|
||||
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
|
||||
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
|
||||
echo "OWNER_NAME: ${OWNER_NAME}"
|
||||
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
|
||||
echo "SECRET_NAME: ${SECRET_NAME}"
|
||||
echo "-----"
|
||||
|
||||
create_agent_secret() {
|
||||
|
||||
kubectl apply -f - <<EOF
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: ${SECRET_NAME}
|
||||
namespace: ${KUBE_NAMESPACE}
|
||||
labels:
|
||||
codefresh.io/internal: "true"
|
||||
finalizers:
|
||||
- kubernetes
|
||||
ownerReferences:
|
||||
- apiVersion: apps/v1
|
||||
kind: Deploy
|
||||
name: ${OWNER_NAME}
|
||||
uid: ${OWNER_UID}
|
||||
stringData:
|
||||
agent-codefresh-token: ${1}
|
||||
EOF
|
||||
|
||||
}
|
||||
|
||||
OWNER_UID=$(kubectl get deploy ${OWNER_NAME} --namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.uid}')
|
||||
echo "got owner uid: ${OWNER_UID}"
|
||||
|
||||
if [ ! -z "${AGENT_CODEFRESH_TOKEN}" ]; then
|
||||
echo "-----"
|
||||
echo "runtime and agent are already initialized"
|
||||
echo "-----"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ ! -z "${EXISTING_AGENT_CODEFRESH_TOKEN}" ]; then
|
||||
echo "using existing agentToken value"
|
||||
create_agent_secret $EXISTING_AGENT_CODEFRESH_TOKEN
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
|
||||
echo "-----"
|
||||
echo "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
|
||||
echo "-----"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
|
||||
|
||||
# AGENT_TOKEN might be empty, in which case it will be returned by the call
|
||||
RES=$(codefresh install agent \
|
||||
--name ${AGENT_NAME} \
|
||||
--kube-context-name ${KUBE_CONTEXT} \
|
||||
--kube-namespace ${KUBE_NAMESPACE} \
|
||||
--agent-kube-namespace ${KUBE_NAMESPACE} \
|
||||
--install-runtime \
|
||||
--runtime-name ${RUNTIME_NAME} \
|
||||
--skip-cluster-creation \
|
||||
--platform-only)
|
||||
|
||||
AGENT_CODEFRESH_TOKEN=$(echo "${RES}" | tail -n 1)
|
||||
echo "generated agent + runtime in platform"
|
||||
|
||||
create_agent_secret $AGENT_CODEFRESH_TOKEN
|
||||
|
||||
echo "-----"
|
||||
echo "done initializing runtime and agent"
|
||||
echo "-----"
|
||||
|
|
@ -0,0 +1,38 @@
|
|||
#!/bin/bash
|
||||
|
||||
echo "-----"
|
||||
echo "API_HOST: ${API_HOST}"
|
||||
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
|
||||
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
|
||||
echo "OWNER_NAME: ${OWNER_NAME}"
|
||||
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
|
||||
echo "CONFIGMAP_NAME: ${CONFIGMAP_NAME}"
|
||||
echo "RECONCILE_INTERVAL: ${RECONCILE_INTERVAL}"
|
||||
echo "-----"
|
||||
|
||||
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
|
||||
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
|
||||
|
||||
|
||||
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
|
||||
err "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
|
||||
|
||||
while true; do
|
||||
msg "Reconciling ${RUNTIME_NAME} runtime"
|
||||
|
||||
sleep $RECONCILE_INTERVAL
|
||||
|
||||
codefresh get re \
|
||||
--name ${RUNTIME_NAME} \
|
||||
-o yaml \
|
||||
| yq 'del(.version, .metadata.changedBy, .metadata.creationTime)' > /tmp/runtime.yaml
|
||||
|
||||
kubectl get cm ${CONFIGMAP_NAME} -n ${KUBE_NAMESPACE} -o yaml \
|
||||
| yq 'del(.metadata.resourceVersion, .metadata.uid)' \
|
||||
| yq eval '.data["runtime.yaml"] = load_str("/tmp/runtime.yaml")' \
|
||||
| kubectl apply -f -
|
||||
done
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
{{- define "app-proxy.resources.deployment" -}}
|
||||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "app-proxy.fullname" . }}
|
||||
labels:
|
||||
{{- include "app-proxy.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicasCount }}
|
||||
strategy:
|
||||
type: {{ .Values.updateStrategy.type }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "app-proxy.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "app-proxy.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
|
||||
serviceAccountName: {{ include "app-proxy.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: app-proxy
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
|
||||
env:
|
||||
{{- include "app-proxy.environment-variables" . | nindent 8 }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 3000
|
||||
readinessProbe:
|
||||
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
{{- define "app-proxy.environment-variables.defaults" }}
|
||||
PORT: 3000
|
||||
{{- end }}
|
||||
|
||||
{{- define "app-proxy.environment-variables.calculated" }}
|
||||
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
|
||||
{{- with .Values.ingress.pathPrefix }}
|
||||
API_PATH_PREFIX: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "app-proxy.environment-variables" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- $defaults := (include "app-proxy.environment-variables.defaults" . | fromYaml) }}
|
||||
{{- $calculated := (include "app-proxy.environment-variables.calculated" . | fromYaml) }}
|
||||
{{- $overrides := .Values.env }}
|
||||
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "app-proxy.name" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "app-proxy.fullname" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "app-proxy.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
codefresh.io/application: app-proxy
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "app-proxy.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
codefresh.io/application: app-proxy
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "app-proxy.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "app-proxy.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
{{- define "app-proxy.resources.ingress" -}}
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ include "app-proxy.fullname" . }}
|
||||
labels: {{- include "app-proxy.labels" . | nindent 4 }}
|
||||
{{- with .Values.ingress.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- if and .Values.ingress.class (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
|
||||
ingressClassName: {{ .Values.ingress.class }}
|
||||
{{- end }}
|
||||
{{- if .Values.ingress.tlsSecret }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.ingress.host }}
|
||||
secretName: {{ .Values.tlsSecret }}
|
||||
{{- end }}
|
||||
rules:
|
||||
- host: {{ .Values.ingress.host }}
|
||||
http:
|
||||
paths:
|
||||
- path: {{ .Values.ingress.pathPrefix | default "/" }}
|
||||
pathType: ImplementationSpecific
|
||||
backend:
|
||||
service:
|
||||
name: {{ include "app-proxy.fullname" . }}
|
||||
port:
|
||||
number: 80
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
{{- define "app-proxy.resources.rbac" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "app-proxy.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "app-proxy.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.rbac.create }}
|
||||
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "app-proxy.fullname" . }}
|
||||
labels:
|
||||
{{- include "app-proxy.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "secrets" ]
|
||||
verbs: [ "get" ]
|
||||
{{- with .Values.rbac.rules }}
|
||||
{{ toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "app-proxy.fullname" . }}
|
||||
labels:
|
||||
{{- include "app-proxy.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "app-proxy.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "app-proxy.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
{{- define "app-proxy.resources.service" -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "app-proxy.fullname" . }}
|
||||
labels:
|
||||
{{- include "app-proxy.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 3000
|
||||
selector:
|
||||
{{- include "app-proxy.selectorLabels" . | nindent 4 }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,62 @@
|
|||
{{- define "event-exporter.resources.deployment" -}}
|
||||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "event-exporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "event-exporter.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicasCount }}
|
||||
strategy:
|
||||
type: {{ .Values.updateStrategy.type }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "event-exporter.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
|
||||
serviceAccountName: {{ include "event-exporter.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: event-exporter
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
|
||||
args: [--running-in-cluster=true]
|
||||
env:
|
||||
{{- include "event-exporter.environment-variables" . | nindent 8 }}
|
||||
ports:
|
||||
- name: metrics
|
||||
containerPort: 9102
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
{{- define "event-exporter.environment-variables.defaults" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "event-exporter.environment-variables.calculated" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "event-exporter.environment-variables" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- $defaults := (include "event-exporter.environment-variables.defaults" . | fromYaml) }}
|
||||
{{- $calculated := (include "event-exporter.environment-variables.calculated" . | fromYaml) }}
|
||||
{{- $overrides := .Values.env }}
|
||||
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "event-exporter.name" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.name" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "event-exporter.fullname" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "event-exporter.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
app: event-exporter
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "event-exporter.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
app: event-exporter
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "event-exporter.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "event-exporter.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
{{- define "event-exporter.resources.rbac" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "event-exporter.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "event-exporter.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.rbac.create }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "event-exporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "event-exporter.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources: [events]
|
||||
verbs: [get, list, watch]
|
||||
{{- with .Values.rbac.rules }}
|
||||
{{ toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "event-exporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "event-exporter.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "event-exporter.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ include "event-exporter.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
{{- define "event-exporter.resources.service" -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "event-exporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "event-exporter.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: metrics
|
||||
port: 9102
|
||||
targetPort: metrics
|
||||
protocol: TCP
|
||||
selector:
|
||||
{{- include "event-exporter.selectorLabels" . | nindent 4 }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,14 @@
|
|||
{{- define "event-exporter.resources.serviceMonitor" -}}
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: ServiceMonitor
|
||||
metadata:
|
||||
name: {{ include "event-exporter.fullname" . }}
|
||||
labels:
|
||||
{{- include "event-exporter.labels" . | nindent 4 }}
|
||||
spec:
|
||||
endpoints:
|
||||
- port: metrics
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
{{- define "monitor.resources.deployment" -}}
|
||||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "monitor.fullname" . }}
|
||||
labels:
|
||||
{{- include "monitor.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicasCount }}
|
||||
strategy:
|
||||
type: {{ .Values.updateStrategy.type }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "monitor.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "monitor.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
|
||||
serviceAccountName: {{ include "monitor.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: monitor
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
|
||||
env:
|
||||
{{- include "monitor.environment-variables" . | nindent 8 }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 9020
|
||||
readinessProbe:
|
||||
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
||||
httpGet:
|
||||
path: /api/ping
|
||||
port: 9020
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,26 @@
|
|||
{{- define "monitor.environment-variables.defaults" }}
|
||||
SERVICE_NAME: {{ include "monitor.fullname" . }}
|
||||
PORT: 9020
|
||||
HELM3: true
|
||||
NODE_OPTIONS: "--max_old_space_size=4096"
|
||||
{{- end }}
|
||||
|
||||
{{- define "monitor.environment-variables.calculated" }}
|
||||
API_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
|
||||
CLUSTER_ID: {{ include "runtime.runtime-environment-spec.context-name" . }}
|
||||
API_URL: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}/api/k8s-monitor/events
|
||||
ACCOUNT_ID: {{ .Values.global.accountId }}
|
||||
NAMESPACE: {{ .Release.Namespace }}
|
||||
{{- if .Values.rbac.namespaced }}
|
||||
ROLE_BINDING: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "monitor.environment-variables" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- $defaults := (include "monitor.environment-variables.defaults" . | fromYaml) }}
|
||||
{{- $calculated := (include "monitor.environment-variables.calculated" . | fromYaml) }}
|
||||
{{- $overrides := .Values.env }}
|
||||
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "monitor.name" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "monitor.fullname" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "monitor.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
codefresh.io/application: monitor
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "monitor.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
codefresh.io/application: monitor
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "monitor.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "monitor.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,56 @@
|
|||
{{- define "monitor.resources.rbac" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "monitor.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "monitor.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.rbac.create }}
|
||||
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "monitor.fullname" . }}
|
||||
labels:
|
||||
{{- include "monitor.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "*" ]
|
||||
verbs: [ "get", "list", "watch", "create", "delete" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods" ]
|
||||
verbs: [ "get", "list", "watch", "create", "deletecollection" ]
|
||||
- apiGroups: [ "extensions" ]
|
||||
resources: [ "*" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "apps" ]
|
||||
resources: [ "*" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
{{- with .Values.rbac.rules }}
|
||||
{{ toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "monitor.fullname" . }}
|
||||
labels:
|
||||
{{- include "monitor.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "monitor.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
|
||||
name: {{ include "monitor.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,17 @@
|
|||
{{- define "monitor.resources.service" -}}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ include "monitor.fullname" . }}
|
||||
labels:
|
||||
{{- include "monitor.labels" . | nindent 4 }}
|
||||
spec:
|
||||
type: ClusterIP
|
||||
ports:
|
||||
- name: http
|
||||
port: 80
|
||||
protocol: TCP
|
||||
targetPort: 9020
|
||||
selector:
|
||||
{{- include "monitor.selectorLabels" . | nindent 4 }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,103 @@
|
|||
{{- define "runner.resources.deployment" -}}
|
||||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "runner.fullname" . }}
|
||||
labels:
|
||||
{{- include "runner.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicasCount }}
|
||||
strategy:
|
||||
type: {{ .Values.updateStrategy.type }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "runner.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "runner.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
|
||||
serviceAccountName: {{ include "runner.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
initContainers:
|
||||
- name: init
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.init.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.init.image.pullPolicy | default "IfNotPresent" }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- | {{ .Files.Get "files/init-runtime.sh" | nindent 10 }}
|
||||
env:
|
||||
{{- include "runner-init.environment-variables" . | nindent 8 }}
|
||||
{{- with .Values.init.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: runner
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
|
||||
env:
|
||||
{{- include "runner.environment-variables" . | nindent 8 }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
readinessProbe:
|
||||
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
|
||||
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
|
||||
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
|
||||
successThreshold: {{ .Values.readinessProbe.successThreshold }}
|
||||
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
|
||||
httpGet:
|
||||
path: /health
|
||||
port: http
|
||||
