TVK operator update v2.5.0
parent
4cfe4668d0
commit
45a0ab4d6e
Binary file not shown.
|
@ -0,0 +1,23 @@
|
||||||
|
# Patterns to ignore when building packages.
|
||||||
|
# This supports shell glob matching, relative path matching, and
|
||||||
|
# negation (prefixed with !). Only one pattern per line.
|
||||||
|
.DS_Store
|
||||||
|
# Common VCS dirs
|
||||||
|
.git/
|
||||||
|
.gitignore
|
||||||
|
.bzr/
|
||||||
|
.bzrignore
|
||||||
|
.hg/
|
||||||
|
.hgignore
|
||||||
|
.svn/
|
||||||
|
# Common backup files
|
||||||
|
*.swp
|
||||||
|
*.bak
|
||||||
|
*.tmp
|
||||||
|
*~
|
||||||
|
# Various IDEs
|
||||||
|
.project
|
||||||
|
.idea/
|
||||||
|
*.tmproj
|
||||||
|
# Helm files
|
||||||
|
OWNERS
|
|
@ -0,0 +1,18 @@
|
||||||
|
annotations:
|
||||||
|
catalog.cattle.io/certified: partner
|
||||||
|
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
||||||
|
catalog.cattle.io/release-name: k8s-triliovault-operator
|
||||||
|
apiVersion: v1
|
||||||
|
appVersion: 2.5.0
|
||||||
|
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
|
||||||
|
Application Lifecycle.
|
||||||
|
home: https://github.com/trilioData/k8s-triliovault-operator
|
||||||
|
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||||
|
kubeVersion: '>= 1.18'
|
||||||
|
maintainers:
|
||||||
|
- email: prafull.ladha@trilio.io
|
||||||
|
name: prafull11
|
||||||
|
name: k8s-triliovault-operator
|
||||||
|
sources:
|
||||||
|
- https://github.com/trilioData/k8s-triliovault-operator
|
||||||
|
version: 2.5.0
|
|
@ -0,0 +1 @@
|
||||||
|
# Placeholder for the License if we decide to provide one
|
|
@ -0,0 +1,41 @@
|
||||||
|
# K8s-TrilioVault-Operator
|
||||||
|
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
|
||||||
|
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
## Prerequisites
|
||||||
|
|
||||||
|
- Kubernetes 1.13+
|
||||||
|
- Alpha feature gates should be enabled
|
||||||
|
- PV provisioner support
|
||||||
|
- CSI driver should be installed
|
||||||
|
|
||||||
|
## Installation
|
||||||
|
|
||||||
|
To install the chart with the operator name `trilio`:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# For helm version 2
|
||||||
|
helm install --name trilio k8s-triliovault-operator
|
||||||
|
|
||||||
|
# For helm version 3
|
||||||
|
helm install --name-template trilio k8s-triliovault-operator
|
||||||
|
```
|
||||||
|
|
||||||
|
The command deploys the K8s-triliovault-operator with the default configuration.
|
||||||
|
|
||||||
|
## Uninstall
|
||||||
|
|
||||||
|
To uninstall/delete the chart `trilio` :
|
||||||
|
|
||||||
|
```bash
|
||||||
|
# For helm version 2
|
||||||
|
helm delete trilio --purge
|
||||||
|
|
||||||
|
# For helm version 3
|
||||||
|
helm uninstall trilio
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configuration
|
||||||
|
|
||||||
|
TODO: Add possible configuration in helm chart.
|
|
@ -0,0 +1,37 @@
|
||||||
|
# TrilioVault for Kubernetes
|
||||||
|
|
||||||
|
[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage
|
||||||
|
the K8s-TrilioVault Application Lifecycle.
|
||||||
|
|
||||||
|
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
|
||||||
|
|
||||||
|
Introduction:
|
||||||
|
|
||||||
|
Prerequisites:
|
||||||
|
|
||||||
|
Kubernetes 1.17+
|
||||||
|
Alpha feature gates should be enabled
|
||||||
|
PV provisioner support
|
||||||
|
CSI driver should be installed
|
||||||
|
|
||||||
|
Installation:
|
||||||
|
|
||||||
|
To install the chart with the operator name trilio:
|
||||||
|
|
||||||
|
helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator
|
||||||
|
|
||||||
|
# For helm version 3
|
||||||
|
|
||||||
|
helm install triliovault-operator triliovault-operator/k8s-triliovault-operator
|
||||||
|
|
||||||
|
The command deploys the Triliovault for Kubernetes Operator with the default configuration.
|
||||||
|
|
||||||
|
Uninstall:
|
||||||
|
|
||||||
|
To uninstall/delete the chart trilio :
|
||||||
|
|
||||||
|
# For helm version 3
|
||||||
|
helm uninstall k8s-triliovault-operator
|
||||||
|
|
||||||
|
For more information around TVM manager installation, please follow below link:
|
||||||
|
https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault
|
|
@ -0,0 +1,883 @@
|
||||||
|
|
||||||
|
---
|
||||||
|
apiVersion: apiextensions.k8s.io/v1
|
||||||
|
kind: CustomResourceDefinition
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
controller-gen.kubebuilder.io/version: v0.6.1
|
||||||
|
creationTimestamp: null
|
||||||
|
name: triliovaultmanagers.triliovault.trilio.io
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: k8s-triliovault-operator
|
||||||
|
spec:
|
||||||
|
group: triliovault.trilio.io
|
||||||
|
names:
|
||||||
|
kind: TrilioVaultManager
|
||||||
|
listKind: TrilioVaultManagerList
|
||||||
|
plural: triliovaultmanagers
|
||||||
|
shortNames:
|
||||||
|
- tvm
|
||||||
|
singular: triliovaultmanager
|
||||||
|
scope: Namespaced
|
||||||
|
versions:
|
||||||
|
- additionalPrinterColumns:
|
||||||
|
- jsonPath: .spec.trilioVaultAppVersion
|
||||||
|
name: TrilioVault-Version
|
||||||
|
type: string
|
||||||
|
- jsonPath: .spec.applicationScope
|
||||||
|
name: Scope
|
||||||
|
type: string
|
||||||
|
- jsonPath: .status.conditions.type
|
||||||
|
name: Status
|
||||||
|
type: string
|
||||||
|
- jsonPath: .spec.restoreNamespaces
|
||||||
|
name: Restore-Namespaces
|
||||||
|
type: string
|
||||||
|
name: v1
|
||||||
|
schema:
|
||||||
|
openAPIV3Schema:
|
||||||
|
description: TrilioVaultManager is the Schema for the triliovaultmanagers
|
||||||
|
API
|
||||||
|
properties:
|
||||||
|
apiVersion:
|
||||||
|
description: 'APIVersion defines the versioned schema of this representation
|
||||||
|
of an object. Servers should convert recognized schemas to the latest
|
||||||
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
||||||
|
type: string
|
||||||
|
kind:
|
||||||
|
description: 'Kind is a string value representing the REST resource this
|
||||||
|
object represents. Servers may infer this from the endpoint the client
|
||||||
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
||||||
|
type: string
|
||||||
|
metadata:
|
||||||
|
type: object
|
||||||
|
spec:
|
||||||
|
description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager
|
||||||
|
properties:
|
||||||
|
affinity:
|
||||||
|
description: The scheduling constraints on application pods.