{{- with .Values.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
volumeMounts:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.sidecar.enabled }}
|
||||
- name: reconcile-runtime
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.sidecar.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy | default "IfNotPresent" }}
|
||||
command:
|
||||
- /bin/bash
|
||||
args:
|
||||
- -ec
|
||||
- | {{ .Files.Get "files/reconcile-runtime.sh" | nindent 10 }}
|
||||
env:
|
||||
{{- include "runner-sidecar.environment-variables" . | nindent 8 }}
|
||||
{{- with .Values.sidecar.resources }}
|
||||
resources:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
volumes:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,42 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "runner.name" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "runner.fullname" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "runner.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
codefresh.io/application: runner
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "runner.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
codefresh.io/application: runner
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "runner.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "runner.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,53 @@
|
|||
{{- define "runner.resources.rbac" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "runner.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "runner.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.rbac.create }}
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "runner.fullname" . }}
|
||||
labels:
|
||||
{{- include "runner.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods", "persistentvolumeclaims" ]
|
||||
verbs: [ "get", "create", "delete", patch ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "configmaps", "secrets" ]
|
||||
verbs: [ "get", "create", "update", patch ]
|
||||
- apiGroups: [ "apps" ]
|
||||
resources: [ "deployments" ]
|
||||
verbs: [ "get" ]
|
||||
{{- with .Values.rbac.rules }}
|
||||
{{ toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "runner.fullname" . }}
|
||||
labels:
|
||||
{{- include "runner.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "runner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: {{ include "runner.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,30 @@
|
|||
{{- define "runner-init.environment-variables.defaults" }}
|
||||
HOME: /tmp
|
||||
{{- end }}
|
||||
|
||||
{{- define "runner-init.environment-variables.calculated" }}
|
||||
AGENT_NAME: {{ include "runtime.runtime-environment-spec.agent-name" . }}
|
||||
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
|
||||
AGENT_CODEFRESH_TOKEN:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "runner.fullname" . }}
|
||||
key: agent-codefresh-token
|
||||
optional: true
|
||||
EXISTING_AGENT_CODEFRESH_TOKEN: {{ include "runtime.agent-token-env-var-value" . | nindent 2 }}
|
||||
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
|
||||
KUBE_NAMESPACE: {{ .Release.Namespace }}
|
||||
OWNER_NAME: {{ include "runner.fullname" . }}
|
||||
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
|
||||
SECRET_NAME: {{ include "runner.fullname" . }}
|
||||
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "runner-init.environment-variables" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- $defaults := (include "runner-init.environment-variables.defaults" . | fromYaml) }}
|
||||
{{- $calculated := (include "runner-init.environment-variables.calculated" . | fromYaml) }}
|
||||
{{- $overrides := .Values.env }}
|
||||
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
{{- define "runner.environment-variables.defaults" }}
|
||||
AGENT_MODE: InCluster
|
||||
SELF_DEPLOYMENT_NAME:
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: metadata.name
|
||||
{{- end }}
|
||||
|
||||
{{- define "runner.environment-variables.calculated" }}
|
||||
AGENT_ID: {{ include "runtime.runtime-environment-spec.agent-name" . }}
|
||||
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
|
||||
CODEFRESH_IN_CLUSTER_RUNTIME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
|
||||
CODEFRESH_TOKEN:
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "runner.fullname" . }}
|
||||
key: agent-codefresh-token
|
||||
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "runner.environment-variables" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- $defaults := (include "runner.environment-variables.defaults" . | fromYaml) }}
|
||||
{{- $calculated := (include "runner.environment-variables.calculated" . | fromYaml) }}
|
||||
{{- $overrides := .Values.env }}
|
||||
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
{{- define "runner-sidecar.environment-variables.defaults" }}
|
||||
HOME: /tmp
|
||||
{{- end }}
|
||||
|
||||
{{- define "runner-sidecar.environment-variables.calculated" }}
|
||||
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
|
||||
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
|
||||
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
|
||||
KUBE_NAMESPACE: {{ .Release.Namespace }}
|
||||
OWNER_NAME: {{ include "runner.fullname" . }}
|
||||
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
|
||||
CONFIGMAP_NAME: {{ printf "%s-%s" (include "runtime.fullname" .) "spec" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "runner-sidecar.environment-variables" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- $defaults := (include "runner-sidecar.environment-variables.defaults" . | fromYaml) }}
|
||||
{{- $calculated := (include "runner-sidecar.environment-variables.calculated" . | fromYaml) }}
|
||||
{{- $overrides := .Values.sidecar.env }}
|
||||
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,58 @@
|
|||
{{- define "dind-volume-provisioner.resources.cronjob" -}}
|
||||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- if not (eq .Values.storage.backend "local") }}
|
||||
apiVersion: batch/v1
|
||||
kind: CronJob
|
||||
metadata:
|
||||
name: {{ include "dind-volume-cleanup.fullname" . }}
|
||||
labels:
|
||||
{{- include "dind-volume-cleanup.labels" . | nindent 4 }}
|
||||
spec:
|
||||
concurrencyPolicy: {{ .Values.concurrencyPolicy }}
|
||||
schedule: {{ .Values.schedule | quote }}
|
||||
successfulJobsHistoryLimit: {{ .Values.successfulJobsHistory }}
|
||||
failedJobsHistoryLimit: {{ .Values.failedJobsHistory }}
|
||||
{{- with .Values.suspend }}
|
||||
suspend: {{ . }}
|
||||
{{- end }}
|
||||
jobTemplate:
|
||||
spec:
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "dind-volume-cleanup.selectorLabels" . | nindent 12 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 10 }}
|
||||
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
|
||||
{{- end }}
|
||||
restartPolicy: {{ .Values.restartPolicy | default "Never" }}
|
||||
containers:
|
||||
- name: dind-volume-cleanup
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
|
||||
env:
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 12 }}
|
||||
- name: PROVISIONED_BY
|
||||
value: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 14 }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 12 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,98 @@
|
|||
{{- define "dind-volume-provisioner.resources.daemonset" -}}
|
||||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $localVolumeParentDir := .Values.storage.local.volumeParentDir }}
|
||||
{{- if eq .Values.storage.backend "local" }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: {{ include "dind-lv-monitor.fullname" . }}
|
||||
labels:
|
||||
{{- include "dind-lv-monitor.labels" . | nindent 4 }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "dind-lv-monitor.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "dind-lv-monitor.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
|
||||
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- if .Values.volumePermissions.enabled }}
|
||||
initContainers:
|
||||
- name: volume-permissions
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.volumePermissions.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | default "Always" }}
|
||||
command:
|
||||
- /bin/sh
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $localVolumeParentDir }}
|
||||
volumeMounts:
|
||||
- mountPath: {{ $localVolumeParentDir }}
|
||||
name: dind-volume-dir
|
||||
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
|
||||
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 10 }}
|
||||
{{- else }}
|
||||
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- toYaml .Values.volumePermissions.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: dind-lv-monitor
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
|
||||
{{- if .Values.containerSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
command:
|
||||
- /home/dind-volume-utils/bin/local-volumes-agent
|
||||
env:
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 10 }}
|
||||
- name: NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: spec.nodeName
|
||||
- name: VOLUME_PARENT_DIR
|
||||
value: {{ $localVolumeParentDir }}
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 10 }}
|
||||
volumeMounts:
|
||||
- mountPath: {{ $localVolumeParentDir }}
|
||||
readOnly: false
|
||||
name: dind-volume-dir
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
- name: dind-volume-dir
|
||||
hostPath:
|
||||
path: {{ $localVolumeParentDir }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,67 @@
|
|||
{{- define "dind-volume-provisioner.resources.deployment" -}}
|
||||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
labels:
|
||||
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
|
||||
spec:
|
||||
replicas: {{ .Values.replicasCount }}
|
||||
strategy:
|
||||
type: {{ .Values.updateStrategy.type }}
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 8 }}
|
||||
{{- with .Values.podAnnotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
|
||||
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
|
||||
{{- if .Values.podSecurityContext.enabled }}
|
||||
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: dind-volume-provisioner
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
|
||||
command:
|
||||
- /usr/local/bin/dind-volume-provisioner
|
||||
- -v=4
|
||||
- --resync-period=50s
|
||||
env:
|
||||
{{- include "dind-volume-provisioner.environment-variables" . | nindent 8 }}
|
||||
ports:
|
||||
- name: http
|
||||
containerPort: 8080
|
||||
resources:
|
||||
{{- toYaml .Values.resources | nindent 12 }}
|
||||
volumeMounts:
|
||||
{{- include "dind-volume-provisioner.volumeMounts.calculated" . | nindent 8 }}
|
||||
{{- with .Values.extraVolumeMounts }}
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with .Values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- include "dind-volume-provisioner.volumes.calculated" . | nindent 6 }}
|
||||
{{- with .Values.extraVolumes }}
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,88 @@
|
|||
{{- define "dind-volume-provisioner.environment-variables.defaults" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "dind-volume-provisioner.environment-variables.calculated" }}
|
||||
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
|
||||
PROVISIONER_NAME: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
|
||||
|
||||
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.accessKeyIdSecretKeyRef }}
|
||||
AWS_ACCESS_KEY_ID:
|
||||
{{- if .Values.storage.ebs.accessKeyId }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
key: aws_access_key_id
|
||||
{{- else if .Values.storage.ebs.accessKeyIdSecretKeyRef }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- .Values.storage.ebs.accessKeyIdSecretKeyRef | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.storage.ebs.secretAccessKey .Values.storage.ebs.secretAccessKeySecretKeyRef }}
|
||||
AWS_SECRET_ACCESS_KEY:
|
||||
{{- if .Values.storage.ebs.secretAccessKey }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
key: aws_secret_access_key
|
||||
{{- else if .Values.storage.ebs.secretAccessKeySecretKeyRef }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- .Values.storage.ebs.secretAccessKeySecretKeyRef | toYaml | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
|
||||
GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }}
|
||||
{{- end }}
|
||||
|
||||
{{- if and .Values.storage.mountAzureJson }}
|
||||
AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json
|
||||
CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json
|
||||
{{- end }}
|
||||
|
||||
{{- end }}
|
||||
|
||||
{{- define "dind-volume-provisioner.environment-variables" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- $defaults := (include "dind-volume-provisioner.environment-variables.defaults" . | fromYaml) }}
|
||||
{{- $calculated := (include "dind-volume-provisioner.environment-variables.calculated" . | fromYaml) }}
|
||||
{{- $overrides := .Values.env }}
|
||||
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
|
||||
{{- end }}
|
||||
|
||||
|
||||
{{- define "dind-volume-provisioner.volumes.calculated" }}
|
||||
{{- if .Values.storage.gcedisk.serviceAccountJson }}
|
||||
- name: credentials
|
||||
secret:
|
||||
secretName: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
optional: true
|
||||
{{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
|
||||
- name: credentials
|
||||
secret:
|
||||
secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }}
|
||||
optional: true
|
||||
{{- end }}
|
||||
{{- if .Values.storage.mountAzureJson }}
|
||||
- name: azure-json
|
||||
hostPath:
|
||||
path: /etc/kubernetes/azure.json
|
||||
type: File
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "dind-volume-provisioner.volumeMounts.calculated" }}
|
||||
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
|
||||
- name: credentials
|
||||
readOnly: true
|
||||
mountPath: "/etc/dind-volume-provisioner/credentials"
|
||||
{{- end }}
|
||||
{{- if .Values.storage.mountAzureJson }}
|
||||
- name: azure-json
|
||||
readOnly: true
|
||||
mountPath: "/etc/kubernetes/azure.json"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,93 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "dind-volume-provisioner.name" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.name" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "dind-volume-provisioner.fullname" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "dind-volume-cleanup.fullname" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-cleanup" | trunc 52 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "dind-lv-monitor.fullname" -}}
|
||||
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Provisioner name for storage class
|
||||
*/}}
|
||||
{{- define "dind-volume-provisioner.volumeProvisionerName" }}
|
||||
{{- printf "codefresh.io/dind-volume-provisioner-runner-%s" .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels for dind-lv-monitor
|
||||
*/}}
|
||||
{{- define "dind-lv-monitor.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
codefresh.io/application: lv-monitor
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels for dind-lv-monitor
|
||||
*/}}
|
||||
{{- define "dind-lv-monitor.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
codefresh.io/application: lv-monitor
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels for dind-volume-provisioner
|
||||
*/}}
|
||||
{{- define "dind-volume-provisioner.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
codefresh.io/application: volume-provisioner
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels for dind-volume-provisioner
|
||||
*/}}
|
||||
{{- define "dind-volume-provisioner.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
codefresh.io/application: volume-provisioner
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels for dind-volume-cleanup
|
||||
*/}}
|
||||
{{- define "dind-volume-cleanup.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
codefresh.io/application: pv-cleanup
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels for dind-volume-cleanup
|
||||
*/}}
|
||||
{{- define "dind-volume-cleanup.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
codefresh.io/application: pv-cleanup
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create the name of the service account to use
|
||||
*/}}
|
||||
{{- define "dind-volume-provisioner.serviceAccountName" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
{{- default (include "dind-volume-provisioner.fullname" .) .Values.serviceAccount.name }}
|
||||
{{- else }}
|
||||
{{- default "default" .Values.serviceAccount.name }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- define "dind-volume-provisioner.storageClassName" }}
|
||||
{{- printf "dind-local-volumes-runner-%s" .Release.Namespace }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,71 @@
|
|||
{{- define "dind-volume-provisioner.resources.rbac" -}}
|
||||
{{- if .Values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
|
||||
labels:
|
||||
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
|
||||
{{- with .Values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if .Values.rbac.create }}
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
labels:
|
||||
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumes" ]
|
||||
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "persistentvolumeclaims" ]
|
||||
verbs: [ "get", "list", "watch", "update", "delete" ]
|
||||
- apiGroups: [ "storage.k8s.io" ]
|
||||
resources: [ "storageclasses" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "events" ]
|
||||