|
||||||
|
properties:
|
||||||
|
nodeAffinity:
|
||||||
|
description: Describes node affinity scheduling rules for the
|
||||||
|
pod.
|
||||||
|
properties:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
description: The scheduler will prefer to schedule pods to
|
||||||
|
nodes that satisfy the affinity expressions specified by
|
||||||
|
this field, but it may choose a node that violates one or
|
||||||
|
more of the expressions. The node that is most preferred
|
||||||
|
is the one with the greatest sum of weights, i.e. for each
|
||||||
|
node that meets all of the scheduling requirements (resource
|
||||||
|
request, requiredDuringScheduling affinity expressions,
|
||||||
|
etc.), compute a sum by iterating through the elements of
|
||||||
|
this field and adding "weight" to the sum if the node matches
|
||||||
|
the corresponding matchExpressions; the node(s) with the
|
||||||
|
highest sum are the most preferred.
|
||||||
|
items:
|
||||||
|
description: An empty preferred scheduling term matches
|
||||||
|
all objects with implicit weight 0 (i.e. it's a no-op).
|
||||||
|
A null preferred scheduling term matches no objects (i.e.
|
||||||
|
is also a no-op).
|
||||||
|
properties:
|
||||||
|
preference:
|
||||||
|
description: A node selector term, associated with the
|
||||||
|
corresponding weight.
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: A list of node selector requirements
|
||||||
|
by node's labels.
|
||||||
|
items:
|
||||||
|
description: A node selector requirement is a
|
||||||
|
selector that contains values, a key, and an
|
||||||
|
operator that relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: The label key that the selector
|
||||||
|
applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: Represents a key's relationship
|
||||||
|
to a set of values. Valid operators are
|
||||||
|
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||||
|
Lt.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: An array of string values. If
|
||||||
|
the operator is In or NotIn, the values
|
||||||
|
array must be non-empty. If the operator
|
||||||
|
is Exists or DoesNotExist, the values array
|
||||||
|
must be empty. If the operator is Gt or
|
||||||
|
Lt, the values array must have a single
|
||||||
|
element, which will be interpreted as an
|
||||||
|
integer. This array is replaced during a
|
||||||
|
strategic merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
matchFields:
|
||||||
|
description: A list of node selector requirements
|
||||||
|
by node's fields.
|
||||||
|
items:
|
||||||
|
description: A node selector requirement is a
|
||||||
|
selector that contains values, a key, and an
|
||||||
|
operator that relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: The label key that the selector
|
||||||
|
applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: Represents a key's relationship
|
||||||
|
to a set of values. Valid operators are
|
||||||
|
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||||
|
Lt.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: An array of string values. If
|
||||||
|
the operator is In or NotIn, the values
|
||||||
|
array must be non-empty. If the operator
|
||||||
|
is Exists or DoesNotExist, the values array
|
||||||
|
must be empty. If the operator is Gt or
|
||||||
|
Lt, the values array must have a single
|
||||||
|
element, which will be interpreted as an
|
||||||
|
integer. This array is replaced during a
|
||||||
|
strategic merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
weight:
|
||||||
|
description: Weight associated with matching the corresponding
|
||||||
|
nodeSelectorTerm, in the range 1-100.
|
||||||
|
format: int32
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- preference
|
||||||
|
- weight
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
description: If the affinity requirements specified by this
|
||||||
|
field are not met at scheduling time, the pod will not be
|
||||||
|
scheduled onto the node. If the affinity requirements specified
|
||||||
|
by this field cease to be met at some point during pod execution
|
||||||
|
(e.g. due to an update), the system may or may not try to
|
||||||
|
eventually evict the pod from its node.
|
||||||
|
properties:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
description: Required. A list of node selector terms.
|
||||||
|
The terms are ORed.
|
||||||
|
items:
|
||||||
|
description: A null or empty node selector term matches
|
||||||
|
no objects. The requirements of them are ANDed. The
|
||||||
|
TopologySelectorTerm type implements a subset of the
|
||||||
|
NodeSelectorTerm.
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: A list of node selector requirements
|
||||||
|
by node's labels.
|
||||||
|
items:
|
||||||
|
description: A node selector requirement is a
|
||||||
|
selector that contains values, a key, and an
|
||||||
|
operator that relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: The label key that the selector
|
||||||
|
applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: Represents a key's relationship
|
||||||
|
to a set of values. Valid operators are
|
||||||
|
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||||
|
Lt.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: An array of string values. If
|
||||||
|
the operator is In or NotIn, the values
|
||||||
|
array must be non-empty. If the operator
|
||||||
|
is Exists or DoesNotExist, the values array
|
||||||
|
must be empty. If the operator is Gt or
|
||||||
|
Lt, the values array must have a single
|
||||||
|
element, which will be interpreted as an
|
||||||
|
integer. This array is replaced during a
|
||||||
|
strategic merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
matchFields:
|
||||||
|
description: A list of node selector requirements
|
||||||
|
by node's fields.