verbs: [ "list", "watch", "create", "update", "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "secrets" ]
|
||||
verbs: [ "get", "list" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "nodes" ]
|
||||
verbs: [ "get", "list", "watch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "pods" ]
|
||||
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "endpoints" ]
|
||||
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
|
||||
- apiGroups: [ "coordination.k8s.io" ]
|
||||
resources: [ "leases" ]
|
||||
verbs: [ "get", "create", "update" ]
|
||||
{{- with .Values.rbac.rules }}
|
||||
{{ toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
labels:
|
||||
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
{{- define "dind-volume-provisioner.resources.secret" -}}
|
||||
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.secretAccessKey .Values.storage.gcedisk.serviceAccountJson }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: {{ include "dind-volume-provisioner.fullname" . }}
|
||||
labels:
|
||||
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
|
||||
stringData:
|
||||
{{- with .Values.storage.gcedisk.serviceAccountJson }}
|
||||
google-service-account.json: |
|
||||
{{- . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with .Values.storage.ebs.accessKeyId }}
|
||||
aws_access_key_id: {{ . }}
|
||||
{{- end }}
|
||||
{{- with .Values.storage.ebs.secretAccessKey }}
|
||||
aws_secret_access_key: {{ . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
{{- define "dind-volume-provisioner.resources.storageclass" -}}
|
||||
kind: StorageClass
|
||||
apiVersion: storage.k8s.io/v1
|
||||
metadata:
|
||||
{{/* has to be exactly that */}}
|
||||
name: {{ include "dind-volume-provisioner.storageClassName" . }}
|
||||
labels:
|
||||
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
|
||||
provisioner: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
|
||||
parameters:
|
||||
{{- if eq .Values.storage.backend "local" }}
|
||||
volumeBackend: local
|
||||
volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
|
||||
{{- else if eq .Values.storage.backend "gcedisk" }}
|
||||
volumeBackend: {{ .Values.storage.backend }}
|
||||
type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
|
||||
zone: {{ required ".Values.storage.gcedisk.availabilityZone is required" .Values.storage.gcedisk.availabilityZone }}
|
||||
fsType: {{ .Values.storage.fsType | default "ext4" }}
|
||||
{{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
|
||||
volumeBackend: {{ .Values.storage.backend }}
|
||||
VolumeType: {{ .Values.storage.ebs.volumeType | default "gp3" }}
|
||||
AvailabilityZone: {{ required ".Values.storage.ebs.availabilityZone is required" .Values.storage.ebs.availabilityZone }}
|
||||
fsType: {{ .Values.storage.fsType | default "ext4" }}
|
||||
encrypted: {{ .Values.storage.ebs.encrypted | default "false" | quote }}
|
||||
{{- with .Values.storage.ebs.kmsKeyId }}
|
||||
kmsKeyId: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.storage.ebs.iops }}
|
||||
iops: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.storage.ebs.throughput }}
|
||||
throughput: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
|
||||
volumeBackend: {{ .Values.storage.backend }}
|
||||
kind: managed
|
||||
skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
|
||||
fsType: {{ .Values.storage.fsType | default "ext4" }}
|
||||
cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
|
||||
{{- with .Values.storage.azuredisk.availabilityZone }}
|
||||
availabilityZone: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.storage.azuredisk.resourceGroup }}
|
||||
resourceGroup: {{ . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "cf-runtime.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "cf-runtime.fullname" -}}
|
||||
{{- if .Values.fullnameOverride }}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride }}
|
||||
{{- if contains $name .Release.Name }}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
|
||||
{{- else }}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "cf-runtime.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "cf-runtime.labels" -}}
|
||||
helm.sh/chart: {{ include "cf-runtime.chart" . }}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
{{- if .Chart.AppVersion }}
|
||||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
|
||||
{{- end }}
|
||||
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "cf-runtime.selectorLabels" -}}
|
||||
app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
|
||||
app.kubernetes.io/instance: {{ .Release.Name }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $appProxyContext := deepCopy . }}
|
||||
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
|
||||
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $appProxyContext.Values.enabled }}
|
||||
{{- include "app-proxy.resources.deployment" $appProxyContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $appProxyContext := deepCopy . }}
|
||||
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
|
||||
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $appProxyContext.Values.enabled }}
|
||||
{{- include "app-proxy.resources.ingress" $appProxyContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $appProxyContext := deepCopy . }}
|
||||
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
|
||||
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $appProxyContext.Values.enabled }}
|
||||
{{- include "app-proxy.resources.rbac" $appProxyContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $appProxyContext := deepCopy . }}
|
||||
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
|
||||
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $appProxyContext.Values.enabled }}
|
||||
{{- include "app-proxy.resources.service" $appProxyContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $eventExporterContext := deepCopy . }}
|
||||
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
|
||||
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if and $eventExporterContext.Values.enabled }}
|
||||
{{- include "event-exporter.resources.deployment" $eventExporterContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $eventExporterContext := deepCopy . }}
|
||||
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
|
||||
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if and $eventExporterContext.Values.enabled }}
|
||||
{{- include "event-exporter.resources.rbac" $eventExporterContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
{{- $eventExporterContext := deepCopy . }}
|
||||
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
|
||||
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $eventExporterContext.Values.enabled }}
|
||||
{{- include "event-exporter.resources.service" $eventExporterContext }}
|
||||
---
|
||||
{{- include "event-exporter.resources.serviceMonitor" $eventExporterContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
|
||||
{{- range .Values.extraResources }}
|
||||
---
|
||||
{{ include (printf "%s.tplrender" $cfCommonTplSemver) (dict "Values" . "context" $) }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $values := .Values.runtime.engine.runtimeImages }}
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
{{- /* dummy template just to list runtime images */}}
|
||||
name: {{ include "runtime.fullname" . }}-images
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- with $values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
images: |
|
||||
{{- range $key, $val := $values }}
|
||||
image: {{ $val }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,18 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $values := .Values.runtime.patch }}
|
||||
{{- if $values.enabled }}
|
||||
---
|
||||
kind: ConfigMap
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-spec
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
{{- with $values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
data:
|
||||
runtime.yaml: |
|
||||
{{ include "runtime.runtime-environment-spec.template" . | nindent 4 | trim }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,68 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $values := .Values.runtime.gencerts }}
|
||||
{{- if and $values.enabled }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-gencerts-dind
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-weight: "3"
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
{{- with $values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with $values.ttlSecondsAfterFinished }}
|
||||
ttlSecondsAfterFinished: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $values.backoffLimit }}
|
||||
backoffLimit: {{ . | int }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-gencerts-dind
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- if $values.rbac.enabled }}
|
||||
serviceAccountName: {{ template "runtime.fullname" . }}-gencerts-dind
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml $values.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: gencerts-dind
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
|
||||
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
args:
|
||||
- -ec
|
||||
- | {{ .Files.Get "files/configure-dind-certs.sh" | nindent 10 }}
|
||||
env:
|
||||
- name: NAMESPACE
|
||||
value: {{ .Release.Namespace }}
|
||||
- name: RELEASE
|
||||
value: {{ .Release.Name }}
|
||||
- name: CF_API_HOST
|
||||
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
|
||||
- name: CF_API_TOKEN
|
||||
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
|
||||
{{- with $values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,77 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $values := .Values.runtime.patch }}
|
||||
{{- if $values.enabled }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-patch
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
helm.sh/hook: post-install,post-upgrade
|
||||
helm.sh/hook-weight: "5"
|
||||
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
|
||||
{{- with $values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with $values.ttlSecondsAfterFinished }}
|
||||
ttlSecondsAfterFinished: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $values.backoffLimit }}
|
||||
backoffLimit: {{ . | int }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-patch
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 8 }}
|
||||
spec:
|
||||
securityContext:
|
||||
{{- toYaml $values.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: patch-runtime
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
|
||||
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
args:
|
||||
- -ec
|
||||
- |
|
||||
codefresh auth create-context --api-key $API_KEY --url $API_HOST
|
||||
cat /usr/share/extras/runtime.yaml
|
||||
codefresh get re
|
||||
{{- if .Values.runtime.agent }}
|
||||
codefresh patch re -f /usr/share/extras/runtime.yaml
|
||||
{{- else }}
|
||||
codefresh patch sys-re -f /usr/share/extras/runtime.yaml
|
||||
{{- end }}
|
||||
env:
|
||||
- name: API_KEY
|
||||
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
|
||||
- name: API_HOST
|
||||
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
|
||||
volumeMounts:
|
||||
- name: config
|
||||
mountPath: /usr/share/extras/runtime.yaml
|
||||
subPath: runtime.yaml
|
||||
{{- with $values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
volumes:
|
||||
- name: config
|
||||
configMap:
|
||||
name: {{ include "runtime.fullname" . }}-spec
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $values := .Values.runtime.gencerts }}
|
||||
{{- if and $values.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-gencerts-dind
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-gencerts-dind
|
||||
namespace: {{ .Release.Namespace }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
- configmaps
|
||||
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-gencerts-dind
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "runtime.fullname" . }}-gencerts-dind
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "runtime.fullname" . }}-gencerts-dind
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{ end }}
|
||||
|
|
@ -0,0 +1,73 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $values := .Values.runtime.patch }}
|
||||
{{- if and $values.enabled }}
|
||||
---
|
||||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-cleanup
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
annotations:
|
||||
helm.sh/hook: pre-delete
|
||||
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
|
||||
{{- with $values.annotations }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
{{- with $values.ttlSecondsAfterFinished }}
|
||||
ttlSecondsAfterFinished: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $values.backoffLimit }}
|
||||
backoffLimit: {{ . | int }}
|
||||
{{- end }}
|
||||
template:
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-cleanup
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 8 }}
|
||||
spec:
|
||||
{{- if $values.rbac.enabled }}
|
||||
serviceAccountName: {{ template "runtime.fullname" . }}-cleanup
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml $values.podSecurityContext | nindent 8 }}
|
||||
containers:
|
||||
- name: cleanup
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
|
||||
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
|
||||
command:
|
||||
- "/bin/bash"
|
||||
args:
|
||||
- -ec
|
||||
- | {{ .Files.Get "files/cleanup-runtime.sh" | nindent 10 }}
|
||||
env:
|
||||
- name: AGENT_NAME
|
||||
value: {{ include "runtime.runtime-environment-spec.agent-name" . }}
|
||||
- name: RUNTIME_NAME
|
||||
value: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
|
||||
- name: API_HOST
|
||||
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
|
||||
- name: API_TOKEN
|
||||
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
|
||||
- name: AGENT
|
||||
value: {{ .Values.runtime.agent | quote }}
|
||||
- name: AGENT_SECRET_NAME
|
||||
value: {{ include "runner.fullname" . }}
|
||||
- name: DIND_SECRET_NAME
|
||||
value: codefresh-certs-server
|
||||
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
|
||||
{{- with $values.nodeSelector }}
|
||||
nodeSelector:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $values.affinity }}
|
||||
affinity:
|
||||
{{- toYaml . | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- with $values.tolerations }}
|
||||
tolerations:
|
||||
{{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
restartPolicy: OnFailure
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,46 @@
|
|||
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{ $values := .Values.runtime.patch }}
|
||||
{{- if and $values.enabled }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-cleanup
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: Role
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-cleanup
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "*"
|
||||
resources:
|
||||
- "*"
|
||||
verbs:
|
||||
- "*"
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
name: {{ include "runtime.fullname" . }}-cleanup
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
"helm.sh/hook": pre-delete
|
||||
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: Role
|
||||
name: {{ include "runtime.fullname" . }}-cleanup
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ include "runtime.fullname" . }}-cleanup
|
||||
namespace: {{ .Release.Namespace }}
|
||||
{{ end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $monitorContext := deepCopy . }}
|
||||
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
|
||||
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $monitorContext.Values.enabled }}
|
||||
{{- include "monitor.resources.deployment" $monitorContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $monitorContext := deepCopy . }}
|
||||
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
|
||||
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $monitorContext.Values.enabled }}
|
||||
{{- include "monitor.resources.rbac" $monitorContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $monitorContext := deepCopy . }}
|
||||
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
|
||||
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $monitorContext.Values.enabled }}
|
||||
{{- include "monitor.resources.service" $monitorContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
{{ $templateName := printf "cf-common-%s.external-secrets" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- include $templateName . -}}
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
{{ $templateName := printf "cf-common-%s.podMonitor" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- include $templateName . -}}
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
{{ $templateName := printf "cf-common-%s.serviceMonitor" (index .Subcharts "cf-common").Chart.Version }}
|
||||
{{- include $templateName . -}}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $runnerContext := deepCopy . }}
|
||||
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
|
||||
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
|
||||
{{- include "runner.resources.deployment" $runnerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $runnerContext := deepCopy . }}
|
||||
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
|
||||
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
|
||||
{{- include "runner.resources.rbac" $runnerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,123 @@
|
|||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "runtime.name" -}}
|
||||
{{- printf "%s" (include "cf-runtime.name" .) | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "runtime.fullname" -}}
|
||||
{{- printf "%s" (include "cf-runtime.fullname" .) | trunc 63 | trimSuffix "-" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Common labels
|
||||
*/}}
|
||||
{{- define "runtime.labels" -}}
|
||||
{{ include "cf-runtime.labels" . }}
|
||||
codefresh.io/application: runtime
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Selector labels
|
||||
*/}}
|
||||
{{- define "runtime.selectorLabels" -}}
|
||||
{{ include "cf-runtime.selectorLabels" . }}
|
||||
codefresh.io/application: runtime
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Return runtime image (classic runtime) with private registry prefix
|
||||
*/}}
|
||||
{{- define "runtime.runtimeImageName" -}}
|
||||
{{- if .registry -}}
|
||||
{{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
|
||||
{{- printf "%s/%s" .registry $imageName -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s" .imageFullName -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Environment variable value of Codefresh installation token
|
||||
*/}}
|
||||
{{- define "runtime.installation-token-env-var-value" -}}
|
||||
{{- if .Values.global.codefreshToken }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: {{ include "runtime.installation-token-secret-name" . }}
|
||||
key: codefresh-api-token
|
||||
{{- else if .Values.global.codefreshTokenSecretKeyRef }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Environment variable value of Codefresh agent token
|
||||
*/}}
|
||||
{{- define "runtime.agent-token-env-var-value" -}}
|
||||
{{- if .Values.global.agentToken }}
|
||||
{{- printf "%s" .Values.global.agentToken | toYaml }}
|
||||
{{- else if .Values.global.agentTokenSecretKeyRef }}
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
{{- .Values.global.agentTokenSecretKeyRef | toYaml | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Print Codefresh API token secret name
|
||||
*/}}
|
||||
{{- define "runtime.installation-token-secret-name" }}
|
||||
{{- print "codefresh-user-token" }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Print Codefresh host
|
||||
*/}}
|
||||
{{- define "runtime.runtime-environment-spec.codefresh-host" }}
|
||||
{{- if and (not .Values.global.codefreshHost) }}
|
||||
{{- fail "ERROR: .global.codefreshHost is required" }}
|
||||
{{- else }}
|
||||
{{- printf "%s" (trimSuffix "/" .Values.global.codefreshHost) }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Print runtime-environment name
|
||||
*/}}
|
||||
{{- define "runtime.runtime-environment-spec.runtime-name" }}
|
||||
{{- if and (not .Values.global.runtimeName) }}
|
||||
{{- printf "%s/%s" .Values.global.context .Release.Namespace }}
|
||||
{{- else }}
|
||||
{{- printf "%s" .Values.global.runtimeName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Print agent name
|
||||
*/}}
|
||||
{{- define "runtime.runtime-environment-spec.agent-name" }}
|
||||
{{- if and (not .Values.global.agentName) }}
|
||||
{{- printf "%s_%s" .Values.global.context .Release.Namespace }}
|
||||
{{- else }}
|
||||
{{- printf "%s" .Values.global.agentName }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{/*
|
||||
Print context
|
||||
*/}}
|
||||
{{- define "runtime.runtime-environment-spec.context-name" }}
|
||||
{{- if and (not .Values.global.context) }}
|
||||
{{- fail "ERROR: .global.context is required" }}
|
||||
{{- else }}
|
||||
{{- printf "%s" .Values.global.context }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
{{- /* has to be a constant */}}
|
||||
name: codefresh-dind-config
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
data:
|
||||
daemon.json: |
|
||||
{{ coalesce .Values.re.dindDaemon .Values.runtime.dindDaemon | toPrettyJson | indent 4 }}
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
{{ $values := .Values.runtime }}
|
||||
---
|
||||
{{- if or $values.serviceAccount.create }}
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
{{- /* has to be a constant */}}
|
||||
name: codefresh-engine
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
{{- with $values.serviceAccount.annotations }}
|
||||
annotations:
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if $values.rbac.create }}
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: codefresh-engine
|
||||
labels:
|
||||
{{- include "runner.labels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups: [ "" ]
|
||||
resources: [ "secrets" ]
|
||||
verbs: [ "get" ]
|
||||
{{- with $values.rbac.rules }}
|
||||
{{ toYaml . | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
---
|
||||
{{- if and $values.serviceAccount.create $values.rbac.create }}
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: codefresh-engine
|
||||
labels:
|
||||
{{- include "runner.labels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: codefresh-engine
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: codefresh-engine
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end }}
|
||||
|
||||
|
|
@ -0,0 +1,214 @@
|
|||
{{- define "runtime.runtime-environment-spec.template" }}
|
||||
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version -}}
|
||||
{{- $kubeconfigFilePath := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
|
||||
{{- $name := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
|
||||
{{- $engineContext := .Values.runtime.engine -}}
|
||||
{{- $dindContext := .Values.runtime.dind -}}
|
||||
{{- $imageRegistry := .Values.global.imageRegistry -}}
|
||||
metadata:
|
||||
name: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
|
||||
agent: {{ .Values.runtime.agent }}
|
||||
runtimeScheduler:
|
||||
type: KubernetesPod
|
||||
{{- if $engineContext.image }}
|
||||
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ $engineContext.image.pullPolicy }}
|
||||
{{- with $engineContext.command }}
|
||||
command: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
envVars:
|
||||
{{- with $engineContext.env }}
|
||||
{{- range $key, $val := . }}
|
||||
{{- if or (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }}
|
||||
{{ $key }}: {{ $val | squote }}
|
||||
{{- else }}
|
||||
{{ $key }}: {{ $val }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
COMPOSE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COMPOSE_IMAGE) | squote }}
|
||||
CONTAINER_LOGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CONTAINER_LOGGER_IMAGE) | squote }}
|
||||
DOCKER_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_BUILDER_IMAGE) | squote }}
|
||||
DOCKER_PULLER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PULLER_IMAGE) | squote }}
|
||||
DOCKER_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PUSHER_IMAGE) | squote }}
|
||||
DOCKER_TAG_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) | squote }}
|
||||
FS_OPS_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.FS_OPS_IMAGE) | squote }}
|
||||
GIT_CLONE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GIT_CLONE_IMAGE) | squote }}
|
||||
KUBE_DEPLOY: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.KUBE_DEPLOY) | squote }}
|
||||
PIPELINE_DEBUGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.PIPELINE_DEBUGGER_IMAGE) | squote }}
|
||||
TEMPLATE_ENGINE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.TEMPLATE_ENGINE) | squote }}
|
||||
CR_6177_FIXER: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CR_6177_FIXER) | squote }}
|
||||
GC_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GC_BUILDER_IMAGE) | squote }}
|
||||
COSIGN_IMAGE_SIGNER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COSIGN_IMAGE_SIGNER_IMAGE) | squote }}
|
||||
{{- with $engineContext.userEnvVars }}
|
||||
userEnvVars: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $engineContext.workflowLimits }}
|
||||
workflowLimits: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
cluster:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
serviceAccount: {{ $engineContext.serviceAccount }}
|
||||
{{- if .Values.runtime.agent }}
|
||||
clusterProvider:
|
||||
accountId: {{ .Values.global.accountId }}
|
||||
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
|
||||
{{- else }}
|
||||
{{- if .Values.runtime.inCluster }}
|
||||
inCluster: true
|
||||
kubeconfigFilePath: null
|
||||
{{- else }}
|
||||
name: {{ $name }}
|
||||
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with $engineContext.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with $engineContext.affinity }}
|
||||
affinity: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $engineContext.tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $engineContext.podAnnotations }}
|
||||
annotations:
|
||||
{{- range $key, $val := . }}
|
||||
{{ $key }}: {{ $val | squote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with $engineContext.podLabels }}
|
||||
labels: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $engineContext.schedulerName }}
|
||||
schedulerName: {{ $engineContext.schedulerName }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- if $engineContext.resources}}
|
||||
{{- toYaml $engineContext.resources | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $engineContext.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ . }}
|
||||
{{- end }}
|
||||
dockerDaemonScheduler:
|
||||
type: DindKubernetesPod
|
||||
{{- if $dindContext.image }}
|
||||
dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }}
|
||||
{{- end }}
|
||||
imagePullPolicy: {{ $dindContext.image.pullPolicy }}
|
||||
{{- with $dindContext.userAccess }}
|
||||
userAccess: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.env }}
|
||||
envVars:
|
||||
{{- range $key, $val := . }}
|
||||
{{- if or (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }}
|
||||
{{ $key }}: {{ $val | squote }}
|
||||
{{- else }}
|
||||
{{ $key }}: {{ $val }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
cluster:
|
||||
namespace: {{ .Release.Namespace }}
|
||||
serviceAccount: {{ $dindContext.serviceAccount }}
|
||||
{{- if .Values.runtime.agent }}
|
||||
clusterProvider:
|
||||
accountId: {{ .Values.global.accountId }}
|
||||
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
|
||||
{{- else }}
|
||||
{{- if .Values.runtime.inCluster }}
|
||||
inCluster: true
|
||||
kubeconfigFilePath: null
|
||||
{{- else }}
|
||||
name: {{ $name }}
|
||||
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.nodeSelector }}
|
||||
nodeSelector: {{- toYaml . | nindent 6 }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.affinity }}
|
||||
affinity: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.tolerations }}
|
||||
tolerations: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.podAnnotations }}
|
||||
annotations:
|
||||
{{- range $key, $val := . }}
|
||||
{{ $key }}: {{ $val | squote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.podLabels }}
|
||||
labels: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if $dindContext.schedulerName }}
|
||||
schedulerName: {{ $dindContext.schedulerName }}
|
||||
{{- end }}
|
||||
{{- if $dindContext.pvcs }}
|
||||
pvcs:
|
||||
{{- range $index, $pvc := $dindContext.pvcs }}
|
||||
- name: {{ $pvc.name }}
|
||||
reuseVolumeSelector: {{ $pvc.reuseVolumeSelector | squote }}
|
||||
reuseVolumeSortOrder: {{ $pvc.reuseVolumeSortOrder }}
|
||||
storageClassName: {{ include (printf "%v.tplrender" $cfCommonTplSemver) (dict "Values" $pvc.storageClassName "context" $) }}
|
||||
volumeSize: {{ $pvc.volumeSize }}
|
||||
{{- with $pvc.annotations }}
|
||||
annotations: {{ . | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
defaultDindResources:
|
||||
{{- with $dindContext.resources }}
|
||||
{{- if not .requests }}
|
||||
limits: {{- toYaml .limits | nindent 6 }}
|
||||
requests: null
|
||||
{{- else }}
|
||||
{{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.terminationGracePeriodSeconds }}
|
||||
terminationGracePeriodSeconds: {{ . }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.userVolumeMounts }}
|
||||
userVolumeMounts: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- with $dindContext.userVolumes }}
|
||||
userVolumes: {{- toYaml . | nindent 4 }}
|
||||
{{- end }}
|
||||
{{- if and (not .Values.runtime.agent) }}
|
||||
clientCertPath: /etc/ssl/cf/
|
||||
volumeMounts:
|
||||
codefresh-certs-server:
|
||||
name: codefresh-certs-server
|
||||
mountPath: /etc/ssl/cf
|
||||
readOnly: false
|
||||
volumes:
|
||||
codefresh-certs-server:
|
||||
name: codefresh-certs-server
|
||||
secret:
|
||||
secretName: codefresh-certs-server
|
||||
{{- end }}
|
||||
extends: {{- toYaml .Values.runtime.runtimeExtends | nindent 2 }}
|
||||
{{- if .Values.runtime.description }}
|
||||
description: {{ .Values.runtime.description }}
|
||||
{{- else }}
|
||||
description: null
|
||||
{{- end }}
|
||||
{{- if .Values.global.accountId }}
|
||||
accountId: {{ .Values.global.accountId }}
|
||||
{{- end }}
|
||||
{{- if not .Values.runtime.agent }}
|
||||
accounts: {{- toYaml .Values.runtime.accounts | nindent 2 }}
|
||||
{{- end }}
|
||||
{{- if .Values.appProxy.enabled }}
|
||||
appProxy:
|
||||
externalIP: >-
|
||||
{{ printf "https://%s%s" .Values.appProxy.ingress.host (.Values.appProxy.ingress.pathPrefix | default "/") }}
|
||||
{{- end }}
|
||||
{{- if not .Values.runtime.agent }}
|
||||
systemHybrid: true
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
{{- if and .Values.global.codefreshToken }}
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: Opaque
|
||||
metadata:
|
||||
name: {{ include "runtime.installation-token-secret-name" . }}
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
stringData:
|
||||
codefresh-api-token: {{ .Values.global.codefreshToken }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
{{- include "runtime.labels" . | nindent 4 }}
|
||||
app: dind
|
||||
{{/* has to be a constant */}}
|
||||
name: dind
|
||||
spec:
|
||||
ports:
|
||||
- name: "dind-port"
|
||||
port: 1300
|
||||
protocol: TCP
|
||||
clusterIP: None
|
||||
selector:
|
||||
app: dind
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
{{- $volumeProvisionerContext := deepCopy . }}
|
||||
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-volume-cleanup") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
|
||||
{{- include "dind-volume-provisioner.resources.cronjob" $volumeProvisionerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,11 @@
|
|||
{{- $volumeProvisionerContext := deepCopy . }}
|
||||
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-lv-monitor") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
|
||||
{{- include "dind-volume-provisioner.resources.daemonset" $volumeProvisionerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
{{- $volumeProvisionerContext := deepCopy . }}
|
||||
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $volumeProvisionerContext.Values.enabled }}
|
||||
{{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
{{- $volumeProvisionerContext := deepCopy . }}
|
||||
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $volumeProvisionerContext.Values.enabled }}
|
||||
{{- include "dind-volume-provisioner.resources.rbac" $volumeProvisionerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
{{- $volumeProvisionerContext := deepCopy . }}
|
||||
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $volumeProvisionerContext.Values.enabled }}
|
||||
{{- include "dind-volume-provisioner.resources.secret" $volumeProvisionerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,10 @@
|
|||
{{- $volumeProvisionerContext := deepCopy . }}
|
||||
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
|
||||
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
|
||||
|
||||
{{- if $volumeProvisionerContext.Values.enabled }}
|
||||
{{- include "dind-volume-provisioner.resources.storageclass" $volumeProvisionerContext }}
|
||||
{{- end }}
|
||||
|
|
@ -0,0 +1,951 @@
|
|||
# -- String to partially override cf-runtime.fullname template (will maintain the release name)
|
||||
nameOverride: ""
|
||||
# -- String to fully override cf-runtime.fullname template
|
||||
fullnameOverride: ""
|
||||
|
||||
# -- Global parameters
|
||||
# @default -- See below
|
||||
global:
|
||||
# -- Global Docker image registry
|
||||
imageRegistry: ""
|
||||
# -- Global Docker registry secret names as array
|
||||
imagePullSecrets: []
|
||||
|
||||
# -- URL of Codefresh Platform (required!)
|
||||
codefreshHost: "https://g.codefresh.io"
|
||||
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
|
||||
# Ref: https://g.codefresh.io/user/settings (see API Keys)
|
||||
# Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write)
|
||||
codefreshToken: ""
|
||||
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
|
||||
codefreshTokenSecretKeyRef: {}
|
||||
|
||||
# E.g.
|
||||
# codefreshTokenSecretKeyRef:
|
||||
# name: my-codefresh-api-token
|
||||
# key: codefresh-api-token
|
||||
|
||||
# -- Account ID (required!)
|
||||
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
|
||||
accountId: ""
|
||||
|
||||
# -- K8s context name (required!)
|
||||
context: ""
|
||||
# E.g.
|
||||
# context: prod-ue1-runtime-1
|
||||
|
||||
# -- Agent Name (optional!)
|
||||
# If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}`
|
||||
agentName: ""
|
||||
# E.g.
|
||||
# agentName: prod-ue1-runtime-1
|
||||
|
||||
# -- Runtime name (optional!)
|
||||
# If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}`
|
||||
runtimeName: ""
|
||||
# E.g.
|
||||
# runtimeName: prod-ue1-runtime-1/namespace
|
||||
|
||||
# -- DEPRECATED Agent token in plain text.
|
||||
# !!! MUST BE provided if migrating from < 6.x chart version
|
||||
agentToken: ""