|
||||||
|
items:
|
||||||
|
description: A node selector requirement is a
|
||||||
|
selector that contains values, a key, and an
|
||||||
|
operator that relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: The label key that the selector
|
||||||
|
applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: Represents a key's relationship
|
||||||
|
to a set of values. Valid operators are
|
||||||
|
In, NotIn, Exists, DoesNotExist. Gt, and
|
||||||
|
Lt.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: An array of string values. If
|
||||||
|
the operator is In or NotIn, the values
|
||||||
|
array must be non-empty. If the operator
|
||||||
|
is Exists or DoesNotExist, the values array
|
||||||
|
must be empty. If the operator is Gt or
|
||||||
|
Lt, the values array must have a single
|
||||||
|
element, which will be interpreted as an
|
||||||
|
integer. This array is replaced during a
|
||||||
|
strategic merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- nodeSelectorTerms
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
podAffinity:
|
||||||
|
description: Describes pod affinity scheduling rules (e.g. co-locate
|
||||||
|
this pod in the same node, zone, etc. as some other pod(s)).
|
||||||
|
properties:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
description: The scheduler will prefer to schedule pods to
|
||||||
|
nodes that satisfy the affinity expressions specified by
|
||||||
|
this field, but it may choose a node that violates one or
|
||||||
|
more of the expressions. The node that is most preferred
|
||||||
|
is the one with the greatest sum of weights, i.e. for each
|
||||||
|
node that meets all of the scheduling requirements (resource
|
||||||
|
request, requiredDuringScheduling affinity expressions,
|
||||||
|
etc.), compute a sum by iterating through the elements of
|
||||||
|
this field and adding "weight" to the sum if the node has
|
||||||
|
pods which matches the corresponding podAffinityTerm; the
|
||||||
|
node(s) with the highest sum are the most preferred.
|
||||||
|
items:
|
||||||
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||||
|
fields are added per-node to find the most preferred node(s)
|
||||||
|
properties:
|
||||||
|
podAffinityTerm:
|
||||||
|
description: Required. A pod affinity term, associated
|
||||||
|
with the corresponding weight.
|
||||||
|
properties:
|
||||||
|
labelSelector:
|
||||||
|
description: A label query over a set of resources,
|
||||||
|
in this case pods.
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: matchExpressions is a list of label
|
||||||
|
selector requirements. The requirements are
|
||||||
|
ANDed.
|
||||||
|
items:
|
||||||
|
description: A label selector requirement
|
||||||
|
is a selector that contains values, a key,
|
||||||
|
and an operator that relates the key and
|
||||||
|
values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: key is the label key that
|
||||||
|
the selector applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: operator represents a key's
|
||||||
|
relationship to a set of values. Valid
|
||||||
|
operators are In, NotIn, Exists and
|
||||||
|
DoesNotExist.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: values is an array of string
|
||||||
|
values. If the operator is In or NotIn,
|
||||||
|
the values array must be non-empty.
|
||||||
|
If the operator is Exists or DoesNotExist,
|
||||||
|
the values array must be empty. This
|
||||||
|
array is replaced during a strategic
|
||||||
|
merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: matchLabels is a map of {key,value}
|
||||||
|
pairs. A single {key,value} in the matchLabels
|
||||||
|
map is equivalent to an element of matchExpressions,
|
||||||
|
whose key field is "key", the operator is
|
||||||
|
"In", and the values array contains only "value".
|
||||||
|
The requirements are ANDed.
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
namespaces:
|
||||||
|
description: namespaces specifies which namespaces
|
||||||
|
the labelSelector applies to (matches against);
|
||||||
|
null or empty list means "this pod's namespace"
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
topologyKey:
|
||||||
|
description: This pod should be co-located (affinity)
|
||||||
|
or not co-located (anti-affinity) with the pods
|
||||||
|
matching the labelSelector in the specified namespaces,
|
||||||
|
where co-located is defined as running on a node
|
||||||
|
whose value of the label with key topologyKey
|
||||||
|
matches that of any node on which any of the selected
|
||||||
|
pods is running. Empty topologyKey is not allowed.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- topologyKey
|
||||||
|
type: object
|
||||||
|
weight:
|
||||||
|
description: weight associated with matching the corresponding
|
||||||
|
podAffinityTerm, in the range 1-100.
|
||||||
|
format: int32
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- podAffinityTerm
|
||||||
|
- weight
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
description: If the affinity requirements specified by this
|
||||||
|
field are not met at scheduling time, the pod will not be
|
||||||
|
scheduled onto the node. If the affinity requirements specified
|
||||||
|
by this field cease to be met at some point during pod execution
|
||||||
|
(e.g. due to a pod label update), the system may or may
|
||||||
|
not try to eventually evict the pod from its node. When
|
||||||
|
there are multiple elements, the lists of nodes corresponding
|
||||||
|
to each podAffinityTerm are intersected, i.e. all terms
|
||||||
|
must be satisfied.
|
||||||
|
items:
|
||||||
|
description: Defines a set of pods (namely those matching
|
||||||
|
the labelSelector relative to the given namespace(s))
|
||||||
|
that this pod should be co-located (affinity) or not co-located
|
||||||
|
(anti-affinity) with, where co-located is defined as running
|
||||||
|
on a node whose value of the label with key <topologyKey>
|
||||||
|
matches that of any node on which a pod of the set of
|
||||||
|
pods is running
|
||||||
|
properties:
|
||||||
|
labelSelector:
|
||||||
|
description: A label query over a set of resources,
|
||||||
|
in this case pods.
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: matchExpressions is a list of label
|
||||||
|
selector requirements. The requirements are ANDed.
|
||||||
|
items:
|
||||||
|
description: A label selector requirement is a
|
||||||
|
selector that contains values, a key, and an
|
||||||
|
operator that relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: key is the label key that the
|
||||||
|
selector applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: operator represents a key's relationship
|
||||||
|
to a set of values. Valid operators are
|
||||||
|
In, NotIn, Exists and DoesNotExist.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: values is an array of string
|
||||||
|
values. If the operator is In or NotIn,
|
||||||
|
the values array must be non-empty. If the
|
||||||
|
operator is Exists or DoesNotExist, the
|
||||||
|
values array must be empty. This array is
|
||||||
|
replaced during a strategic merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: matchLabels is a map of {key,value}
|
||||||
|
pairs. A single {key,value} in the matchLabels
|
||||||
|
map is equivalent to an element of matchExpressions,
|
||||||
|
whose key field is "key", the operator is "In",
|
||||||
|
and the values array contains only "value". The
|
||||||
|
requirements are ANDed.