|
||||
# -- DEPRECATED Agent token that references an existing secret containing API key.
|
||||
# !!! MUST BE provided if migrating from < 6.x chart version
|
||||
agentTokenSecretKeyRef: {}
|
||||
# E.g.
|
||||
# agentTokenSecretKeyRef:
|
||||
# name: my-codefresh-agent-secret
|
||||
# key: codefresh-agent-token
|
||||
|
||||
# DEPRECATED -- Use `.Values.global.imageRegistry` instead
|
||||
dockerRegistry: ""
|
||||
|
||||
# DEPRECATED -- Use `.Values.runtime` instead
|
||||
re: {}
|
||||
|
||||
# -- Runner parameters
|
||||
# @default -- See below
|
||||
runner:
|
||||
# -- Enable the runner
|
||||
enabled: true
|
||||
# -- Set number of pods
|
||||
replicasCount: 1
|
||||
# -- Upgrade strategy
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
# -- Set pod annotations
|
||||
podAnnotations: {}
|
||||
|
||||
# -- Set image
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/venona
|
||||
tag: 1.10.2
|
||||
|
||||
# -- Init container
|
||||
init:
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/cli
|
||||
tag: 0.85.0-rootless
|
||||
|
||||
resources:
|
||||
limits:
|
||||
memory: 512Mi
|
||||
cpu: '1'
|
||||
requests:
|
||||
memory: 256Mi
|
||||
cpu: '0.2'
|
||||
|
||||
# -- Sidecar container
|
||||
# Reconciles runtime spec from Codefresh API for drift detection
|
||||
sidecar:
|
||||
enabled: false
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/codefresh-shell
|
||||
tag: 0.0.2
|
||||
env:
|
||||
RECONCILE_INTERVAL: 300
|
||||
resources: {}
|
||||
|
||||
# -- Add additional env vars
|
||||
env: {}
|
||||
# E.g.
|
||||
# env:
|
||||
# WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50
|
||||
|
||||
# -- Service Account parameters
|
||||
serviceAccount:
|
||||
# -- Create service account
|
||||
create: true
|
||||
# -- Override service account name
|
||||
name: ""
|
||||
# -- Additional service account annotations
|
||||
annotations: {}
|
||||
|
||||
# -- RBAC parameters
|
||||
rbac:
|
||||
# -- Create RBAC resources
|
||||
create: true
|
||||
# -- Add custom rule to the role
|
||||
rules: []
|
||||
|
||||
# -- Set security context for the pod
|
||||
# @default -- See below
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 10001
|
||||
runAsGroup: 10001
|
||||
fsGroup: 10001
|
||||
|
||||
# -- Readiness probe configuration
|
||||
# @default -- See below
|
||||
readinessProbe:
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
|
||||
# -- Set requests and limits
|
||||
resources: {}
|
||||
# -- Set node selector
|
||||
nodeSelector: {}
|
||||
# -- Set tolerations
|
||||
tolerations: []
|
||||
# -- Set affinity
|
||||
affinity: {}
|
||||
|
||||
# -- Volume Provisioner parameters
|
||||
# @default -- See below
|
||||
volumeProvisioner:
|
||||
# -- Enable volume-provisioner
|
||||
enabled: true
|
||||
# -- Set number of pods
|
||||
replicasCount: 1
|
||||
# -- Upgrade strategy
|
||||
updateStrategy:
|
||||
type: Recreate
|
||||
# -- Set pod annotations
|
||||
podAnnotations: {}
|
||||
|
||||
# -- Set image
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/dind-volume-provisioner
|
||||
tag: 1.35.0
|
||||
# -- Add additional env vars
|
||||
env: {}
|
||||
# E.g.
|
||||
# env:
|
||||
# THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4
|
||||
|
||||
# -- Service Account parameters
|
||||
serviceAccount:
|
||||
# -- Create service account
|
||||
create: true
|
||||
# -- Override service account name
|
||||
name: ""
|
||||
# -- Additional service account annotations
|
||||
annotations: {}
|
||||
# E.g.
|
||||
# serviceAccount:
|
||||
# annotations:
|
||||
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
|
||||
|
||||
# -- RBAC parameters
|
||||
rbac:
|
||||
# -- Create RBAC resources
|
||||
create: true
|
||||
# -- Add custom rule to the role
|
||||
rules: []
|
||||
|
||||
# -- Set security context for the pod
|
||||
# @default -- See below
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 3000
|
||||
runAsGroup: 3000
|
||||
fsGroup: 3000
|
||||
|
||||
# -- Set node selector
|
||||
nodeSelector: {}
|
||||
# -- Set resources
|
||||
resources: {}
|
||||
# -- Set tolerations
|
||||
tolerations: []
|
||||
# -- Set affinity
|
||||
affinity: {}
|
||||
|
||||
# -- `dind-lv-monitor` DaemonSet parameters
|
||||
# (local volumes cleaner)
|
||||
# @default -- See below
|
||||
dind-lv-monitor:
|
||||
enabled: true
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/dind-volume-utils
|
||||
tag: 1.29.4
|
||||
podAnnotations: {}
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
runAsUser: 1000
|
||||
fsGroup: 1000
|
||||
containerSecurityContext: {}
|
||||
env: {}
|
||||
resources: {}
|
||||
nodeSelector: {}
|
||||
tolerations:
|
||||
- key: 'codefresh/dind'
|
||||
operator: 'Exists'
|
||||
effect: 'NoSchedule'
|
||||
volumePermissions:
|
||||
enabled: true
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: alpine
|
||||
tag: 3.18
|
||||
resources: {}
|
||||
securityContext:
|
||||
runAsUser: 0 # auto
|
||||
|
||||
# `dind-volume-cleanup` CronJob parameters
|
||||
# (external volumes cleaner)
|
||||
# @default -- See below
|
||||
dind-volume-cleanup:
|
||||
enabled: true
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/dind-volume-cleanup
|
||||
tag: 1.2.0
|
||||
env: {}
|
||||
concurrencyPolicy: Forbid
|
||||
schedule: "*/10 * * * *"
|
||||
successfulJobsHistory: 3
|
||||
failedJobsHistory: 1
|
||||
suspend: false
|
||||
podAnnotations: {}
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 3000
|
||||
runAsGroup: 3000
|
||||
runAsUser: 3000
|
||||
nodeSelector: {}
|
||||
affinity: {}
|
||||
tolerations: []
|
||||
|
||||
# Storage parameters for volume-provisioner
|
||||
# @default -- See below
|
||||
storage:
|
||||
# -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`)
|
||||
backend: local
|
||||
# -- Set filesystem type (`ext4`/`xfs`)
|
||||
fsType: "ext4"
|
||||
|
||||
# Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`)
|
||||
# https://kubernetes.io/docs/concepts/storage/volumes/#local
|
||||
# @default -- See below
|
||||
local:
|
||||
# -- Set volume path on the host filesystem
|
||||
volumeParentDir: /var/lib/codefresh/dind-volumes
|
||||
|
||||
# Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`)
|
||||
# https://aws.amazon.com/ebs/
|
||||
# https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration
|
||||
# @default -- See below
|
||||
ebs:
|
||||
# -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required)
|
||||
volumeType: "gp2"
|
||||
# -- Set EBS volumes availability zone (required)
|
||||
availabilityZone: "us-east-1a"
|
||||
# -- Enable encryption (optional)
|
||||
encrypted: "false"
|
||||
# -- Set KMS encryption key ID (optional)
|
||||
kmsKeyId: ""
|
||||
|
||||
# -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional)
|
||||
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
|
||||
accessKeyId: ""
|
||||
# -- Existing secret containing AWS_ACCESS_KEY_ID.
|
||||
accessKeyIdSecretKeyRef: {}
|
||||
# E.g.
|
||||
# accessKeyIdSecretKeyRef:
|
||||
# name:
|
||||
# key:
|
||||
|
||||
# -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional)
|
||||
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
|
||||
secretAccessKey: ""
|
||||
# -- Existing secret containing AWS_SECRET_ACCESS_KEY
|
||||
secretAccessKeySecretKeyRef: {}
|
||||
# E.g.
|
||||
# secretAccessKeySecretKeyRef:
|
||||
# name:
|
||||
# key:
|
||||
|
||||
# E.g.
|
||||
# ebs:
|
||||
# volumeType: gp3
|
||||
# availabilityZone: us-east-1c
|
||||
# encrypted: false
|
||||
# iops: "5000"
|
||||
# # I/O operations per second. Only effetive when gp3 volume type is specified.
|
||||
# # Default value - 3000.
|
||||
# # Max - 16,000
|
||||
# throughput: "500"
|
||||
# # Throughput in MiB/s. Only effective when gp3 volume type is specified.
|
||||
# # Default value - 125.
|
||||
# # Max - 1000.
|
||||
# ebs:
|
||||
# volumeType: gp2
|
||||
# availabilityZone: us-east-1c
|
||||
# encrypted: true
|
||||
# kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
|
||||
# accessKeyId: "MYKEYID"
|
||||
# secretAccessKey: "MYACCESSKEY"
|
||||
|
||||
# Storage parameters example for gce disks
|
||||
# https://cloud.google.com/compute/docs/disks#pdspecs
|
||||
# https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration
|
||||
# @default -- See below
|
||||
gcedisk:
|
||||
# -- Set GCP volume backend type (`pd-ssd`/`pd-standard`)
|
||||
volumeType: "pd-ssd"
|
||||
# -- Set GCP volume availability zone
|
||||
availabilityZone: "us-west1-a"
|
||||
# -- Set Google SA JSON key for volume-provisioner (optional)
|
||||
serviceAccountJson: ""
|
||||
# -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional)
|
||||
serviceAccountJsonSecretKeyRef: {}
|
||||
# E.g.
|
||||
# gcedisk:
|
||||
# volumeType: pd-ssd
|
||||
# availabilityZone: us-central1-c
|
||||
# serviceAccountJson: |-
|
||||
# {
|
||||
# "type": "service_account",
|
||||
# "project_id": "...",
|
||||
# "private_key_id": "...",
|
||||
# "private_key": "...",
|
||||
# "client_email": "...",
|
||||
# "client_id": "...",
|
||||
# "auth_uri": "...",
|
||||
# "token_uri": "...",
|
||||
# "auth_provider_x509_cert_url": "...",
|
||||
# "client_x509_cert_url": "..."
|
||||
# }
|
||||
|
||||
# Storage parameters example for Azure Disks
|
||||
# https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks
|
||||
# @default -- See below
|
||||
azuredisk:
|
||||
# -- Set storage type (`Premium_LRS`)
|
||||
skuName: Premium_LRS
|
||||
cachingMode: None
|
||||
# availabilityZone: northeurope-1
|
||||
# resourceGroup:
|
||||
# DiskIOPSReadWrite: 500
|
||||
# DiskMBpsReadWrite: 100
|
||||
|
||||
mountAzureJson: false
|
||||
|
||||
# -- Set runtime parameters
|
||||
# @default -- See below
|
||||
|
||||
runtime:
|
||||
# -- Set annotation on engine Service Account
|
||||
# Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
|
||||
serviceAccount:
|
||||
create: true
|
||||
annotations: {}
|
||||
# E.g.
|
||||
# serviceAccount:
|
||||
# annotations:
|
||||
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
|
||||
|
||||
# -- Set parent runtime to inherit.
|
||||
# Should not be changes. Parent runtime is controlled from Codefresh side.
|
||||
runtimeExtends:
|
||||
- system/default/hybrid/k8s_low_limits
|
||||
# -- Runtime description
|
||||
description: ""
|
||||
|
||||
# -- RBAC parameters
|
||||
rbac:
|
||||
# -- Create RBAC resources
|
||||
create: true
|
||||
# -- Add custom rule to the engine role
|
||||
rules: []
|
||||
|
||||
# -- (for On-Premise only) Enable agent
|
||||
agent: true
|
||||
# -- (for On-Premise only) Set inCluster runtime
|
||||
inCluster: true
|
||||
# -- (for On-Premise only) Assign accounts to runtime (list of account ids)
|
||||
accounts: []
|
||||
|
||||
# -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod).
|
||||
dind:
|
||||
# -- Set dind image.
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/dind
|
||||
tag: 26.1.4-1.28.7 # use `latest-rootless/rootless/26.1.4-1.28.7-rootless` tags for rootless-dind
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Set dind resources.
|
||||
resources:
|
||||
requests: null
|
||||
limits:
|
||||
cpu: 400m
|
||||
memory: 800Mi
|
||||
# -- Set termination grace period.
|
||||
terminationGracePeriodSeconds: 30
|
||||
# -- PV claim spec parametes.
|
||||
pvcs:
|
||||
# -- Default dind PVC parameters
|
||||
dind:
|
||||
# -- PVC name prefix.
|
||||
# Keep `dind` as default! Don't change!
|
||||
name: dind
|
||||
# -- PVC storage class name.
|
||||
# Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner
|
||||
storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}'
|
||||
# -- PVC size.
|
||||
volumeSize: 16Gi
|
||||
# -- PV reuse selector.
|
||||
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy
|
||||
reuseVolumeSelector: codefresh-app,io.codefresh.accountName
|
||||
reuseVolumeSortOrder: pipeline_id
|
||||
# -- PV annotations.
|
||||
annotations: {}
|
||||
# E.g.:
|
||||
# annotations:
|
||||
# codefresh.io/volume-retention: 7d
|
||||
# -- Set additional env vars.
|
||||
env:
|
||||
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true
|
||||
# -- Set pod annotations.
|
||||
podAnnotations: {}
|
||||
# -- Set pod labels.
|
||||
podLabels: {}
|
||||
# -- Set node selector.
|
||||
nodeSelector: {}
|
||||
# -- Set affinity
|
||||
affinity: {}
|
||||
# -- Set tolerations.
|
||||
tolerations: []
|
||||
# -- Set scheduler name.
|
||||
schedulerName: ""
|
||||
# -- Set service account for pod.
|
||||
serviceAccount: codefresh-engine
|
||||
# -- Keep `true` as default!
|
||||
userAccess: true
|
||||
# -- Add extra volumes
|
||||
userVolumes: {}
|
||||
# E.g.:
|
||||
# userVolumes:
|
||||
# regctl-docker-registry:
|
||||
# name: regctl-docker-registry
|
||||
# secret:
|
||||
# items:
|
||||
# - key: .dockerconfigjson
|
||||
# path: config.json
|
||||
# secretName: regctl-docker-registry
|
||||
# optional: true
|
||||
# -- Add extra volume mounts
|
||||
userVolumeMounts: {}
|
||||
# E.g.:
|
||||
# userVolumeMounts:
|
||||
# regctl-docker-registry:
|
||||
# name: regctl-docker-registry
|
||||
# mountPath: /home/appuser/.docker/
|
||||
# readOnly: true
|
||||
|
||||
# -- Parameters for Engine pod (aka "pipeline" orchestrator).
|
||||
engine:
|
||||
# -- Set image.
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/engine
|
||||
tag: 1.174.13
|
||||
pullPolicy: IfNotPresent
|
||||
# -- Set container command.
|
||||
command:
|
||||
- npm
|
||||
- run
|
||||
- start
|
||||
# -- Set resources.
|
||||
resources:
|
||||
requests:
|
||||
cpu: 100m
|
||||
memory: 128Mi
|
||||
limits:
|
||||
cpu: 1000m
|
||||
memory: 2048Mi
|
||||
# -- Set termination grace period.
|
||||
terminationGracePeriodSeconds: 180
|
||||
# -- Set system(base) runtime images.
|
||||
# @default -- See below.
|
||||
runtimeImages:
|
||||
COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0
|
||||
CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.7
|
||||
DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.13
|
||||
DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18
|
||||
DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16
|
||||
DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.14
|
||||
FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3
|
||||
GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.28
|
||||
KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11
|
||||
PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.6
|
||||
TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1
|
||||
CR_6177_FIXER: 'quay.io/codefresh/alpine:edge'
|
||||
GC_BUILDER_IMAGE: 'quay.io/codefresh/cf-gc-builder:0.5.3'
|
||||
COSIGN_IMAGE_SIGNER_IMAGE: 'quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2'
|
||||
# -- Set additional env vars.
|
||||
env:
|
||||
# -- Interval to check the exec status in the container-logger
|
||||
CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000
|
||||
# -- Timeout while doing requests to the Docker daemon
|
||||
DOCKER_REQUEST_TIMEOUT_MS: 30000
|
||||
# -- If "true", composition images will be pulled sequentially
|
||||
FORCE_COMPOSE_SERIAL_PULL: false
|
||||
# -- Level of logging for engine
|
||||
LOGGER_LEVEL: debug
|
||||
# -- Enable debug-level logging of outgoing HTTP/HTTPS requests
|
||||
LOG_OUTGOING_HTTP_REQUESTS: false
|
||||
# -- Enable emitting metrics from engine
|
||||
METRICS_PROMETHEUS_ENABLED: true
|
||||
# -- Enable legacy metrics
|
||||
METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false
|
||||
# -- Enable collecting process metrics
|
||||
METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false
|
||||
# -- Host for Prometheus metrics server
|
||||
METRICS_PROMETHEUS_HOST: '0.0.0.0'
|
||||
# -- Port for Prometheus metrics server
|
||||
METRICS_PROMETHEUS_PORT: 9100
|
||||
# -- Set workflow limits.
|
||||
workflowLimits:
|
||||
# -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds.
|
||||
MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600
|
||||
# -- Maximum time for workflow execution; seconds.
|
||||
MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400
|
||||
# -- Maximum time allowed to workflow to spend in "elected" state; seconds.
|
||||
MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900
|
||||
# -- Maximum retry attempts allowed for workflow.
|
||||
MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20
|
||||
# -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds.
|
||||
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900
|
||||
# -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds.
|
||||
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300
|
||||
# -- Time since the last health check report after which workflow is terminated; seconds.
|
||||
TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300
|
||||
# -- Time since the last health check report after which the engine is considered unhealthy; seconds.
|
||||
TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60
|
||||
# -- Time since the last workflow logs activity after which workflow is terminated; seconds.
|
||||
TIME_INACTIVE_UNTIL_TERMINATION: 2700
|
||||
# -- Set pod annotations.
|
||||
podAnnotations: {}
|
||||
# -- Set pod labels.
|
||||
podLabels: {}
|
||||
# -- Set node selector.
|
||||
nodeSelector: {}
|
||||
# -- Set affinity
|
||||
affinity: {}
|
||||
# -- Set tolerations.
|
||||
tolerations: []
|
||||
# -- Set scheduler name.
|
||||
schedulerName: ""
|
||||
# -- Set service account for pod.
|
||||
serviceAccount: codefresh-engine
|
||||
# -- Set extra env vars
|
||||
userEnvVars: []
|
||||
# E.g.
|
||||
# userEnvVars:
|
||||
# - name: GITHUB_TOKEN
|
||||
# valueFrom:
|
||||
# secretKeyRef:
|
||||
# name: github-token
|
||||
# key: token
|
||||
|
||||
# -- Parameters for `runtime-patch` post-upgrade/install hook
|
||||
# @default -- See below
|
||||
patch:
|
||||
enabled: true
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/cli
|
||||
tag: 0.85.0-rootless
|
||||
rbac:
|
||||
enabled: true
|
||||
annotations: {}
|
||||
affinity: {}
|
||||
nodeSelector: {}
|
||||
podSecurityContext: {}
|
||||
resources: {}
|
||||
tolerations: []
|
||||
ttlSecondsAfterFinished: 180
|
||||
env:
|
||||
HOME: /tmp
|
||||
|
||||
# -- Parameters for `gencerts-dind` post-upgrade/install hook
|
||||
# @default -- See below
|
||||
gencerts:
|
||||
enabled: true
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/kubectl
|
||||
tag: 1.28.4
|
||||
rbac:
|
||||
enabled: true
|
||||
annotations: {}
|
||||
affinity: {}
|
||||
nodeSelector: {}
|
||||
podSecurityContext: {}
|
||||
resources: {}
|
||||
tolerations: []
|
||||
ttlSecondsAfterFinished: 180
|
||||
|
||||
# -- DinD pod daemon config
|
||||
# @default -- See below
|
||||
dindDaemon:
|
||||
hosts:
|
||||
- unix:///var/run/docker.sock
|
||||
- tcp://0.0.0.0:1300
|
||||
tlsverify: true
|
||||
tls: true
|
||||
tlscacert: /etc/ssl/cf-client/ca.pem
|
||||
tlscert: /etc/ssl/cf/server-cert.pem
|
||||
tlskey: /etc/ssl/cf/server-key.pem
|
||||
insecure-registries:
|
||||
- 192.168.99.100:5000
|
||||
metrics-addr: 0.0.0.0:9323
|
||||
experimental: true
|
||||
|
||||
# App-Proxy parameters
|
||||
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation
|
||||
# @default -- See below
|
||||
appProxy:
|
||||
# -- Enable app-proxy
|
||||
enabled: false
|
||||
# -- Set number of pods
|
||||
replicasCount: 1
|
||||
# -- Upgrade strategy
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
# -- Set pod annotations
|
||||
podAnnotations: {}
|
||||
|
||||
# -- Set image
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/cf-app-proxy
|
||||
tag: 0.0.47
|
||||
# -- Add additional env vars
|
||||
env: {}
|
||||
|
||||
# Set app-proxy ingress parameters
|
||||
# @default -- See below
|
||||
ingress:
|
||||
# -- Set path prefix for ingress (keep empty for default `/` path)
|
||||
pathPrefix: ""
|
||||
# -- Set ingress class
|
||||
class: ""
|
||||
# -- Set DNS hostname the ingress will use
|
||||
host: ""
|
||||
# -- Set k8s tls secret for the ingress object
|
||||
tlsSecret: ""
|
||||
# -- Set extra annotations for ingress object
|
||||
annotations: {}
|
||||
# E.g.
|
||||
# ingress:
|
||||
# pathPrefix: "/cf-app-proxy"
|
||||
# class: "nginx"
|
||||
# host: "mydomain.com"
|
||||
# tlsSecret: "tls-cert-app-proxy"
|
||||
# annotations:
|
||||
# nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
|
||||
|
||||
# -- Service Account parameters
|
||||
serviceAccount:
|
||||
# -- Create service account
|
||||
create: true
|
||||
# -- Override service account name
|
||||
name: ""
|
||||
# -- Use Role(true)/ClusterRole(true)
|
||||
namespaced: true
|
||||
# -- Additional service account annotations
|
||||
annotations: {}
|
||||
|
||||
# -- RBAC parameters
|
||||
rbac:
|
||||
# -- Create RBAC resources
|
||||
create: true
|
||||
# -- Use Role(true)/ClusterRole(true)
|
||||
namespaced: true
|
||||
# -- Add custom rule to the role
|
||||
rules: []
|
||||
|
||||
# -- Set security context for the pod
|
||||
podSecurityContext: {}
|
||||
|
||||
# -- Readiness probe configuration
|
||||
# @default -- See below
|
||||
readinessProbe:
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
|
||||
# -- Set requests and limits
|
||||
resources: {}
|
||||
# -- Set node selector
|
||||
nodeSelector: {}
|
||||
# -- Set tolerations
|
||||
tolerations: []
|
||||
# -- Set affinity
|
||||
affinity: {}
|
||||
|
||||
# Monitor parameters
|
||||
# @default -- See below
|
||||
monitor:
|
||||
# -- Enable monitor
|
||||
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component
|
||||
enabled: false
|
||||
|
||||
# -- Set number of pods
|
||||
replicasCount: 1
|
||||
# -- Upgrade strategy
|
||||
updateStrategy:
|
||||
type: RollingUpdate
|
||||
# -- Set pod annotations
|
||||
podAnnotations: {}
|
||||
|
||||
# -- Set image
|
||||
image:
|
||||
registry: quay.io
|
||||
repository: codefresh/cf-k8s-agent
|
||||
tag: 1.3.18
|
||||
# -- Add additional env vars
|
||||
env: {}
|
||||
|
||||
# -- Service Account parameters
|
||||
serviceAccount:
|
||||
# -- Create service account
|
||||
create: true
|
||||
# -- Override service account name
|
||||
name: ""
|
||||
# -- Additional service account annotations
|
||||
annotations: {}
|
||||
|
||||
# -- RBAC parameters
|
||||
rbac:
|
||||
# -- Create RBAC resources
|
||||
create: true
|
||||
# -- Use Role(true)/ClusterRole(true)
|
||||
namespaced: true
|
||||
# -- Add custom rule to the role
|
||||
rules: []
|
||||
|
||||
# -- Readiness probe configuration
|
||||
# @default -- See below
|
||||
readinessProbe:
|
||||
failureThreshold: 5
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 5
|
||||
|
||||
podSecurityContext: {}
|
||||
|
||||
# -- Set node selector
|
||||
nodeSelector: {}
|
||||
# -- Set resources
|
||||
resources: {}
|
||||
# -- Set tolerations
|
||||
tolerations: []
|
||||
# -- Set affinity
|
||||
affinity: {}
|
||||
|
||||
# -- Add serviceMonitor
|
||||
# @default -- See below
|
||||
serviceMonitor:
|
||||
main:
|
||||
# -- Enable service monitor for dind pods
|
||||
enabled: false
|
||||
nameOverride: dind
|
||||
selector:
|
||||
matchLabels:
|
||||
app: dind
|
||||
endpoints:
|
||||
- path: /metrics
|
||||
targetPort: 9100
|
||||
relabelings:
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
|
||||
# -- Add podMonitor (for engine pods)
|
||||
# @default -- See below
|
||||
podMonitor:
|
||||
main:
|
||||
# -- Enable pod monitor for engine pods
|
||||
enabled: false
|
||||
nameOverride: engine
|
||||
selector:
|
||||
matchLabels:
|
||||
app: runtime
|
||||
podMetricsEndpoints:
|
||||
- path: /metrics
|
||||
targetPort: 9100
|
||||
|
||||
runner:
|
||||
# -- Enable pod monitor for runner pod
|
||||
enabled: false
|
||||
nameOverride: runner
|
||||
selector:
|
||||
matchLabels:
|
||||
codefresh.io/application: runner
|
||||
podMetricsEndpoints:
|
||||
- path: /metrics
|
||||
targetPort: 8080
|
||||
|
||||
volume-provisioner:
|
||||
# -- Enable pod monitor for volumeProvisioner pod
|
||||
enabled: false
|
||||
nameOverride: volume-provisioner
|
||||
selector:
|
||||
matchLabels:
|
||||
codefresh.io/application: volume-provisioner
|
||||
podMetricsEndpoints:
|
||||
- path: /metrics
|
||||
targetPort: 8080
|
||||
|
||||
# -- Event exporter parameters
|
||||
# @default -- See below
|
||||
event-exporter:
|
||||
# -- Enable event-exporter
|
||||
enabled: false
|
||||
# -- Set number of pods
|
||||
replicasCount: 1
|
||||
# -- Upgrade strategy
|
||||
updateStrategy:
|
||||
type: Recreate
|
||||
# -- Set pod annotations
|
||||
podAnnotations: {}
|
||||
|
||||
# -- Set image
|
||||
image:
|
||||
registry: docker.io
|
||||
repository: codefresh/k8s-event-exporter
|
||||
tag: latest
|
||||
# -- Add additional env vars
|
||||
env: {}
|
||||
|
||||
# -- Service Account parameters
|
||||
serviceAccount:
|
||||
# -- Create service account
|
||||
create: true
|
||||
# -- Override service account name
|
||||
name: ""
|
||||
# -- Additional service account annotations
|
||||
annotations: {}
|
||||
|
||||
# -- RBAC parameters
|
||||
rbac:
|
||||
# -- Create RBAC resources
|
||||
create: true
|
||||
# -- Add custom rule to the role
|
||||
rules: []
|
||||
|
||||
# -- Set security context for the pod
|
||||
# @default -- See below
|
||||
podSecurityContext:
|
||||
enabled: false
|
||||
|
||||
# -- Set node selector
|
||||
nodeSelector: {}
|
||||
# -- Set resources
|
||||
resources: {}
|
||||
# -- Set tolerations
|
||||
tolerations: []
|
||||
# -- Set affinity
|
||||
affinity: {}
|
||||
|
||||
# -- Array of extra objects to deploy with the release
|
||||
extraResources: []
|
||||
# E.g.
|
||||
# extraResources:
|
||||
# - apiVersion: rbac.authorization.k8s.io/v1
|
||||
# kind: ClusterRole
|
||||
# metadata:
|
||||
# name: codefresh-role
|
||||
# rules:
|
||||
# - apiGroups: [ "*"]
|
||||
# resources: ["*"]
|
||||
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
|
||||
# - apiVersion: v1
|
||||
# kind: ServiceAccount
|
||||
# metadata:
|
||||
# name: codefresh-user
|
||||
# namespace: "{{ .Release.Namespace }}"
|
||||
# - apiVersion: rbac.authorization.k8s.io/v1
|
||||
# kind: ClusterRoleBinding
|
||||
# metadata:
|
||||
# name: codefresh-user
|
||||
# roleRef:
|
||||
# apiGroup: rbac.authorization.k8s.io
|
||||
# kind: ClusterRole
|
||||
# name: codefresh-role
|
||||
# subjects:
|
||||
# - kind: ServiceAccount
|
||||
# name: codefresh-user
|
||||
# namespace: "{{ .Release.Namespace }}"
|
||||
# - apiVersion: v1
|
||||
# kind: Secret
|
||||
# type: kubernetes.io/service-account-token
|
||||
# metadata:
|
||||
# name: codefresh-user-token
|
||||
# namespace: "{{ .Release.Namespace }}"
|
||||
# annotations:
|
||||
# kubernetes.io/service-account.name: "codefresh-user"
|
||||
|
|
@ -0,0 +1,25 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*.orig
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
|
||||
tests/
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
annotations:
|
||||
catalog.cattle.io/certified: partner
|
||||
catalog.cattle.io/display-name: Dynatrace Operator
|
||||
catalog.cattle.io/kube-version: '>=1.19.0-0'
|
||||
catalog.cattle.io/release-name: dynatrace-operator
|
||||
apiVersion: v2
|
||||
appVersion: 1.3.1
|
||||
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
|
||||
home: https://www.dynatrace.com/
|
||||
icon: file://assets/icons/dynatrace-operator.png
|
||||
kubeVersion: '>=1.19.0-0'
|
||||
maintainers:
|
||||
- email: marcell.sevcsik@dynatrace.com
|
||||
name: 0sewa0
|
||||
- email: christoph.muellner@dynatrace.com
|
||||
name: chrismuellner
|
||||
- email: lukas.hinterreiter@dynatrace.com
|
||||
name: luhi-DT
|
||||
name: dynatrace-operator
|
||||
sources:
|
||||
- https://github.com/Dynatrace/dynatrace-operator
|
||||
type: application
|
||||
version: 1.3.1
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
# Dynatrace Operator Helm Chart
|
||||
|
||||
The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift.
|
||||
|
||||
This Helm Chart requires Helm 3.
|
||||
|
||||
## Quick Start
|
||||
|
||||
Migration instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-dto-helm#migrate).
|
||||
|
||||
Install the Dynatrace Operator via Helm by running the following commands.
|
||||
|
||||
### Installation
|
||||
|
||||
> For instructions on how to install the dynatrace-operator on Openshift, head to the
|
||||
> [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm)
|
||||
|
||||
#### For versions older than 0.15.0
|
||||
|
||||
Add `dynatrace` helm repository:
|
||||
|
||||
```console
|
||||
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/main/config/helm/repos/stable
|
||||
```
|
||||
|
||||
Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace:
|
||||
|
||||
```console
|
||||
helm install dynatrace-operator dynatrace/dynatrace-operator -n dynatrace --create-namespace --atomic
|
||||
```
|
||||
|
||||
#### For versions 0.15.0 and after
|
||||
|
||||
Install `dynatrace-operator` helm chart using the OCI repository and create the corresponding `dynatrace` namespace:
|
||||
|
||||
```console
|
||||
helm install dynatrace-operator oci://public.ecr.aws/dynatrace/dynatrace-operator -n dynatrace --create-namespace --atomic
|
||||
```
|
||||
|
||||
## Uninstall chart
|
||||
|
||||
> Full instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm#uninstall-dynatrace-operator)
|
||||
|
||||
Uninstall the Dynatrace Operator by running the following command:
|
||||
|
||||
```console
|
||||
helm uninstall dynatrace-operator -n dynatrace
|
||||
```
|
||||
|
|
@ -0,0 +1,5 @@
|
|||
# Dynatrace Operator
|
||||
|
||||
The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift.
|
||||
|
||||
As of launch, the Dynatrace Operator can be used to deploy a containerized ActiveGate for Kubernetes API monitoring. New capabilities will be added to the Dynatrace Operator over time including metric routing, and API monitoring for AWS, Azure, GCP, and vSphere.
|
||||
Binary file not shown.
|
After Width: | Height: | Size: 9.7 KiB |
|
|
@ -0,0 +1,236 @@
|
|||
categories:
|
||||
- APM
|
||||
- Monitoring
|
||||
questions:
|
||||
|
||||
#################### Global Configuration ####################
|
||||
- variable: installCRD
|
||||
label: "Install Custom Resource Definitions"
|
||||
description: "Installs the Custom Resource Definitions for the Dynakube. This is recommended if you haven't installed it manually yet. Default: true"
|
||||
default: true
|
||||
type: boolean
|
||||
group: "Global Configuration"
|
||||
|
||||
- variable: image
|
||||
label: "Set a custom image for operator components"
|
||||
description: "Set a custom image for operator. Defaults to public.ecr.aws/dynatrace/dynatrace-operator"
|
||||
default: ""
|
||||
type: string
|
||||
group: "Global Configuration"
|
||||
|
||||
- variable: customPullSecret
|
||||
label: "Set a custom pull secret for operator image"
|
||||
description: "Set a custom pull secret for the operator image"
|
||||
default: ""
|
||||
type: string
|
||||
group: "Global Configuration"
|
||||
|
||||
#################### Operator Deployment Configuration ####################
|
||||
- variable: operator.nodeSelector
|
||||
label: "Assign the Dynatrace Operator's pod to certain nodes"
|
||||
description: "Defines a NodeSelector to customize to which nodes the Dynatrace Operator can be deployed on - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector"
|
||||
default: ""
|
||||
type: string
|
||||
group: "Operator Deployment Configuration"
|
||||
|
||||
- variable: operator.tolerations
|
||||
label: "Custom tolerations for the Dynatrace Operator's pod"
|
||||
description: "Defines custom tolerations to the Dynatrace Operator - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/"
|
||||
default: ""
|
||||
type: string
|
||||
group: "Operator Deployment Configuration"
|
||||
|
||||
- variable: operator.apparmor
|
||||
label: "Enable AppArmor for the Dynatrace Operator's pod"
|
||||
description: "Adds AppArmor security annotations to the Dynatrace Operator's pod. Default: false"
|
||||
default: false
|
||||
type: boolean
|
||||
group: "Operator Deployment Configuration"
|
||||
|
||||
- variable: operator.requests.cpu
|
||||
label: "CPU resource requests settings for Dynatrace Operator's pods"
|
||||
description: "The minimum amount of CPU resources that the Dynatrace Operator's pods should request. Affects scheduling. Default: 50m"
|
||||
default: "50m"
|
||||
type: string
|
||||
group: "Operator Deployment Configuration"
|
||||
|
||||
- variable: operator.requests.memory
|
||||
label: "Memory resource requests settings for Dynatrace Operator's pods"
|
||||
description: "The minimum amount of memory that the Dynatrace Operator's pods should request. Affects scheduling. Default: 64Mi"
|
||||
default: "64Mi"
|
||||
type: string
|
||||
group: "Operator Deployment Configuration"
|
||||
|
||||
- variable: operator.limits.cpu
|
||||
label: "CPU resource limits settings for Dynatrace Operator's pods"
|
||||
description: "The maximum amount of CPU resources that the Dynatrace Operator's pods can use. Default: 100m"
|
||||
default: "100m"
|
||||
type: string
|
||||
group: "Operator Deployment Configuration"
|
||||
|
||||
- variable: operator.limits.memory
|
||||
label: "Memory resource limits settings for Dynatrace Operator's pods"
|
||||
description: "The maximum amount of memory that the Dynatrace Operator's pods can use. Pod restarted if exceeded. Default: 128Mi"
|
||||
default: "128Mi"
|
||||
type: string
|
||||
group: "Operator Deployment Configuration"
|
||||
|
||||
|
||||
#################### Webhook Deployment Configuration ####################
|
||||
|
||||
- variable: webhook.apparmor
|
||||
label: "Enable AppArmor for the Dynatrace Webhook's pod"
|
||||
description: "Adds AppArmor security annotations to the Dynatrace Webhook's pod. Default: false"
|
||||
default: false
|
||||
type: boolean
|
||||
group: "Webhook Deployment Configuration"
|
||||
|
||||
- variable: webhook.highAvailability
|
||||
label: "Enable high availability for the Dynatrace Webhook's pod"
|
||||
description: "Adds topologySpreadConstraints and increases the replicas to 2 for the Dynatrace Webhook's pod. Default: false"
|
||||
default: false
|
||||
type: boolean
|
||||
group: "Webhook Deployment Configuration"
|
||||
|
||||
- variable: webhook.hostNetwork
|
||||
label: "Enable hostNetwork for the Dynatrace Webhook's pod"
|
||||
description: "Enables hostNetwork for the Dynatrace Webhook's pod. Default: false"
|
||||
default: false
|
||||
type: boolean
|
||||
group: "Webhook Deployment Configuration"
|
||||
|
||||
- variable: webhook.requests.cpu
|
||||
label: "CPU resource requests settings for Dynatrace Webhook's pods"
|
||||
description: "The minimum amount of CPU resources that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 300m"
|
||||
default: "300m"
|
||||
type: string
|
||||
group: "Webhook Deployment Configuration"
|
||||
|
||||
- variable: webhook.requests.memory
|
||||
label: "Memory resource requests settings for Dynatrace Webhook's pods"
|
||||
description: "The minimum amount of memory that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 128Mi"
|
||||
default: "128Mi"
|
||||
type: string
|
||||
group: "Webhook Deployment Configuration"
|
||||
|
||||
- variable: webhook.limits.cpu
|
||||
label: "CPU resource limits settings for Dynatrace Webhook's pods"
|
||||
description: "The maximum amount of CPU resources that the Dynatrace Webhook's pods can use. Default: 300m"
|
||||
default: "300m"
|
||||
type: string
|
||||
group: "Webhook Deployment Configuration"
|
||||
|
||||
- variable: webhook.limits.memory
|
||||
label: "Memory resource limits settings for Dynatrace Webhook's pods"
|
||||
description: "The maximum amount of memory that the Dynatrace Webhook's pods can use. Pod restarted if exceeded. Default: 128Mi"
|
||||
default: "128Mi"
|
||||
type: string
|
||||
group: "Webhook Deployment Configuration"
|
||||
|
||||
|
||||
#################### CSI Driver Deployment Configuration ####################
|
||||
|
||||
- variable: csidriver.enabled
|
||||
label: "Deploy the Dynatrace CSI Driver"
|
||||
description: "Deploys the Dynatrace CSI Driver via a DaemonSet to enable Cloud Native FullStack. Default: false"
|
||||
default: false
|
||||
type: boolean
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.server.requests.cpu
|
||||
label: "CPU resource requests settings for Dynatrace CSI Driver's server container"
|
||||
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's server container should request. Affects scheduling. Default: 50m"
|
||||
default: "50m"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.server.requests.memory
|
||||
label: "Memory resource requests settings for Dynatrace CSI Driver's server container"
|
||||
description: "The minimum amount of memory that the Dynatrace CSI Driver's server container should request. Affects scheduling. Default: 100Mi"
|
||||
default: "100Mi"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.server.limits.cpu
|
||||
label: "CPU resource limits settings for Dynatrace CSI Driver's server container"
|
||||
description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's server container can use. Default: 50m"
|
||||
default: "50m"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.server.limits.memory
|
||||
label: "Memory resource limits settings for Dynatrace CSI Driver's server container"
|
||||
description: "The maximum amount of memory that the Dynatrace CSI Driver's server container can use. Pod restarted if exceeded. Default: 100Mi"
|
||||
default: "100Mi"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.provisioner.requests.cpu
|
||||
label: "CPU resource requests settings for Dynatrace CSI Driver's provisioner container"
|
||||
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's provisioner container should request. Affects scheduling. Default: 300m"
|
||||
default: "300m"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.provisioner.requests.memory
|
||||
label: "Memory resource requests settings for Dynatrace CSI Driver's provisioner container"
|
||||
description: "The minimum amount of memory that the Dynatrace CSI Driver's provisioner container should request. Affects scheduling. Default: 100Mi"
|
||||
default: "100Mi"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.registrar.requests.cpu
|
||||
label: "CPU resource requests settings for Dynatrace CSI Driver's registrar container"
|
||||
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's registrar container should request. Affects scheduling. Default: 20m"
|
||||
default: "20m"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.registrar.requests.memory
|
||||
label: "Memory resource requests settings for Dynatrace CSI Driver's registrar container"
|
||||
description: "The minimum amount of memory that the Dynatrace CSI Driver's registrar container should request. Affects scheduling. Default: 30Mi"
|
||||
default: "30Mi"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.registrar.limits.cpu
|
||||
label: "CPU resource limits settings for Dynatrace CSI Driver's registrar container"
|
||||
description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's registrar container can use. Default: 20m"
|
||||
default: "20m"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.registrar.limits.memory
|
||||
label: "Memory resource limits settings for Dynatrace CSI Driver's registrar container"
|
||||
description: "The maximum amount of memory that the Dynatrace CSI Driver's registrar container can use. Pod restarted if exceeded. Default: 30Mi"
|
||||
default: "30Mi"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.livenessprobe.requests.cpu
|
||||
label: "CPU resource requests settings for Dynatrace CSI Driver's livenessprobe container"
|
||||
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's livenessprobe container should request. Affects scheduling. Default: 20m"
|
||||
default: "20m"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.livenessprobe.requests.memory
|
||||
label: "Memory resource requests settings for Dynatrace CSI Driver's livenessprobe container"
|
||||
description: "The minimum amount of memory that the Dynatrace CSI Driver's livenessprobe container should request. Affects scheduling. Default: 30Mi"
|
||||
default: "30Mi"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.livenessprobe.limits.cpu
|
||||
label: "CPU resource limits settings for Dynatrace CSI Driver's livenessprobe container"
|
||||
description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's livenessprobe container can use. Default: 20m"
|
||||
default: "20m"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
||||
- variable: csidriver.livenessprobe.limits.memory
|
||||
label: "Memory resource limits settings for Dynatrace CSI Driver's livenessprobe container"
|
||||
description: "The maximum amount of memory that the Dynatrace CSI Driver's livenessprobe container can use. Pod restarted if exceeded. Default: 30Mi"
|
||||
default: "30Mi"
|
||||
type: string
|
||||
group: "CSI Driver Deployment Configuration"
|
||||
|
|
@ -0,0 +1,47 @@
|
|||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-activegate
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- privileged
|
||||
- nonroot-v2
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-activegate
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-activegate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-activegate
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: dynatrace-activegate
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,47 @@
|
|||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
kind: ClusterRole
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
rules:
|
||||
{{- if (eq (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- privileged
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{ end }}
|
||||
---
|
||||
kind: ClusterRoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: storage.k8s.io/v1
|
||||
kind: CSIDriver
|
||||
metadata:
|
||||
name: csi.oneagent.dynatrace.com
|
||||
labels:
|
||||
{{- if eq (include "dynatrace-operator.platform" .) "openshift" }}
|
||||
security.openshift.io/csi-ephemeral-volume-profile: "restricted"
|
||||
{{- end }}
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
spec:
|
||||
attachRequired: false
|
||||
podInfoOnMount: true
|
||||
volumeLifecycleModes:
|
||||
- Ephemeral
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,280 @@
|
|||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
annotations:
|
||||
{{- if .Values.csidriver.annotations }}
|
||||
{{- toYaml .Values.csidriver.annotations | nindent 4 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
{{- if .Values.csidriver.labels }}
|
||||
{{- toYaml .Values.csidriver.labels | nindent 4 }}
|
||||
{{- end}}
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
spec:
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
{{- include "dynatrace-operator.csiSelectorLabels" . | nindent 6 }}
|
||||
template:
|
||||
metadata:
|
||||
annotations:
|
||||
dynatrace.com/inject: "false"
|
||||
kubectl.kubernetes.io/default-container: provisioner
|
||||
cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false"
|
||||
{{- if and (eq (default false .Values.apparmor) true) (ne (include "dynatrace-operator.platform" .) "openshift") }}
|
||||
container.apparmor.security.beta.kubernetes.io/csi-init: runtime/default
|
||||
container.apparmor.security.beta.kubernetes.io/server: runtime/default
|
||||
container.apparmor.security.beta.kubernetes.io/provisioner: runtime/default
|
||||
container.apparmor.security.beta.kubernetes.io/registrar: runtime/default
|
||||
container.apparmor.security.beta.kubernetes.io/liveness-probe: runtime/default
|
||||
{{- end}}
|
||||
{{- if .Values.csidriver.annotations }}
|
||||
{{- toYaml .Values.csidriver.annotations | nindent 8 }}
|
||||
{{- end }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 8 }}
|
||||
{{- include "dynatrace-operator.csiSelectorLabels" . | nindent 8 }}
|
||||
{{- if .Values.csidriver.labels }}
|
||||
{{- toYaml .Values.csidriver.labels | nindent 8 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
initContainers:
|
||||
- name: csi-init
|
||||
image: {{ include "dynatrace-operator.image" . }}
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- csi-init
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
resources:
|
||||
{{- if .Values.csidriver.csiInit.resources }}
|
||||
{{- toYaml .Values.csidriver.csiInit.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.csidriver.csiInit.securityContext| nindent 10 }}
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: data-dir
|
||||
containers:
|
||||
# Used to receive/execute gRPC requests (NodePublishVolume/NodeUnpublishVolume) from kubelet to mount/unmount volumes for a pod
|
||||
# - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
|
||||
# - Needs access to the filesystem of pods on the node, and mount stuff to it,needs to read/write to it, needs root permissions to do so