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
namespaces:
|
||||||
|
description: namespaces specifies which namespaces the
|
||||||
|
labelSelector applies to (matches against); null or
|
||||||
|
empty list means "this pod's namespace"
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
topologyKey:
|
||||||
|
description: This pod should be co-located (affinity)
|
||||||
|
or not co-located (anti-affinity) with the pods matching
|
||||||
|
the labelSelector in the specified namespaces, where
|
||||||
|
co-located is defined as running on a node whose value
|
||||||
|
of the label with key topologyKey matches that of
|
||||||
|
any node on which any of the selected pods is running.
|
||||||
|
Empty topologyKey is not allowed.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- topologyKey
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
podAntiAffinity:
|
||||||
|
description: Describes pod anti-affinity scheduling rules (e.g.
|
||||||
|
avoid putting this pod in the same node, zone, etc. as some
|
||||||
|
other pod(s)).
|
||||||
|
properties:
|
||||||
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
description: The scheduler will prefer to schedule pods to
|
||||||
|
nodes that satisfy the anti-affinity expressions specified
|
||||||
|
by this field, but it may choose a node that violates one
|
||||||
|
or more of the expressions. The node that is most preferred
|
||||||
|
is the one with the greatest sum of weights, i.e. for each
|
||||||
|
node that meets all of the scheduling requirements (resource
|
||||||
|
request, requiredDuringScheduling anti-affinity expressions,
|
||||||
|
etc.), compute a sum by iterating through the elements of
|
||||||
|
this field and adding "weight" to the sum if the node has
|
||||||
|
pods which matches the corresponding podAffinityTerm; the
|
||||||
|
node(s) with the highest sum are the most preferred.
|
||||||
|
items:
|
||||||
|
description: The weights of all of the matched WeightedPodAffinityTerm
|
||||||
|
fields are added per-node to find the most preferred node(s)
|
||||||
|
properties:
|
||||||
|
podAffinityTerm:
|
||||||
|
description: Required. A pod affinity term, associated
|
||||||
|
with the corresponding weight.
|
||||||
|
properties:
|
||||||
|
labelSelector:
|
||||||
|
description: A label query over a set of resources,
|
||||||
|
in this case pods.
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: matchExpressions is a list of label
|
||||||
|
selector requirements. The requirements are
|
||||||
|
ANDed.
|
||||||
|
items:
|
||||||
|
description: A label selector requirement
|
||||||
|
is a selector that contains values, a key,
|
||||||
|
and an operator that relates the key and
|
||||||
|
values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: key is the label key that
|
||||||
|
the selector applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: operator represents a key's
|
||||||
|
relationship to a set of values. Valid
|
||||||
|
operators are In, NotIn, Exists and
|
||||||
|
DoesNotExist.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: values is an array of string
|
||||||
|
values. If the operator is In or NotIn,
|
||||||
|
the values array must be non-empty.
|
||||||
|
If the operator is Exists or DoesNotExist,
|
||||||
|
the values array must be empty. This
|
||||||
|
array is replaced during a strategic
|
||||||
|
merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: matchLabels is a map of {key,value}
|
||||||
|
pairs. A single {key,value} in the matchLabels
|
||||||
|
map is equivalent to an element of matchExpressions,
|
||||||
|
whose key field is "key", the operator is
|
||||||
|
"In", and the values array contains only "value".
|
||||||
|
The requirements are ANDed.
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
namespaces:
|
||||||
|
description: namespaces specifies which namespaces
|
||||||
|
the labelSelector applies to (matches against);
|
||||||
|
null or empty list means "this pod's namespace"
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
topologyKey:
|
||||||
|
description: This pod should be co-located (affinity)
|
||||||
|
or not co-located (anti-affinity) with the pods
|
||||||
|
matching the labelSelector in the specified namespaces,
|
||||||
|
where co-located is defined as running on a node
|
||||||
|
whose value of the label with key topologyKey
|
||||||
|
matches that of any node on which any of the selected
|
||||||
|
pods is running. Empty topologyKey is not allowed.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- topologyKey
|
||||||
|
type: object
|
||||||
|
weight:
|
||||||
|
description: weight associated with matching the corresponding
|
||||||
|
podAffinityTerm, in the range 1-100.
|
||||||
|
format: int32
|
||||||
|
type: integer
|
||||||
|
required:
|
||||||
|
- podAffinityTerm
|
||||||
|
- weight
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
description: If the anti-affinity requirements specified by
|
||||||
|
this field are not met at scheduling time, the pod will
|
||||||
|
not be scheduled onto the node. If the anti-affinity requirements
|
||||||
|
specified by this field cease to be met at some point during
|
||||||
|
pod execution (e.g. due to a pod label update), the system
|
||||||
|
may or may not try to eventually evict the pod from its
|
||||||
|
node. When there are multiple elements, the lists of nodes
|
||||||
|
corresponding to each podAffinityTerm are intersected, i.e.
|
||||||
|
all terms must be satisfied.
|
||||||
|
items:
|
||||||
|
description: Defines a set of pods (namely those matching
|
||||||
|
the labelSelector relative to the given namespace(s))
|
||||||
|
that this pod should be co-located (affinity) or not co-located
|
||||||
|
(anti-affinity) with, where co-located is defined as running
|
||||||
|
on a node whose value of the label with key <topologyKey>
|
||||||
|
matches that of any node on which a pod of the set of
|
||||||
|
pods is running
|
||||||
|
properties:
|
||||||
|
labelSelector:
|
||||||
|
description: A label query over a set of resources,
|
||||||
|
in this case pods.
|
||||||
|
properties:
|
||||||
|
matchExpressions:
|
||||||
|
description: matchExpressions is a list of label
|
||||||
|
selector requirements. The requirements are ANDed.
|
||||||
|
items:
|
||||||
|
description: A label selector requirement is a
|
||||||
|
selector that contains values, a key, and an
|
||||||
|
operator that relates the key and values.
|
||||||
|
properties:
|
||||||
|
key:
|
||||||
|
description: key is the label key that the
|
||||||
|
selector applies to.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: operator represents a key's relationship
|
||||||
|
to a set of values. Valid operators are
|
||||||
|
In, NotIn, Exists and DoesNotExist.
|
||||||
|
type: string
|
||||||
|
values:
|
||||||
|
description: values is an array of string
|
||||||
|
values. If the operator is In or NotIn,
|
||||||
|
the values array must be non-empty. If the
|
||||||
|
operator is Exists or DoesNotExist, the
|
||||||
|
values array must be empty. This array is
|
||||||
|
replaced during a strategic merge patch.
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
required:
|
||||||
|
- key
|
||||||
|
- operator
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
matchLabels:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: matchLabels is a map of {key,value}
|
||||||
|
pairs. A single {key,value} in the matchLabels
|
||||||
|
map is equivalent to an element of matchExpressions,
|
||||||
|
whose key field is "key", the operator is "In",
|
||||||
|
and the values array contains only "value". The
|
||||||
|
requirements are ANDed.
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
namespaces:
|
||||||
|
description: namespaces specifies which namespaces the
|
||||||
|
labelSelector applies to (matches against); null or
|
||||||
|
empty list means "this pod's namespace"
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
topologyKey:
|
||||||
|
description: This pod should be co-located (affinity)
|
||||||
|
or not co-located (anti-affinity) with the pods matching
|
||||||
|
the labelSelector in the specified namespaces, where
|
||||||
|
co-located is defined as running on a node whose value
|
||||||
|
of the label with key topologyKey matches that of
|
||||||
|
any node on which any of the selected pods is running.
|
||||||
|
Empty topologyKey is not allowed.
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- topologyKey
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
applicationScope:
|
||||||
|
description: Scope for the application which will be installed in
|
||||||
|
the cluster NamespaceScope or ClusterScope
|
||||||
|
enum:
|
||||||
|
- Cluster
|
||||||
|
- Namespaced
|
||||||
|
type: string
|
||||||
|
componentConfiguration:
|
||||||
|
description: ComponentConfiguration holds all the field related to
|
||||||
|
components.
|
||||||
|
properties:
|
||||||
|
admission-webhook:
|
||||||
|
description: AdmissionWebhook holds all configuration keys related
|
||||||
|
to admission-webhook
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
control-plane:
|
||||||
|
description: ControlPlane holds all configuration keys related
|
||||||
|
to control-plane
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
exporter:
|
||||||
|
description: Exporter holds all configuration keys related to
|
||||||
|
exporter
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
ingress-controller:
|
||||||
|
description: IngressController holds all configuration keys related
|
||||||
|
to ingress-controller
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
web:
|
||||||
|
description: Web holds all configuration keys related to web
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
web-backend:
|
||||||
|
description: WebBackend holds all configuration keys related to
|
||||||
|
web-backend
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
type: object
|
||||||
|
dataJobLimits:
|
||||||
|
additionalProperties:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
description: DataJobLimits are the resource limits for all the data
|
||||||
|
processing jobs.
|
||||||
|
type: object
|
||||||
|
deploymentLimits:
|
||||||
|
additionalProperties:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
description: DeploymentLimits are the resource limits for all the
|
||||||
|
deployments.
|
||||||
|
type: object
|
||||||
|
helmValues:
|
||||||
|
description: HelmValues holds all the additional fields in the values.yaml
|
||||||
|
of TVK helm chart.
|
||||||
|
type: object
|
||||||
|
x-kubernetes-preserve-unknown-fields: true
|
||||||
|
helmVersion:
|
||||||
|
description: 'Deprecated: Helm Version'
|
||||||
|
properties:
|
||||||
|
tillerNamespace:
|
||||||
|
type: string
|
||||||
|
version:
|
||||||
|
enum:
|
||||||
|
- v3
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- version
|
||||||
|
type: object
|
||||||
|
metadataJobLimits:
|
||||||
|
additionalProperties:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
description: MetadataJobLimits are the resource limits for all the
|
||||||
|
meta processing jobs.
|
||||||
|
type: object
|
||||||
|
nodeSelector:
|
||||||
|
additionalProperties:
|
||||||
|
type: string
|
||||||
|
description: NodeSelector specifies a map of key-value pairs. For
|
||||||
|
the pod to be eligible to run on a node, the node must have each
|
||||||
|
of the indicated key-value pairs as labels.
|
||||||
|
type: object
|
||||||
|
resources:
|
||||||
|
description: 'Deprecated: Resources are the resource requirements
|
||||||
|
for the containers.'
|
||||||
|
properties:
|
||||||
|
limits:
|
||||||
|
additionalProperties:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
description: 'Limits describes the maximum amount of compute resources
|
||||||
|
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||||
|
type: object
|
||||||
|
requests:
|
||||||
|
additionalProperties:
|
||||||
|
anyOf:
|
||||||
|
- type: integer
|
||||||
|
- type: string
|
||||||
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
||||||
|
x-kubernetes-int-or-string: true
|
||||||
|
description: 'Requests describes the minimum amount of compute
|
||||||
|
resources required. If Requests is omitted for a container,
|
||||||
|
it defaults to Limits if that is explicitly specified, otherwise
|
||||||
|
to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
restoreNamespaces:
|
||||||
|
description: 'Deprecated: RestoreNamespaces are the namespace where
|
||||||
|
you want to restore your applications. Restore Namespaces depends
|
||||||
|
on your k8s RBAC'
|
||||||
|
items:
|
||||||
|
type: string
|
||||||
|
type: array
|
||||||
|
tolerations:
|
||||||
|
description: The toleration of application against the specific taints
|
||||||
|
on the nodes
|
||||||
|
items:
|
||||||
|
description: The pod this Toleration is attached to tolerates any
|
||||||
|
taint that matches the triple <key,value,effect> using the matching
|
||||||
|
operator <operator>.
|
||||||
|
properties:
|
||||||
|
effect:
|
||||||
|
description: Effect indicates the taint effect to match. Empty
|
||||||
|
means match all taint effects. When specified, allowed values
|
||||||
|
are NoSchedule, PreferNoSchedule and NoExecute.
|
||||||
|
type: string
|
||||||
|
key:
|
||||||
|
description: Key is the taint key that the toleration applies
|
||||||
|
to. Empty means match all taint keys. If the key is empty,
|
||||||
|
operator must be Exists; this combination means to match all
|
||||||
|
values and all keys.
|
||||||
|
type: string
|
||||||
|
operator:
|
||||||
|
description: Operator represents a key's relationship to the
|
||||||
|
value. Valid operators are Exists and Equal. Defaults to Equal.
|
||||||
|
Exists is equivalent to wildcard for value, so that a pod
|
||||||
|
can tolerate all taints of a particular category.
|
||||||
|
type: string
|
||||||
|
tolerationSeconds:
|
||||||
|
description: TolerationSeconds represents the period of time
|
||||||
|
the toleration (which must be of effect NoExecute, otherwise
|
||||||
|
this field is ignored) tolerates the taint. By default, it
|
||||||
|
is not set, which means tolerate the taint forever (do not
|
||||||
|
evict). Zero and negative values will be treated as 0 (evict
|
||||||
|
immediately) by the system.
|
||||||
|
format: int64
|
||||||
|
type: integer
|
||||||
|
value:
|
||||||
|
description: Value is the taint value the toleration matches
|
||||||
|
to. If the operator is Exists, the value should be empty,
|
||||||
|
otherwise just a regular string.
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
type: array
|
||||||
|
trilioVaultAppVersion:
|
||||||
|
description: Helm Chart version
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- applicationScope
|
||||||
|
type: object
|
||||||
|
status:
|
||||||
|
description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager
|
||||||
|
properties:
|
||||||
|
conditions:
|
||||||
|
properties:
|
||||||
|
lastTransitionTime:
|
||||||
|
format: date-time
|
||||||
|
nullable: true
|
||||||
|
type: string
|
||||||
|
message:
|
||||||
|
minLength: 0
|
||||||
|
type: string
|
||||||
|
reason:
|
||||||
|
enum:
|
||||||
|
- InstallSuccessful
|
||||||
|
- UpdateSuccessful
|
||||||
|
- UninstallSuccessful
|
||||||
|
- InstallError
|
||||||
|
- UpdateError
|
||||||
|
- ReconcileError
|
||||||
|
- UninstallError
|
||||||
|
type: string
|
||||||
|
status:
|
||||||
|
enum:
|
||||||
|
- "True"
|
||||||
|
- "False"
|
||||||
|
- Unknown
|
||||||
|
type: string
|
||||||
|
type:
|
||||||
|
enum:
|
||||||
|
- Initialized
|
||||||
|
- Deployed
|
||||||
|
- Updated
|
||||||
|
- ReleaseFailed
|
||||||
|
- Irreconcilable
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
deployedRelease:
|
||||||
|
properties:
|
||||||
|
manifest:
|
||||||
|
type: string
|
||||||
|
name:
|
||||||
|
type: string
|
||||||
|
type: object
|
||||||
|
releaseVersion:
|
||||||
|
type: string
|
||||||
|
required:
|
||||||
|
- conditions
|
||||||
|
type: object
|
||||||
|
type: object
|
||||||
|
served: true
|
||||||
|
storage: true
|
||||||
|
subresources:
|
||||||
|
status: {}
|
||||||
|
status:
|
||||||
|
acceptedNames:
|
||||||
|
kind: ""
|
||||||
|
plural: ""
|
||||||
|
conditions: []
|
||||||
|
storedVersions: []
|
|
@ -0,0 +1,3 @@
|
||||||
|
To verify that TrilioVault Operator has started, run:
|
||||||
|
|
||||||
|
kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}"
|
|
@ -0,0 +1,38 @@
|
||||||
|
{{/*
|
||||||
|
Expand the name of the chart.
|
||||||
|
*/}}
|
||||||
|
{{- define "k8s-triliovault-operator.name" -}}
|
||||||
|
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{- define "k8s-triliovault-operator.appName" -}}
|
||||||
|
{{- printf "%s" .Chart.Name -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Create a default fully qualified app name.
|
||||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||||
|
*/}}
|
||||||
|
{{- define "k8s-triliovault-operator.fullname" -}}
|
||||||
|
{{- if .Values.fullnameOverride -}}
|
||||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||||
|
{{- if contains $name .Release.Name -}}
|
||||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- else -}}
|
||||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
{{- end -}}
|
||||||
|
|
||||||
|
{{/*
|
||||||
|
Return the proper TrilioVault Operator image name
|
||||||
|
*/}}
|
||||||
|
{{- define "k8s-triliovault-operator.image" -}}
|
||||||
|
{{- $registryName := .Values.image.registry -}}
|
||||||
|
{{- $repositoryName := .Values.image.repository -}}
|
||||||
|
{{- $tag := .Values.image.tag | toString -}}
|
||||||
|
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
|
||||||
|
{{- end -}}
|
|
@ -0,0 +1,111 @@
|
||||||
|
---
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRole
|
||||||
|
metadata:
|
||||||
|
name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- '*'
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- list
|
||||||
|
- watch
|
||||||
|
- apiGroups:
|
||||||
|
- apiextensions.k8s.io
|
||||||
|
resources:
|
||||||
|
- customresourcedefinitions
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- delete
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- serviceaccounts
|
||||||
|
- services
|
||||||
|
- services/finalizers
|
||||||
|
- secrets
|
||||||
|
- events
|
||||||
|
- pods
|
||||||
|
- endpoints
|
||||||
|
- configmaps
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- delete
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- admissionregistration.k8s.io
|
||||||
|
resources:
|
||||||
|
- validatingwebhookconfigurations
|
||||||
|
- mutatingwebhookconfigurations
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- delete
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- apps
|
||||||
|
resources:
|
||||||
|
- deployments
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- delete
|
||||||
|
- patch
|
||||||
|
- apiGroups:
|
||||||
|
- rbac.authorization.k8s.io
|
||||||
|
resources:
|
||||||
|
- clusterroles
|
||||||
|
- clusterrolebindings
|
||||||
|
- roles
|
||||||
|
- rolebindings
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- delete
|
||||||
|
- patch
|
||||||
|
- bind
|
||||||
|
- escalate
|
||||||
|
- apiGroups:
|
||||||
|
- triliovault.trilio.io
|
||||||
|
resources:
|
||||||
|
- '*'
|
||||||
|
verbs:
|
||||||
|
- '*'
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
verbs:
|
||||||
|
- update
|
||||||
|
- apiGroups:
|
||||||
|
- batch
|
||||||
|
resources:
|
||||||
|
- cronjobs
|
||||||
|
verbs:
|
||||||
|
- delete
|
||||||
|
- apiGroups:
|
||||||
|
- policy
|
||||||
|
resources:
|
||||||
|
- poddisruptionbudgets
|
||||||
|
verbs:
|
||||||
|
- create
|
||||||
|
- update
|
||||||
|
- patch
|
||||||
|
- delete
|
||||||
|
- apiGroups:
|
||||||
|
- networking.k8s.io
|
||||||
|
resources:
|
||||||
|
- ingresses
|
||||||
|
- ingressclasses
|
||||||
|
verbs:
|
||||||
|
- delete
|
|
@ -0,0 +1,17 @@
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: ClusterRoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-manager-rolebinding
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
|
||||||
|
namespace: {{ .Release.Namespace }}
|
|
@ -0,0 +1,133 @@
|
||||||
|
apiVersion: apps/v1
|
||||||
|
kind: Deployment
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
spec:
|
||||||
|
selector:
|
||||||
|
matchLabels:
|
||||||
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
replicas: {{ .Values.replicaCount }}
|
||||||
|
template:
|
||||||
|
metadata:
|
||||||
|
labels:
|
||||||
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
spec:
|
||||||
|
hostNetwork: {{ .Values.podSpec.hostNetwork }}
|
||||||
|
hostIPC: {{ .Values.podSpec.hostIPC }}
|
||||||
|
hostPID: {{ .Values.podSpec.hostPID }}
|
||||||
|
{{- if .Values.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.podSpec.securityContext | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
containers:
|
||||||
|
- name: k8s-triliovault-operator
|
||||||
|
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||||
|
env:
|
||||||
|
{{- if .Values.tvkEnv }}
|
||||||
|
- name: TVK_ENV
|
||||||
|
value: {{ .Values.tvkEnv }}
|
||||||
|
{{- end}}
|
||||||
|
{{- if .Values.tvkHelmRepo }}
|
||||||
|
- name: TVK_HELM_REPO
|
||||||
|
value: {{ .Values.tvkHelmRepo }}
|
||||||
|
{{- end }}
|
||||||
|
- name: REGISTRY
|
||||||
|
value: {{ .Values.registry }}
|
||||||
|
- name: ADMISSION_MUTATION_CONFIG
|
||||||
|
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
||||||
|
- name: ADMISSION_VALIDATION_CONFIG
|
||||||
|
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
||||||
|
- name: NAMESPACE_VALIDATION_CONFIG
|
||||||
|
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
|
||||||
|
volumeMounts:
|
||||||
|
{{- if .Values.tls.enable }}
|
||||||
|
- name: helm-tls-certs
|
||||||
|
mountPath: /root/.helm
|
||||||
|
readOnly: true
|
||||||
|
{{- if .Values.tls.verify }}
|
||||||
|
- name: helm-tls-ca
|
||||||
|
mountPath: /root/.helm/ca.crt
|
||||||
|
readOnly: true
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
||||||
|
name: webhook-certs
|
||||||
|
readOnly: true
|
||||||
|
{{- if .Values.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpu: 200m
|
||||||
|
memory: 512Mi
|
||||||
|
requests:
|
||||||
|
cpu: 10m
|
||||||
|
memory: 10Mi
|
||||||
|
initContainers:
|
||||||
|
- name: webhook-init
|
||||||
|
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
|
||||||
|
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||||
|
{{- if .Values.securityContext }}
|
||||||
|
securityContext:
|
||||||
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
||||||
|
{{- end }}
|
||||||
|
env:
|
||||||
|
- name: TVK_ENV
|
||||||
|
value: {{ .Values.tvkEnv }}
|
||||||
|
- name: TVK_HELM_REPO
|
||||||
|
value: {{ .Values.tvkHelmRepo }}
|
||||||
|
- name: RELEASE_VERSION
|
||||||
|
value: {{ .Chart.Version }}
|
||||||
|
- name: ADMISSION_MUTATION_CONFIG
|
||||||
|
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
||||||
|
- name: ADMISSION_VALIDATION_CONFIG
|
||||||
|
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
||||||
|
- name: NAMESPACE_VALIDATION_CONFIG
|
||||||
|
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
|
||||||
|
- name: WEBHOOK_SERVICE
|
||||||
|
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||||
|
- name: WEBHOOK_NAMESPACE
|
||||||
|
value: {{ .Release.Namespace }}
|
||||||
|
- name: SECRET_NAME
|
||||||
|
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|
||||||
|
serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
|
||||||
|
{{- if .Values.nodeSelector }}
|
||||||
|
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
{{- if .Values.affinity }}
|
||||||
|
affinity:
|
||||||
|
{{- toYaml .Values.affinity | nindent 8 }}
|
||||||
|
{{- end }}
|
||||||
|
volumes:
|
||||||
|
{{- if .Values.tls.enable }}
|
||||||
|
- name: helm-tls-certs
|
||||||
|
secret:
|
||||||
|
secretName: {{ .Values.tls.secretName }}
|
||||||
|
defaultMode: 0400
|
||||||
|
{{- if .Values.tls.verify }}
|
||||||
|
- name: helm-tls-ca
|
||||||
|
configMap:
|
||||||
|
name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config
|
||||||
|
defaultMode: 0600
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
- name: webhook-certs
|
||||||
|
secret:
|
||||||
|
defaultMode: 420
|
||||||
|
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|
|
@ -0,0 +1,29 @@
|
||||||
|
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||||
|
kind: MutatingWebhookConfiguration
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-mutating-webhook-configuration
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
webhooks:
|
||||||
|
- clientConfig:
|
||||||
|
caBundle: Cg==
|
||||||
|
service:
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
path: /mutate-triliovault-trilio-io-v1-triliovaultmanager
|
||||||
|
failurePolicy: Fail
|
||||||
|
name: v1-tvm-mutation.trilio.io
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- triliovault.trilio.io
|
||||||
|
apiVersions:
|
||||||
|
- v1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- triliovaultmanagers
|
||||||
|
sideEffects: None
|
|
@ -0,0 +1,35 @@
|
||||||
|
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||||
|
kind: ValidatingWebhookConfiguration
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-ns-validating-webhook-configuration
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
webhooks:
|
||||||
|
- clientConfig:
|
||||||
|
caBundle: Cg==
|
||||||
|
service:
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
path: /validate-core-v1-namespace
|
||||||
|
failurePolicy: Fail
|
||||||
|
name: v1-tvm-ns-validation.trilio.io
|
||||||
|
namespaceSelector:
|
||||||
|
matchExpressions:
|
||||||
|
- key: trilio-operator-label
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- {{ .Release.Namespace }}
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
apiVersions:
|
||||||
|
- v1
|
||||||
|
operations:
|
||||||
|
- DELETE
|
||||||
|
resources:
|
||||||
|
- namespaces
|
||||||
|
scope: '*'
|
||||||
|
sideEffects: None
|
|
@ -0,0 +1,11 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Secret
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-certs
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
type: Opaque
|
|
@ -0,0 +1,10 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: ServiceAccount
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-service-account
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
|
@ -0,0 +1,29 @@
|
||||||
|
apiVersion: admissionregistration.k8s.io/v1beta1
|
||||||
|
kind: ValidatingWebhookConfiguration
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
|
||||||
|
labels:
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
webhooks:
|
||||||
|
- clientConfig:
|
||||||
|
caBundle: Cg==
|
||||||
|
service:
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
path: /validate-triliovault-trilio-io-v1-triliovaultmanager
|
||||||
|
failurePolicy: Fail
|
||||||
|
name: v1-tvm-validation.trilio.io
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- triliovault.trilio.io
|
||||||
|
apiVersions:
|
||||||
|
- v1
|
||||||
|
operations:
|
||||||
|
- CREATE
|
||||||
|
- UPDATE
|
||||||
|
resources:
|
||||||
|
- triliovaultmanagers
|
||||||
|
sideEffects: None
|
|
@ -0,0 +1,19 @@
|
||||||
|
apiVersion: v1
|
||||||
|
kind: Service
|
||||||
|
metadata:
|
||||||
|
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
labels:
|
||||||
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||||
|
release: "{{ .Release.Name }}"
|
||||||
|
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
|
||||||
|
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-service
|
||||||
|
app.kubernetes.io/managed-by: {{ .Release.Service }}
|
||||||
|
spec:
|
||||||
|
ports:
|
||||||
|
- port: 443
|
||||||
|
targetPort: 9443
|
||||||
|
selector:
|
||||||
|
app: {{ template "k8s-triliovault-operator.fullname" . }}
|
||||||
|
release: "{{ .Release.Name }}"
|
|
@ -0,0 +1,55 @@
|
||||||
|
## TrilioVault Operator
|
||||||
|
registry: "eu.gcr.io/amazing-chalice-243510"
|
||||||
|
|
||||||
|
operator-webhook-init:
|
||||||
|
repository: operator-webhook-init
|
||||||
|
|
||||||
|
k8s-triliovault-operator:
|
||||||
|
repository: k8s-triliovault-operator
|
||||||
|
|
||||||
|
tag: "2.5.0"
|
||||||
|
|
||||||
|
tvkHelmRepo: ""
|
||||||
|
|
||||||
|
affinity:
|
||||||
|
nodeAffinity:
|
||||||
|
requiredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
nodeSelectorTerms:
|
||||||
|
- matchExpressions:
|
||||||
|
- key: kubernetes.io/arch
|
||||||
|
operator: In
|
||||||
|
values:
|
||||||
|
- amd64
|
||||||
|
|
||||||
|
image:
|
||||||
|
pullPolicy: Always
|
||||||
|
tls:
|
||||||
|
secretName: "helm-client-certs"
|
||||||
|
verify: false
|
||||||
|
enable: false
|
||||||
|
keyFile: "tls.key"
|
||||||
|
certFile: "tls.crt"
|
||||||
|
caContent: ""
|
||||||
|
hostname: ""
|
||||||
|
|
||||||
|
nameOverride: ""
|
||||||
|
|
||||||
|
replicaCount: 1
|
||||||
|
|
||||||
|
podSpec:
|
||||||
|
hostIPC: false
|
||||||
|
hostNetwork: false
|
||||||
|
hostPID: false
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1001
|
||||||
|
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
privileged: false
|
||||||
|
readOnlyRootFilesystem: false
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1001
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
22
index.yaml
22
index.yaml
|
@ -1091,6 +1091,28 @@ entries:
|
||||||
- assets/instana-agent/instana-agent-1.0.2900.tgz
|
- assets/instana-agent/instana-agent-1.0.2900.tgz
|
||||||
version: 1.0.2900
|
version: 1.0.2900
|
||||||
k8s-triliovault-operator:
|
k8s-triliovault-operator:
|
||||||
|
- annotations:
|
||||||
|
catalog.cattle.io/certified: partner
|
||||||
|
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
||||||
|
catalog.cattle.io/release-name: k8s-triliovault-operator
|
||||||
|
apiVersion: v1
|
||||||
|
appVersion: 2.5.0
|
||||||
|
created: "2021-09-15T08:15:09.940974092Z"
|
||||||
|
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
|
||||||
|
Application Lifecycle.
|
||||||
|
digest: 20afaadae4dae6a17bb983d07745201a0bbbb5273d33f80c8de0ae4f418f9e85
|
||||||
|
home: https://github.com/trilioData/k8s-triliovault-operator
|
||||||
|
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
|
||||||
|
kubeVersion: '>= 1.18'
|
||||||
|
maintainers:
|
||||||
|
- email: prafull.ladha@trilio.io
|
||||||
|
name: prafull11
|
||||||
|
name: k8s-triliovault-operator
|
||||||
|
sources:
|
||||||
|
- https://github.com/trilioData/k8s-triliovault-operator
|
||||||
|
urls:
|
||||||
|
- assets/k8s-triliovault-operator/k8s-triliovault-operator-2.5.0.tgz
|
||||||
|
version: 2.5.0
|
||||||
- annotations:
|
- annotations:
|
||||||
catalog.cattle.io/certified: partner
|
catalog.cattle.io/certified: partner
|
||||||
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
|
||||||
|
|
Loading…
Reference in New Issue