|
||||
# - Needs access to a dedicated folder on the node to persist data, needs to read/write to it.
|
||||
- name: server
|
||||
image: {{ include "dynatrace-operator.image" . }}
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- csi-server
|
||||
- --endpoint=unix://csi/csi.sock
|
||||
- --node-id=$(KUBE_NODE_NAME)
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
- name: KUBE_NODE_NAME
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: spec.nodeName
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /healthz
|
||||
port: healthz
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
ports:
|
||||
- containerPort: 9808
|
||||
name: healthz
|
||||
- containerPort: 8080
|
||||
name: metrics
|
||||
resources:
|
||||
{{- if .Values.csidriver.server.resources }}
|
||||
{{- toYaml .Values.csidriver.server.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.csidriver.server.securityContext | nindent 10 }}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
volumeMounts:
|
||||
- mountPath: /csi
|
||||
name: plugin-dir
|
||||
- mountPath: {{ include "dynatrace-operator.CSIMountPointDir" . }}
|
||||
mountPropagation: Bidirectional
|
||||
name: mountpoint-dir
|
||||
- mountPath: /data
|
||||
name: data-dir
|
||||
mountPropagation: Bidirectional
|
||||
- name: tmp-dir
|
||||
mountPath: /tmp
|
||||
- name: provisioner
|
||||
image: {{ include "dynatrace-operator.image" . }}
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- csi-provisioner
|
||||
- --health-probe-bind-address=:10090
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
apiVersion: v1
|
||||
fieldPath: metadata.namespace
|
||||
{{- if .Values.csidriver.maxUnmountedVolumeAge }}
|
||||
- name: MAX_UNMOUNTED_VOLUME_AGE
|
||||
value: "{{ .Values.csidriver.maxUnmountedVolumeAge}}"
|
||||
{{- end }}
|
||||
{{- include "dynatrace-operator.startupProbe" . | nindent 8 }}
|
||||
livenessProbe:
|
||||
failureThreshold: 3
|
||||
httpGet:
|
||||
path: /livez
|
||||
port: livez
|
||||
scheme: HTTP
|
||||
initialDelaySeconds: 5
|
||||
periodSeconds: 5
|
||||
successThreshold: 1
|
||||
timeoutSeconds: 1
|
||||
ports:
|
||||
- name: livez
|
||||
containerPort: 10090
|
||||
- name: metrics
|
||||
containerPort: 8090
|
||||
resources:
|
||||
{{- if .Values.csidriver.provisioner.resources }}
|
||||
{{- toYaml .Values.csidriver.provisioner.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.csidriver.provisioner.securityContext | nindent 10 }}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
volumeMounts:
|
||||
- mountPath: /data
|
||||
name: data-dir
|
||||
mountPropagation: Bidirectional
|
||||
- mountPath: /tmp
|
||||
name: tmp-dir
|
||||
|
||||
# Used to make a gRPC request (GetPluginInfo()) to the driver to get driver name and driver contain
|
||||
# - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
|
||||
# Used for registering the driver with kubelet
|
||||
# - Needs access to the registration socket, needs to read/write to it, needs root permissions to do so.
|
||||
- name: registrar
|
||||
image: {{ include "dynatrace-operator.image" . }}
|
||||
imagePullPolicy: Always
|
||||
env:
|
||||
- name: DRIVER_REG_SOCK_PATH
|
||||
value: {{ include "dynatrace-operator.CSISocketPath" . }}
|
||||
args:
|
||||
- --csi-address=/csi/csi.sock
|
||||
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
|
||||
command:
|
||||
- csi-node-driver-registrar
|
||||
resources:
|
||||
{{- if .Values.csidriver.registrar.resources }}
|
||||
{{- toYaml .Values.csidriver.registrar.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
securityContext:
|
||||
{{- toYaml .Values.csidriver.registrar.securityContext | nindent 10 }}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
volumeMounts:
|
||||
- mountPath: /csi
|
||||
name: plugin-dir
|
||||
- mountPath: /registration
|
||||
name: registration-dir
|
||||
- mountPath: {{ include "dynatrace-operator.CSIPluginDir" . }}
|
||||
name: lockfile-dir
|
||||
# Used to make a gRPC request (Probe()) to the driver to check if its running
|
||||
# - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
|
||||
- name: liveness-probe
|
||||
image: {{ include "dynatrace-operator.image" . }}
|
||||
imagePullPolicy: Always
|
||||
args:
|
||||
- --csi-address=/csi/csi.sock
|
||||
- --health-port=9808
|
||||
command:
|
||||
- livenessprobe
|
||||
resources:
|
||||
{{- if .Values.csidriver.livenessprobe.resources }}
|
||||
{{- toYaml .Values.csidriver.livenessprobe.resources | nindent 10 }}
|
||||
{{- end }}
|
||||
terminationMessagePath: /dev/termination-log
|
||||
terminationMessagePolicy: File
|
||||
securityContext:
|
||||
{{- toYaml .Values.csidriver.livenessprobe.securityContext| nindent 10 }}
|
||||
volumeMounts:
|
||||
- mountPath: /csi
|
||||
name: plugin-dir
|
||||
dnsPolicy: ClusterFirst
|
||||
restartPolicy: Always
|
||||
schedulerName: default-scheduler
|
||||
securityContext: {}
|
||||
serviceAccountName: dynatrace-oneagent-csi-driver
|
||||
terminationGracePeriodSeconds: 30
|
||||
priorityClassName: {{ include "dynatrace-operator.CSIPriorityClassName" . }}
|
||||
volumes:
|
||||
# This volume is where the registrar registers the plugin with kubelet
|
||||
- name: registration-dir
|
||||
hostPath:
|
||||
path: {{ include "dynatrace-operator.CSIRegistrationDir" . }}
|
||||
type: Directory
|
||||
# This volume is where the socket for kubelet->driver communication is done
|
||||
- name: plugin-dir
|
||||
hostPath:
|
||||
path: {{ include "dynatrace-operator.CSIPluginDir" . }}
|
||||
type: DirectoryOrCreate
|
||||
- name: data-dir
|
||||
hostPath:
|
||||
path: {{ include "dynatrace-operator.CSIDataDir" . }}
|
||||
type: DirectoryOrCreate
|
||||
# This volume is where the driver mounts volumes
|
||||
- name: mountpoint-dir
|
||||
hostPath:
|
||||
path: {{ include "dynatrace-operator.CSIMountPointDir" . }}
|
||||
type: DirectoryOrCreate
|
||||
# Used by the registrar to create its lockfile
|
||||
- name: lockfile-dir
|
||||
emptyDir: {}
|
||||
# A volume for the driver to write temporary files to
|
||||
- name: tmp-dir
|
||||
emptyDir: {}
|
||||
{{- if .Values.customPullSecret }}
|
||||
imagePullSecrets:
|
||||
- name: {{ .Values.customPullSecret }}
|
||||
{{- end }}
|
||||
{{- if .Values.csidriver.nodeSelector }}
|
||||
nodeSelector: {{- toYaml .Values.csidriver.nodeSelector | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- include "dynatrace-operator.nodeAffinity" . | nindent 6 }}
|
||||
tolerations:
|
||||
{{- if .Values.csidriver.tolerations }}
|
||||
{{- toYaml .Values.csidriver.tolerations | nindent 8 }}
|
||||
{{- end }}
|
||||
{{- include "dynatrace-operator.defaultTolerations" . | nindent 8 }}
|
||||
- key: ToBeDeletedByClusterAutoscaler
|
||||
operator: Exists
|
||||
effect: NoSchedule
|
||||
updateStrategy:
|
||||
{{- toYaml .Values.csidriver.updateStrategy | nindent 4 }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
{{ if (eq (include "dynatrace-operator.needPriorityClass" .) "true") }}
|
||||
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
kind: PriorityClass
|
||||
apiVersion: scheduling.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-high-priority
|
||||
value: {{ default 1000000 (int (.Values.csidriver).priorityClassValue) }}
|
||||
globalDefault: false
|
||||
description: "This priority class is used for Dynatrace Components in order to make sure they are not evicted in favor of other pods"
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,70 @@
|
|||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
kind: Role
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- dynatrace.com
|
||||
resources:
|
||||
- dynakubes
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- secrets
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- configmaps
|
||||
verbs:
|
||||
- get
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- events
|
||||
verbs:
|
||||
- create
|
||||
- patch
|
||||
---
|
||||
kind: RoleBinding
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
kind: Role
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,22 @@
|
|||
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: dynatrace-oneagent-csi-driver
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
|
||||
{{- end -}}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: dynatrace-edgeconnect
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
|
||||
|
|
@ -0,0 +1,114 @@
|
|||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- nodes
|
||||
- pods
|
||||
- namespaces
|
||||
- replicationcontrollers
|
||||
- events
|
||||
- resourcequotas
|
||||
- pods/proxy
|
||||
- nodes/proxy
|
||||
- nodes/metrics
|
||||
- services
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
- apiGroups:
|
||||
- batch
|
||||
resources:
|
||||
- jobs
|
||||
- cronjobs
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
- apiGroups:
|
||||
- apps
|
||||
resources:
|
||||
- deployments
|
||||
- replicasets
|
||||
- statefulsets
|
||||
- daemonsets
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
- apiGroups:
|
||||
- apps.openshift.io
|
||||
resources:
|
||||
- deploymentconfigs
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
- apiGroups:
|
||||
- config.openshift.io
|
||||
resources:
|
||||
- clusterversions
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
- apiGroups:
|
||||
- dynatrace.com
|
||||
resources:
|
||||
- dynakubes
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- get
|
||||
- nonResourceURLs:
|
||||
- /metrics
|
||||
- /version
|
||||
- /readyz
|
||||
- /livez
|
||||
verbs:
|
||||
- get
|
||||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- privileged
|
||||
- nonroot-v2
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
{{ end }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
namespace: {{ .Release.Namespace }}
|
||||
|
|
@ -0,0 +1,20 @@
|
|||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: dynatrace-kubernetes-monitoring
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
|
||||
|
|
@ -0,0 +1,45 @@
|
|||
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
|
||||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- security.openshift.io
|
||||
resourceNames:
|
||||
- privileged
|
||||
resources:
|
||||
- securitycontextconstraints
|
||||
verbs:
|
||||
- use
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: dynatrace-dynakube-oneagent
|
||||
namespace: {{ .Release.Namespace }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: dynatrace-dynakube-oneagent
|
||||
{{ end }}
|
||||
|
|
@ -0,0 +1,21 @@
|
|||
# Copyright 2021 Dynatrace LLC
|
||||
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: dynatrace-dynakube-oneagent
|
||||
namespace: {{ .Release.Namespace }}
|
||||
labels:
|
||||
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
|
||||
automountServiceAccountToken: false
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue