andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

codefresh/cf-runtime:
    - 6.4.1
  dell/csi-powerstore:
    - 2.11.1
  dell/csi-unity:
    - 2.11.1
  external-secrets/external-secrets:
    - 0.10.4
  speedscale/speedscale-operator:
    - 2.2.467
pull/1065/head
github-actions[bot] 2024-09-26 00:57:05 +00:00
parent 00e7ea6a8d
commit 503dc78bff
167 changed files with 27059 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/codefresh/cf-runtime-6.4.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-powerstore-2.11.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/dell/csi-unity-2.11.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/external-secrets/external-secrets-0.10.4.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.2.467.tgz Normal file
View File

Binary file not shown.

3
charts/codefresh/cf-runtime/6.4.1/.helmignore Normal file
View File

@ -0,0 +1,3 @@
tests/
.ci/
test-values/

28
charts/codefresh/cf-runtime/6.4.1/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
artifacthub.io/changes: |
- kind: security
description: "updating k8s-agent"
artifacthub.io/containsSecurityUpdates: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: cf-runtime
apiVersion: v2
dependencies:
- name: cf-common
repository: file://./charts/cf-common
version: 0.16.0
description: A Helm chart for Codefresh Runner
home: https://codefresh.io/
icon: file://assets/icons/cf-runtime.png
keywords:
- codefresh
- runner
kubeVersion: '>=1.18-0'
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
sources:
- https://github.com/codefresh-io/venona
version: 6.4.1

1230
charts/codefresh/cf-runtime/6.4.1/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

1007
charts/codefresh/cf-runtime/6.4.1/README.md.gotmpl Normal file
View File

File diff suppressed because it is too large Load Diff

37
charts/codefresh/cf-runtime/6.4.1/files/cleanup-runtime.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "AGENT: ${AGENT}"
echo "AGENT_SECRET_NAME: ${AGENT_SECRET_NAME}"
echo "DIND_SECRET_NAME: ${DIND_SECRET_NAME}"
echo "-----"
auth() {
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
}
remove_runtime() {
if [ "$AGENT" == "true" ]; then
codefresh delete re ${RUNTIME_NAME} || true
else
codefresh delete sys-re ${RUNTIME_NAME} || true
fi
}
remove_agent() {
codefresh delete agent ${AGENT_NAME} || true
}
remove_secrets() {
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
kubectl delete secret $AGENT_SECRET_NAME || true
kubectl delete secret $DIND_SECRET_NAME || true
}
auth
remove_runtime
remove_agent
remove_secrets

132
charts/codefresh/cf-runtime/6.4.1/files/configure-dind-certs.sh Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env bash
#
#---
fatal() {
echo "ERROR: $1"
exit 1
}
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
exit_trap () {
local lc="$BASH_COMMAND" rc=$?
if [ $rc != 0 ]; then
if [[ -n "$SLEEP_ON_ERROR" ]]; then
echo -e "\nSLEEP_ON_ERROR is set - Sleeping to fix error"
sleep $SLEEP_ON_ERROR
fi
fi
}
trap exit_trap EXIT
usage() {
echo "Usage:
$0 [-n | --namespace] [--server-cert-cn] [--server-cert-extra-sans] codefresh-api-host codefresh-api-token
Example:
$0 -n workflow https://g.codefresh.io 21341234.423141234.412431234
"
}
# Args
while [[ $1 =~ ^(-(n|h)|--(namespace|server-cert-cn|server-cert-extra-sans|help)) ]]
do
key=$1
value=$2
case $key in
-h|--help)
usage
exit
;;
-n|--namespace)
NAMESPACE="$value"
shift
;;
--server-cert-cn)
SERVER_CERT_CN="$value"
shift
;;
--server-cert-extra-sans)
SERVER_CERT_EXTRA_SANS="$value"
shift
;;
esac
shift # past argument or value
done
API_HOST=${1:-"$CF_API_HOST"}
API_TOKEN=${2:-"$CF_API_TOKEN"}
[[ -z "$API_HOST" ]] && usage && fatal "Missing API_HOST"
[[ -z "$API_TOKEN" ]] && usage && fatal "Missing token"
API_SIGN_PATH=${API_SIGN_PATH:-"api/custom_clusters/signServerCerts"}
NAMESPACE=${NAMESPACE:-default}
RELEASE=${RELEASE:-cf-runtime}
DIR=$(dirname $0)
TMPDIR=/tmp/codefresh/
TMP_CERTS_FILE_ZIP=$TMPDIR/cf-certs.zip
TMP_CERTS_HEADERS_FILE=$TMPDIR/cf-certs-response-headers.txt
CERTS_DIR=$TMPDIR/ssl
SRV_TLS_CA_CERT=${CERTS_DIR}/ca.pem
SRV_TLS_KEY=${CERTS_DIR}/server-key.pem
SRV_TLS_CSR=${CERTS_DIR}/server-cert.csr
SRV_TLS_CERT=${CERTS_DIR}/server-cert.pem
CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
mkdir -p $TMPDIR $CERTS_DIR
K8S_CERT_SECRET_NAME=codefresh-certs-server
echo -e "\n------------------\nGenerating server tls certificates ... "
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
###
openssl genrsa -out $SRV_TLS_KEY 4096 || fatal "Failed to generate openssl key "
openssl req -subj "/CN=${SERVER_CERT_CN}" -new -key $SRV_TLS_KEY -out $SRV_TLS_CSR || fatal "Failed to generate openssl csr "
GENERATE_CERTS=true
CSR=$(sed ':a;N;$!ba;s/\n/\\n/g' ${SRV_TLS_CSR})
SERVER_CERT_SANS="IP:127.0.0.1,DNS:dind,DNS:*.dind.${NAMESPACE},DNS:*.dind.${NAMESPACE}.svc${KUBE_DOMAIN},DNS:*.cf-cd.com,DNS:*.codefresh.io"
if [[ -n "${SERVER_CERT_EXTRA_SANS}" ]]; then
SERVER_CERT_SANS=${SERVER_CERT_SANS},${SERVER_CERT_EXTRA_SANS}
fi
echo "{\"reqSubjectAltName\": \"${SERVER_CERT_SANS}\", \"csr\": \"${CSR}\" }" > ${TMPDIR}/sign_req.json
rm -fv ${TMP_CERTS_HEADERS_FILE} ${TMP_CERTS_FILE_ZIP}
SIGN_STATUS=$(curl -k -sSL -d @${TMPDIR}/sign_req.json -H "Content-Type: application/json" -H "Authorization: ${API_TOKEN}" -H "Expect: " \
-o ${TMP_CERTS_FILE_ZIP} -D ${TMP_CERTS_HEADERS_FILE} -w '%{http_code}' ${API_HOST}/${API_SIGN_PATH} )
echo "Sign request completed with HTTP_STATUS_CODE=$SIGN_STATUS"
if [[ $SIGN_STATUS != 200 ]]; then
echo "ERROR: Cannot sign certificates"
if [[ -f ${TMP_CERTS_FILE_ZIP} ]]; then
mv ${TMP_CERTS_FILE_ZIP} ${TMP_CERTS_FILE_ZIP}.error
cat ${TMP_CERTS_FILE_ZIP}.error
fi
exit 1
fi
unzip -o -d ${CERTS_DIR}/ ${TMP_CERTS_FILE_ZIP} || fatal "Failed to unzip certificates to ${CERTS_DIR} "
cp -v ${CF_SRV_TLS_CA_CERT} $SRV_TLS_CA_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains ca.pem"
cp -v ${CF_SRV_TLS_CERT} $SRV_TLS_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains cf-server-cert.pem"
echo -e "\n------------------\nCreating certificate secret "
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
--from-file=$SRV_TLS_CA_CERT \
--from-file=$SRV_TLS_KEY \
--from-file=$SRV_TLS_CERT \
--dry-run=client -o yaml | kubectl apply --overwrite -f -
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'

80
charts/codefresh/cf-runtime/6.4.1/files/init-runtime.sh Normal file
View File

@ -0,0 +1,80 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "SECRET_NAME: ${SECRET_NAME}"
echo "-----"
create_agent_secret() {
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: ${SECRET_NAME}
namespace: ${KUBE_NAMESPACE}
labels:
codefresh.io/internal: "true"
finalizers:
- kubernetes
ownerReferences:
- apiVersion: apps/v1
kind: Deploy
name: ${OWNER_NAME}
uid: ${OWNER_UID}
stringData:
agent-codefresh-token: ${1}
EOF
}
OWNER_UID=$(kubectl get deploy ${OWNER_NAME} --namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.uid}')
echo "got owner uid: ${OWNER_UID}"
if [ ! -z "${AGENT_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "runtime and agent are already initialized"
echo "-----"
exit 0
fi
if [ ! -z "${EXISTING_AGENT_CODEFRESH_TOKEN}" ]; then
echo "using existing agentToken value"
create_agent_secret $EXISTING_AGENT_CODEFRESH_TOKEN
exit 0
fi
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
echo "-----"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
# AGENT_TOKEN might be empty, in which case it will be returned by the call
RES=$(codefresh install agent \
--name ${AGENT_NAME} \
--kube-context-name ${KUBE_CONTEXT} \
--kube-namespace ${KUBE_NAMESPACE} \
--agent-kube-namespace ${KUBE_NAMESPACE} \
--install-runtime \
--runtime-name ${RUNTIME_NAME} \
--skip-cluster-creation \
--platform-only)
AGENT_CODEFRESH_TOKEN=$(echo "${RES}" | tail -n 1)
echo "generated agent + runtime in platform"
create_agent_secret $AGENT_CODEFRESH_TOKEN
echo "-----"
echo "done initializing runtime and agent"
echo "-----"

38
charts/codefresh/cf-runtime/6.4.1/files/reconcile-runtime.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "CONFIGMAP_NAME: ${CONFIGMAP_NAME}"
echo "RECONCILE_INTERVAL: ${RECONCILE_INTERVAL}"
echo "-----"
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
err "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
while true; do
msg "Reconciling ${RUNTIME_NAME} runtime"
sleep $RECONCILE_INTERVAL
codefresh get re \
--name ${RUNTIME_NAME} \
-o yaml \
| yq 'del(.version, .metadata.changedBy, .metadata.creationTime)' > /tmp/runtime.yaml
kubectl get cm ${CONFIGMAP_NAME} -n ${KUBE_NAMESPACE} -o yaml \
| yq 'del(.metadata.resourceVersion, .metadata.uid)' \
| yq eval '.data["runtime.yaml"] = load_str("/tmp/runtime.yaml")' \
| kubectl apply -f -
done

70
charts/codefresh/cf-runtime/6.4.1/templates/_components/app-proxy/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "app-proxy.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "app-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "app-proxy.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "app-proxy.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: app-proxy
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "app-proxy.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 3000
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

19
charts/codefresh/cf-runtime/6.4.1/templates/_components/app-proxy/_env-vars.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "app-proxy.environment-variables.defaults" }}
PORT: 3000
{{- end }}
{{- define "app-proxy.environment-variables.calculated" }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- with .Values.ingress.pathPrefix }}
API_PATH_PREFIX: {{ . | quote }}
{{- end }}
{{- end }}
{{- define "app-proxy.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "app-proxy.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "app-proxy.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.4.1/templates/_components/app-proxy/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "app-proxy.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app-proxy.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "app-proxy.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Selector labels
*/}}
{{- define "app-proxy.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "app-proxy.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "app-proxy.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

32
charts/codefresh/cf-runtime/6.4.1/templates/_components/app-proxy/_ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- define "app-proxy.resources.ingress" -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "app-proxy.fullname" . }}
labels: {{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.class (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.class }}
{{- end }}
{{- if .Values.ingress.tlsSecret }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.tlsSecret }}
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.pathPrefix | default "/" }}
pathType: ImplementationSpecific
backend:
service:
name: {{ include "app-proxy.fullname" . }}
port:
number: 80
{{- end -}}

47
charts/codefresh/cf-runtime/6.4.1/templates/_components/app-proxy/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "app-proxy.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app-proxy.serviceAccountName" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "app-proxy.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "app-proxy.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.1/templates/_components/app-proxy/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "app-proxy.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
selector:
{{- include "app-proxy.selectorLabels" . | nindent 4 }}
{{- end -}}

62
charts/codefresh/cf-runtime/6.4.1/templates/_components/event-exporter/_deployment.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- define "event-exporter.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "event-exporter.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "event-exporter.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: event-exporter
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
args: [--running-in-cluster=true]
env:
{{- include "event-exporter.environment-variables" . | nindent 8 }}
ports:
- name: metrics
containerPort: 9102
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.4.1/templates/_components/event-exporter/_env-vars.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.environment-variables.defaults" }}
{{- end }}
{{- define "event-exporter.environment-variables.calculated" }}
{{- end }}
{{- define "event-exporter.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "event-exporter.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "event-exporter.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.4.1/templates/_components/event-exporter/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "event-exporter.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "event-exporter.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "event-exporter.labels" -}}
{{ include "cf-runtime.labels" . }}
app: event-exporter
{{- end }}
{{/*
Selector labels
*/}}
{{- define "event-exporter.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
app: event-exporter
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "event-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "event-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
charts/codefresh/cf-runtime/6.4.1/templates/_components/event-exporter/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "event-exporter.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "event-exporter.serviceAccountName" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: [events]
verbs: [get, list, watch]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "event-exporter.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "event-exporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.1/templates/_components/event-exporter/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "event-exporter.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: metrics
port: 9102
targetPort: metrics
protocol: TCP
selector:
{{- include "event-exporter.selectorLabels" . | nindent 4 }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.4.1/templates/_components/event-exporter/_serviceMontor.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.resources.serviceMonitor" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
{{- end -}}

70
charts/codefresh/cf-runtime/6.4.1/templates/_components/monitor/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "monitor.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "monitor.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "monitor.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 9020
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /api/ping
port: 9020
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

26
charts/codefresh/cf-runtime/6.4.1/templates/_components/monitor/_env-vars.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- define "monitor.environment-variables.defaults" }}
SERVICE_NAME: {{ include "monitor.fullname" . }}
PORT: 9020
HELM3: true
NODE_OPTIONS: "--max_old_space_size=4096"
{{- end }}
{{- define "monitor.environment-variables.calculated" }}
API_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
CLUSTER_ID: {{ include "runtime.runtime-environment-spec.context-name" . }}
API_URL: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}/api/k8s-monitor/events
ACCOUNT_ID: {{ .Values.global.accountId }}
NAMESPACE: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
ROLE_BINDING: true
{{- end }}
{{- end }}
{{- define "monitor.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "monitor.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "monitor.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

42
charts/codefresh/cf-runtime/6.4.1/templates/_components/monitor/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "monitor.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Selector labels
*/}}
{{- define "monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "monitor.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "monitor.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

56
charts/codefresh/cf-runtime/6.4.1/templates/_components/monitor/_rbac.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- define "monitor.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "monitor.serviceAccountName" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "monitor.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
name: {{ include "monitor.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.1/templates/_components/monitor/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "monitor.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9020
selector:
{{- include "monitor.selectorLabels" . | nindent 4 }}
{{- end -}}

103
charts/codefresh/cf-runtime/6.4.1/templates/_components/runner/_deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- define "runner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "runner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "runner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "runner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
- name: init
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.init.image "context" .) }}
imagePullPolicy: {{ .Values.init.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/init-runtime.sh" | nindent 10 }}
env:
{{- include "runner-init.environment-variables" . | nindent 8 }}
{{- with .Values.init.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
containers:
- name: runner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
env:
{{- include "runner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.sidecar.enabled }}
- name: reconcile-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.sidecar.image "context" .) }}
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/reconcile-runtime.sh" | nindent 10 }}
env:
{{- include "runner-sidecar.environment-variables" . | nindent 8 }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

42
charts/codefresh/cf-runtime/6.4.1/templates/_components/runner/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "runner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "runner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

53
charts/codefresh/cf-runtime/6.4.1/templates/_components/runner/_rbac.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- define "runner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runner.serviceAccountName" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "pods", "persistentvolumeclaims" ]
verbs: [ "get", "create", "delete", patch ]
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets" ]
verbs: [ "get", "create", "update", patch ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "runner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "runner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

30
charts/codefresh/cf-runtime/6.4.1/templates/_components/runner/environment-variables/_init-container.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- define "runner-init.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-init.environment-variables.calculated" }}
AGENT_NAME: {{ include "runtime.runtime-environment-spec.agent-name" . }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
AGENT_CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
optional: true
EXISTING_AGENT_CODEFRESH_TOKEN: {{ include "runtime.agent-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
SECRET_NAME: {{ include "runner.fullname" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
{{- end }}
{{- define "runner-init.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-init.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-init.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

28
charts/codefresh/cf-runtime/6.4.1/templates/_components/runner/environment-variables/_main-container.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- define "runner.environment-variables.defaults" }}
AGENT_MODE: InCluster
SELF_DEPLOYMENT_NAME:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- end }}
{{- define "runner.environment-variables.calculated" }}
AGENT_ID: {{ include "runtime.runtime-environment-spec.agent-name" . }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
CODEFRESH_IN_CLUSTER_RUNTIME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
{{- end }}
{{- define "runner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

22
charts/codefresh/cf-runtime/6.4.1/templates/_components/runner/environment-variables/_sidecar-container.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "runner-sidecar.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-sidecar.environment-variables.calculated" }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CONFIGMAP_NAME: {{ printf "%s-%s" (include "runtime.fullname" .) "spec" }}
{{- end }}
{{- define "runner-sidecar.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-sidecar.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-sidecar.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.sidecar.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

58
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_cronjob.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- define "dind-volume-provisioner.resources.cronjob" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- if not (eq .Values.storage.backend "local") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "dind-volume-cleanup.fullname" . }}
labels:
{{- include "dind-volume-cleanup.labels" . | nindent 4 }}
spec:
concurrencyPolicy: {{ .Values.concurrencyPolicy }}
schedule: {{ .Values.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.successfulJobsHistory }}
failedJobsHistoryLimit: {{ .Values.failedJobsHistory }}
{{- with .Values.suspend }}
suspend: {{ . }}
{{- end }}
jobTemplate:
spec:
template:
metadata:
labels:
{{- include "dind-volume-cleanup.selectorLabels" . | nindent 12 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 10 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
restartPolicy: {{ .Values.restartPolicy | default "Never" }}
containers:
- name: dind-volume-cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 12 }}
- name: PROVISIONED_BY
value: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
resources:
{{- toYaml .Values.resources | nindent 14 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end -}}

98
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_daemonset.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- define "dind-volume-provisioner.resources.daemonset" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $localVolumeParentDir := .Values.storage.local.volumeParentDir }}
{{- if eq .Values.storage.backend "local" }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "dind-lv-monitor.fullname" . }}
labels:
{{- include "dind-lv-monitor.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.volumePermissions.image "context" .) }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $localVolumeParentDir }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
name: dind-volume-dir
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 10 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.volumePermissions.resources | nindent 10 }}
{{- end }}
containers:
- name: dind-lv-monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- /home/dind-volume-utils/bin/local-volumes-agent
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 10 }}
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VOLUME_PARENT_DIR
value: {{ $localVolumeParentDir }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
readOnly: false
name: dind-volume-dir
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- name: dind-volume-dir
hostPath:
path: {{ $localVolumeParentDir }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end -}}

67
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_deployment.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- define "dind-volume-provisioner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: dind-volume-provisioner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
command:
- /usr/local/bin/dind-volume-provisioner
- -v=4
- --resync-period=50s
env:
{{- include "dind-volume-provisioner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- include "dind-volume-provisioner.volumeMounts.calculated" . | nindent 8 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- include "dind-volume-provisioner.volumes.calculated" . | nindent 6 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

88
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_env-vars.yaml Normal file
View File

@ -0,0 +1,88 @@
{{- define "dind-volume-provisioner.environment-variables.defaults" }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables.calculated" }}
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
PROVISIONER_NAME: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.accessKeyIdSecretKeyRef }}
AWS_ACCESS_KEY_ID:
{{- if .Values.storage.ebs.accessKeyId }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_access_key_id
{{- else if .Values.storage.ebs.accessKeyIdSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.accessKeyIdSecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.ebs.secretAccessKey .Values.storage.ebs.secretAccessKeySecretKeyRef }}
AWS_SECRET_ACCESS_KEY:
{{- if .Values.storage.ebs.secretAccessKey }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_secret_access_key
{{- else if .Values.storage.ebs.secretAccessKeySecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.secretAccessKeySecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }}
{{- end }}
{{- if and .Values.storage.mountAzureJson }}
AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json
CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "dind-volume-provisioner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "dind-volume-provisioner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}
{{- define "dind-volume-provisioner.volumes.calculated" }}
{{- if .Values.storage.gcedisk.serviceAccountJson }}
- name: credentials
secret:
secretName: {{ include "dind-volume-provisioner.fullname" . }}
optional: true
{{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
secret:
secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }}
optional: true
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.volumeMounts.calculated" }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
readOnly: true
mountPath: "/etc/dind-volume-provisioner/credentials"
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
readOnly: true
mountPath: "/etc/kubernetes/azure.json"
{{- end }}
{{- end }}

93
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_helpers.tpl Normal file
View File

@ -0,0 +1,93 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dind-volume-provisioner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dind-volume-provisioner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "dind-volume-cleanup.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-cleanup" | trunc 52 | trimSuffix "-" }}
{{- end }}
{{- define "dind-lv-monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Provisioner name for storage class
*/}}
{{- define "dind-volume-provisioner.volumeProvisionerName" }}
{{- printf "codefresh.io/dind-volume-provisioner-runner-%s" .Release.Namespace }}
{{- end }}
{{/*
Common labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Selector labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Common labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Selector labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dind-volume-provisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dind-volume-provisioner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.storageClassName" }}
{{- printf "dind-local-volumes-runner-%s" .Release.Namespace }}
{{- end }}

71
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_rbac.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- define "dind-volume-provisioner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get", "list" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "create", "update" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "dind-volume-provisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

22
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_secret.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "dind-volume-provisioner.resources.secret" -}}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.secretAccessKey .Values.storage.gcedisk.serviceAccountJson }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
stringData:
{{- with .Values.storage.gcedisk.serviceAccountJson }}
google-service-account.json: |
{{- . | nindent 4 }}
{{- end }}
{{- with .Values.storage.ebs.accessKeyId }}
aws_access_key_id: {{ . }}
{{- end }}
{{- with .Values.storage.ebs.secretAccessKey }}
aws_secret_access_key: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

47
charts/codefresh/cf-runtime/6.4.1/templates/_components/volume-provisioner/_storageclass.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "dind-volume-provisioner.resources.storageclass" -}}
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
{{/* has to be exactly that */}}
name: {{ include "dind-volume-provisioner.storageClassName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
provisioner: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}
volumeBackend: local
volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
{{- else if eq .Values.storage.backend "gcedisk" }}
volumeBackend: {{ .Values.storage.backend }}
type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
zone: {{ required ".Values.storage.gcedisk.availabilityZone is required" .Values.storage.gcedisk.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
{{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
volumeBackend: {{ .Values.storage.backend }}
VolumeType: {{ .Values.storage.ebs.volumeType | default "gp3" }}
AvailabilityZone: {{ required ".Values.storage.ebs.availabilityZone is required" .Values.storage.ebs.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
encrypted: {{ .Values.storage.ebs.encrypted | default "false" | quote }}
{{- with .Values.storage.ebs.kmsKeyId }}
kmsKeyId: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.iops }}
iops: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.throughput }}
throughput: {{ . | quote }}
{{- end }}
{{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
volumeBackend: {{ .Values.storage.backend }}
kind: managed
skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
{{- with .Values.storage.azuredisk.availabilityZone }}
availabilityZone: {{ . | quote }}
{{- end }}
{{- with .Values.storage.azuredisk.resourceGroup }}
resourceGroup: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/codefresh/cf-runtime/6.4.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cf-runtime.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cf-runtime.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cf-runtime.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cf-runtime.labels" -}}
helm.sh/chart: {{ include "cf-runtime.chart" . }}
{{ include "cf-runtime.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cf-runtime.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/app-proxy/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.deployment" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/app-proxy/ingress.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.ingress" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/app-proxy/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.rbac" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/app-proxy/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.service" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/event-exporter/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.deployment" $eventExporterContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/event-exporter/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.rbac" $eventExporterContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.1/templates/event-exporter/service.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.service" $eventExporterContext }}
---
{{- include "event-exporter.resources.serviceMonitor" $eventExporterContext }}
{{- end }}

6
charts/codefresh/cf-runtime/6.4.1/templates/extra/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- range .Values.extraResources }}
---
{{ include (printf "%s.tplrender" $cfCommonTplSemver) (dict "Values" . "context" $) }}
{{- end }}

19
charts/codefresh/cf-runtime/6.4.1/templates/extra/runtime-images-cm.yaml Normal file
View File

@ -0,0 +1,19 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.engine.runtimeImages }}
---
kind: ConfigMap
apiVersion: v1
metadata:
{{- /* dummy template just to list runtime images */}}
name: {{ include "runtime.fullname" . }}-images
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
images: |
{{- range $key, $val := $values }}
image: {{ $val }}
{{- end }}

18
charts/codefresh/cf-runtime/6.4.1/templates/hooks/post-install/cm-update-runtime.yaml Normal file
View File

@ -0,0 +1,18 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "runtime.fullname" . }}-spec
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
runtime.yaml: |
{{ include "runtime.runtime-environment-spec.template" . | nindent 4 | trim }}
{{- end }}

68
charts/codefresh/cf-runtime/6.4.1/templates/hooks/post-install/job-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,68 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "3"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-gencerts-dind
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: gencerts-dind
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/configure-dind-certs.sh" | nindent 10 }}
env:
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: RELEASE
value: {{ .Release.Name }}
- name: CF_API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: CF_API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

77
charts/codefresh/cf-runtime/6.4.1/templates/hooks/post-install/job-update-runtime.yaml Normal file
View File

@ -0,0 +1,77 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "5"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: patch-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- |
codefresh auth create-context --api-key $API_KEY --url $API_HOST
cat /usr/share/extras/runtime.yaml
codefresh get re
{{- if .Values.runtime.agent }}
codefresh patch re -f /usr/share/extras/runtime.yaml
{{- else }}
codefresh patch sys-re -f /usr/share/extras/runtime.yaml
{{- end }}
env:
- name: API_KEY
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
volumeMounts:
- name: config
mountPath: /usr/share/extras/runtime.yaml
subPath: runtime.yaml
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
volumes:
- name: config
configMap:
name: {{ include "runtime.fullname" . }}-spec
{{- end }}

37
charts/codefresh/cf-runtime/6.4.1/templates/hooks/post-install/rbac-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,37 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-gencerts-dind
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
{{ end }}

73
charts/codefresh/cf-runtime/6.4.1/templates/hooks/pre-delete/job-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,73 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-cleanup
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/cleanup-runtime.sh" | nindent 10 }}
env:
- name: AGENT_NAME
value: {{ include "runtime.runtime-environment-spec.agent-name" . }}
- name: RUNTIME_NAME
value: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: AGENT
value: {{ .Values.runtime.agent | quote }}
- name: AGENT_SECRET_NAME
value: {{ include "runner.fullname" . }}
- name: DIND_SECRET_NAME
value: codefresh-certs-server
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

46
charts/codefresh/cf-runtime/6.4.1/templates/hooks/pre-delete/rbac-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,46 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-cleanup
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
{{ end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/monitor/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.deployment" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/monitor/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.rbac" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/monitor/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.service" $monitorContext }}
{{- end }}

2
charts/codefresh/cf-runtime/6.4.1/templates/other/external-secrets.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.external-secrets" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.4.1/templates/other/podMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.podMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.4.1/templates/other/serviceMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.serviceMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

9
charts/codefresh/cf-runtime/6.4.1/templates/runner/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.deployment" $runnerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/runner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.rbac" $runnerContext }}
{{- end }}

123
charts/codefresh/cf-runtime/6.4.1/templates/runtime/_helpers.tpl Normal file
View File

@ -0,0 +1,123 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runtime.name" -}}
{{- printf "%s" (include "cf-runtime.name" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runtime.fullname" -}}
{{- printf "%s" (include "cf-runtime.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runtime.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runtime.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Return runtime image (classic runtime) with private registry prefix
*/}}
{{- define "runtime.runtimeImageName" -}}
{{- if .registry -}}
{{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
{{- printf "%s/%s" .registry $imageName -}}
{{- else -}}
{{- printf "%s" .imageFullName -}}
{{- end -}}
{{- end -}}
{{/*
Environment variable value of Codefresh installation token
*/}}
{{- define "runtime.installation-token-env-var-value" -}}
{{- if .Values.global.codefreshToken }}
valueFrom:
secretKeyRef:
name: {{ include "runtime.installation-token-secret-name" . }}
key: codefresh-api-token
{{- else if .Values.global.codefreshTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Environment variable value of Codefresh agent token
*/}}
{{- define "runtime.agent-token-env-var-value" -}}
{{- if .Values.global.agentToken }}
{{- printf "%s" .Values.global.agentToken | toYaml }}
{{- else if .Values.global.agentTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.agentTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Print Codefresh API token secret name
*/}}
{{- define "runtime.installation-token-secret-name" }}
{{- print "codefresh-user-token" }}
{{- end }}
{{/*
Print Codefresh host
*/}}
{{- define "runtime.runtime-environment-spec.codefresh-host" }}
{{- if and (not .Values.global.codefreshHost) }}
{{- fail "ERROR: .global.codefreshHost is required" }}
{{- else }}
{{- printf "%s" (trimSuffix "/" .Values.global.codefreshHost) }}
{{- end }}
{{- end }}
{{/*
Print runtime-environment name
*/}}
{{- define "runtime.runtime-environment-spec.runtime-name" }}
{{- if and (not .Values.global.runtimeName) }}
{{- printf "%s/%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.runtimeName }}
{{- end }}
{{- end }}
{{/*
Print agent name
*/}}
{{- define "runtime.runtime-environment-spec.agent-name" }}
{{- if and (not .Values.global.agentName) }}
{{- printf "%s_%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.agentName }}
{{- end }}
{{- end }}
{{/*
Print context
*/}}
{{- define "runtime.runtime-environment-spec.context-name" }}
{{- if and (not .Values.global.context) }}
{{- fail "ERROR: .global.context is required" }}
{{- else }}
{{- printf "%s" .Values.global.context }}
{{- end }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.1/templates/runtime/cm-dind-daemon.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- /* has to be a constant */}}
name: codefresh-dind-config
labels:
{{- include "runtime.labels" . | nindent 4 }}
data:
daemon.json: |
{{ coalesce .Values.re.dindDaemon .Values.runtime.dindDaemon | toPrettyJson | indent 4 }}

48
charts/codefresh/cf-runtime/6.4.1/templates/runtime/rbac.yaml Normal file
View File

@ -0,0 +1,48 @@
{{ $values := .Values.runtime }}
---
{{- if or $values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- /* has to be a constant */}}
name: codefresh-engine
labels:
{{- include "runtime.labels" . | nindent 4 }}
{{- with $values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if $values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with $values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and $values.serviceAccount.create $values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: codefresh-engine
roleRef:
kind: Role
name: codefresh-engine
apiGroup: rbac.authorization.k8s.io
{{- end }}

214
charts/codefresh/cf-runtime/6.4.1/templates/runtime/runtime-env-spec-tmpl.yaml Normal file
View File

@ -0,0 +1,214 @@
{{- define "runtime.runtime-environment-spec.template" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version -}}
{{- $kubeconfigFilePath := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $name := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $engineContext := .Values.runtime.engine -}}
{{- $dindContext := .Values.runtime.dind -}}
{{- $imageRegistry := .Values.global.imageRegistry -}}
metadata:
name: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
agent: {{ .Values.runtime.agent }}
runtimeScheduler:
type: KubernetesPod
{{- if $engineContext.image }}
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $engineContext.image.pullPolicy }}
{{- with $engineContext.command }}
command: {{- toYaml . | nindent 4 }}
{{- end }}
envVars:
{{- with $engineContext.env }}
{{- range $key, $val := . }}
{{- if or (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }}
{{ $key }}: {{ $val | squote }}
{{- else }}
{{ $key }}: {{ $val }}
{{- end }}
{{- end }}
{{- end }}
COMPOSE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COMPOSE_IMAGE) | squote }}
CONTAINER_LOGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CONTAINER_LOGGER_IMAGE) | squote }}
DOCKER_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_BUILDER_IMAGE) | squote }}
DOCKER_PULLER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PULLER_IMAGE) | squote }}
DOCKER_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PUSHER_IMAGE) | squote }}
DOCKER_TAG_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) | squote }}
FS_OPS_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.FS_OPS_IMAGE) | squote }}
GIT_CLONE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GIT_CLONE_IMAGE) | squote }}
KUBE_DEPLOY: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.KUBE_DEPLOY) | squote }}
PIPELINE_DEBUGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.PIPELINE_DEBUGGER_IMAGE) | squote }}
TEMPLATE_ENGINE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.TEMPLATE_ENGINE) | squote }}
CR_6177_FIXER: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CR_6177_FIXER) | squote }}
GC_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GC_BUILDER_IMAGE) | squote }}
COSIGN_IMAGE_SIGNER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COSIGN_IMAGE_SIGNER_IMAGE) | squote }}
{{- with $engineContext.userEnvVars }}
userEnvVars: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.workflowLimits }}
workflowLimits: {{- toYaml . | nindent 4 }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $engineContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $engineContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $engineContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $engineContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $engineContext.schedulerName }}
schedulerName: {{ $engineContext.schedulerName }}
{{- end }}
resources:
{{- if $engineContext.resources}}
{{- toYaml $engineContext.resources | nindent 4 }}
{{- end }}
{{- with $engineContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
dockerDaemonScheduler:
type: DindKubernetesPod
{{- if $dindContext.image }}
dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $dindContext.image.pullPolicy }}
{{- with $dindContext.userAccess }}
userAccess: {{ . }}
{{- end }}
{{- with $dindContext.env }}
envVars:
{{- range $key, $val := . }}
{{- if or (kindIs "bool" $val) (kindIs "int" $val) (kindIs "float64" $val) }}
{{ $key }}: {{ $val | squote }}
{{- else }}
{{ $key }}: {{ $val }}
{{- end }}
{{- end }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $dindContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $dindContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $dindContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $dindContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.schedulerName }}
schedulerName: {{ $dindContext.schedulerName }}
{{- end }}
{{- if $dindContext.pvcs }}
pvcs:
{{- range $index, $pvc := $dindContext.pvcs }}
- name: {{ $pvc.name }}
reuseVolumeSelector: {{ $pvc.reuseVolumeSelector | squote }}
reuseVolumeSortOrder: {{ $pvc.reuseVolumeSortOrder }}
storageClassName: {{ include (printf "%v.tplrender" $cfCommonTplSemver) (dict "Values" $pvc.storageClassName "context" $) }}
volumeSize: {{ $pvc.volumeSize }}
{{- with $pvc.annotations }}
annotations: {{ . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
defaultDindResources:
{{- with $dindContext.resources }}
{{- if not .requests }}
limits: {{- toYaml .limits | nindent 6 }}
requests: null
{{- else }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- with $dindContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with $dindContext.userVolumeMounts }}
userVolumeMounts: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.userVolumes }}
userVolumes: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .Values.runtime.agent) }}
clientCertPath: /etc/ssl/cf/
volumeMounts:
codefresh-certs-server:
name: codefresh-certs-server
mountPath: /etc/ssl/cf
readOnly: false
volumes:
codefresh-certs-server:
name: codefresh-certs-server
secret:
secretName: codefresh-certs-server
{{- end }}
extends: {{- toYaml .Values.runtime.runtimeExtends | nindent 2 }}
{{- if .Values.runtime.description }}
description: {{ .Values.runtime.description }}
{{- else }}
description: null
{{- end }}
{{- if .Values.global.accountId }}
accountId: {{ .Values.global.accountId }}
{{- end }}
{{- if not .Values.runtime.agent }}
accounts: {{- toYaml .Values.runtime.accounts | nindent 2 }}
{{- end }}
{{- if .Values.appProxy.enabled }}
appProxy:
externalIP: >-
{{ printf "https://%s%s" .Values.appProxy.ingress.host (.Values.appProxy.ingress.pathPrefix | default "/") }}
{{- end }}
{{- if not .Values.runtime.agent }}
systemHybrid: true
{{- end }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.1/templates/runtime/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.global.codefreshToken }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "runtime.installation-token-secret-name" . }}
labels:
{{- include "runtime.labels" . | nindent 4 }}
stringData:
codefresh-api-token: {{ .Values.global.codefreshToken }}
{{- end }}

16
charts/codefresh/cf-runtime/6.4.1/templates/runtime/svc-dind.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "runtime.labels" . | nindent 4 }}
app: dind
{{/* has to be a constant */}}
name: dind
spec:
ports:
- name: "dind-port"
port: 1300
protocol: TCP
clusterIP: None
selector:
app: dind

11
charts/codefresh/cf-runtime/6.4.1/templates/volume-provisioner/cronjob.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-volume-cleanup") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.cronjob" $volumeProvisionerContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.1/templates/volume-provisioner/daemonset.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-lv-monitor") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.daemonset" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.1/templates/volume-provisioner/deployment.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.1/templates/volume-provisioner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.rbac" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.1/templates/volume-provisioner/secret.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.secret" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.1/templates/volume-provisioner/storageclass.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.storageclass" $volumeProvisionerContext }}
{{- end }}

951
charts/codefresh/cf-runtime/6.4.1/values.yaml Normal file
View File

@ -0,0 +1,951 @@
# -- String to partially override cf-runtime.fullname template (will maintain the release name)
nameOverride: ""
# -- String to fully override cf-runtime.fullname template
fullnameOverride: ""
# -- Global parameters
# @default -- See below
global:
# -- Global Docker image registry
imageRegistry: ""
# -- Global Docker registry secret names as array
imagePullSecrets: []
# -- URL of Codefresh Platform (required!)
codefreshHost: "https://g.codefresh.io"
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
# Ref: https://g.codefresh.io/user/settings (see API Keys)
# Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write)
codefreshToken: ""
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
codefreshTokenSecretKeyRef: {}
# E.g.
# codefreshTokenSecretKeyRef:
# name: my-codefresh-api-token
# key: codefresh-api-token
# -- Account ID (required!)
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
accountId: ""
# -- K8s context name (required!)
context: ""
# E.g.
# context: prod-ue1-runtime-1
# -- Agent Name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}`
agentName: ""
# E.g.
# agentName: prod-ue1-runtime-1
# -- Runtime name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}`
runtimeName: ""
# E.g.
# runtimeName: prod-ue1-runtime-1/namespace
# -- DEPRECATED Agent token in plain text.
# !!! MUST BE provided if migrating from < 6.x chart version
agentToken: ""
# -- DEPRECATED Agent token that references an existing secret containing API key.
# !!! MUST BE provided if migrating from < 6.x chart version
agentTokenSecretKeyRef: {}
# E.g.
# agentTokenSecretKeyRef:
# name: my-codefresh-agent-secret
# key: codefresh-agent-token
# DEPRECATED -- Use `.Values.global.imageRegistry` instead
dockerRegistry: ""
# DEPRECATED -- Use `.Values.runtime` instead
re: {}
# -- Runner parameters
# @default -- See below
runner:
# -- Enable the runner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/venona
tag: 1.10.2
# -- Init container
init:
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
resources:
limits:
memory: 512Mi
cpu: '1'
requests:
memory: 256Mi
cpu: '0.2'
# -- Sidecar container
# Reconciles runtime spec from Codefresh API for drift detection
sidecar:
enabled: false
image:
registry: quay.io
repository: codefresh/codefresh-shell
tag: 0.0.2
env:
RECONCILE_INTERVAL: 300
resources: {}
# -- Add additional env vars
env: {}
# E.g.
# env:
# WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Volume Provisioner parameters
# @default -- See below
volumeProvisioner:
# -- Enable volume-provisioner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/dind-volume-provisioner
tag: 1.35.0
# -- Add additional env vars
env: {}
# E.g.
# env:
# THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 3000
runAsGroup: 3000
fsGroup: 3000
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- `dind-lv-monitor` DaemonSet parameters
# (local volumes cleaner)
# @default -- See below
dind-lv-monitor:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-utils
tag: 1.29.4
podAnnotations: {}
podSecurityContext:
enabled: true
runAsUser: 1000
fsGroup: 1000
containerSecurityContext: {}
env: {}
resources: {}
nodeSelector: {}
tolerations:
- key: 'codefresh/dind'
operator: 'Exists'
effect: 'NoSchedule'
volumePermissions:
enabled: true
image:
registry: docker.io
repository: alpine
tag: 3.18
resources: {}
securityContext:
runAsUser: 0 # auto
# `dind-volume-cleanup` CronJob parameters
# (external volumes cleaner)
# @default -- See below
dind-volume-cleanup:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-cleanup
tag: 1.2.0
env: {}
concurrencyPolicy: Forbid
schedule: "*/10 * * * *"
successfulJobsHistory: 3
failedJobsHistory: 1
suspend: false
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroup: 3000
runAsGroup: 3000
runAsUser: 3000
nodeSelector: {}
affinity: {}
tolerations: []
# Storage parameters for volume-provisioner
# @default -- See below
storage:
# -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`)
backend: local
# -- Set filesystem type (`ext4`/`xfs`)
fsType: "ext4"
# Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`)
# https://kubernetes.io/docs/concepts/storage/volumes/#local
# @default -- See below
local:
# -- Set volume path on the host filesystem
volumeParentDir: /var/lib/codefresh/dind-volumes
# Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`)
# https://aws.amazon.com/ebs/
# https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration
# @default -- See below
ebs:
# -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required)
volumeType: "gp2"
# -- Set EBS volumes availability zone (required)
availabilityZone: "us-east-1a"
# -- Enable encryption (optional)
encrypted: "false"
# -- Set KMS encryption key ID (optional)
kmsKeyId: ""
# -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
accessKeyId: ""
# -- Existing secret containing AWS_ACCESS_KEY_ID.
accessKeyIdSecretKeyRef: {}
# E.g.
# accessKeyIdSecretKeyRef:
# name:
# key:
# -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
secretAccessKey: ""
# -- Existing secret containing AWS_SECRET_ACCESS_KEY
secretAccessKeySecretKeyRef: {}
# E.g.
# secretAccessKeySecretKeyRef:
# name:
# key:
# E.g.
# ebs:
# volumeType: gp3
# availabilityZone: us-east-1c
# encrypted: false
# iops: "5000"
# # I/O operations per second. Only effetive when gp3 volume type is specified.
# # Default value - 3000.
# # Max - 16,000
# throughput: "500"
# # Throughput in MiB/s. Only effective when gp3 volume type is specified.
# # Default value - 125.
# # Max - 1000.
# ebs:
# volumeType: gp2
# availabilityZone: us-east-1c
# encrypted: true
# kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
# accessKeyId: "MYKEYID"
# secretAccessKey: "MYACCESSKEY"
# Storage parameters example for gce disks
# https://cloud.google.com/compute/docs/disks#pdspecs
# https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration
# @default -- See below
gcedisk:
# -- Set GCP volume backend type (`pd-ssd`/`pd-standard`)
volumeType: "pd-ssd"
# -- Set GCP volume availability zone
availabilityZone: "us-west1-a"
# -- Set Google SA JSON key for volume-provisioner (optional)
serviceAccountJson: ""
# -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional)
serviceAccountJsonSecretKeyRef: {}
# E.g.
# gcedisk:
# volumeType: pd-ssd
# availabilityZone: us-central1-c
# serviceAccountJson: |-
# {
# "type": "service_account",
# "project_id": "...",
# "private_key_id": "...",
# "private_key": "...",
# "client_email": "...",
# "client_id": "...",
# "auth_uri": "...",
# "token_uri": "...",
# "auth_provider_x509_cert_url": "...",
# "client_x509_cert_url": "..."
# }
# Storage parameters example for Azure Disks
# https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks
# @default -- See below
azuredisk:
# -- Set storage type (`Premium_LRS`)
skuName: Premium_LRS
cachingMode: None
# availabilityZone: northeurope-1
# resourceGroup:
# DiskIOPSReadWrite: 500
# DiskMBpsReadWrite: 100
mountAzureJson: false
# -- Set runtime parameters
# @default -- See below
runtime:
# -- Set annotation on engine Service Account
# Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
serviceAccount:
create: true
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- Set parent runtime to inherit.
# Should not be changes. Parent runtime is controlled from Codefresh side.
runtimeExtends:
- system/default/hybrid/k8s_low_limits
# -- Runtime description
description: ""
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the engine role
rules: []
# -- (for On-Premise only) Enable agent
agent: true
# -- (for On-Premise only) Set inCluster runtime
inCluster: true
# -- (for On-Premise only) Assign accounts to runtime (list of account ids)
accounts: []
# -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod).
dind:
# -- Set dind image.
image:
registry: quay.io
repository: codefresh/dind
tag: 26.1.4-1.28.7 # use `latest-rootless/rootless/26.1.4-1.28.7-rootless` tags for rootless-dind
pullPolicy: IfNotPresent
# -- Set dind resources.
resources:
requests: null
limits:
cpu: 400m
memory: 800Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 30
# -- PV claim spec parametes.
pvcs:
# -- Default dind PVC parameters
dind:
# -- PVC name prefix.
# Keep `dind` as default! Don't change!
name: dind
# -- PVC storage class name.
# Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner
storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}'
# -- PVC size.
volumeSize: 16Gi
# -- PV reuse selector.
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy
reuseVolumeSelector: codefresh-app,io.codefresh.accountName
reuseVolumeSortOrder: pipeline_id
# -- PV annotations.
annotations: {}
# E.g.:
# annotations:
# codefresh.io/volume-retention: 7d
# -- Set additional env vars.
env:
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Keep `true` as default!
userAccess: true
# -- Add extra volumes
userVolumes: {}
# E.g.:
# userVolumes:
# regctl-docker-registry:
# name: regctl-docker-registry
# secret:
# items:
# - key: .dockerconfigjson
# path: config.json
# secretName: regctl-docker-registry
# optional: true
# -- Add extra volume mounts
userVolumeMounts: {}
# E.g.:
# userVolumeMounts:
# regctl-docker-registry:
# name: regctl-docker-registry
# mountPath: /home/appuser/.docker/
# readOnly: true
# -- Parameters for Engine pod (aka "pipeline" orchestrator).
engine:
# -- Set image.
image:
registry: quay.io
repository: codefresh/engine
tag: 1.174.12
pullPolicy: IfNotPresent
# -- Set container command.
command:
- npm
- run
- start
# -- Set resources.
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 2048Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 180
# -- Set system(base) runtime images.
# @default -- See below.
runtimeImages:
COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0
CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.6
DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.13
DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.17
DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16
DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.14
FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3
GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.28
KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11
PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.0
TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1
CR_6177_FIXER: 'quay.io/codefresh/alpine:edge'
GC_BUILDER_IMAGE: 'quay.io/codefresh/cf-gc-builder:0.5.3'
COSIGN_IMAGE_SIGNER_IMAGE: 'quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2'
# -- Set additional env vars.
env:
# -- Interval to check the exec status in the container-logger
CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000
# -- Timeout while doing requests to the Docker daemon
DOCKER_REQUEST_TIMEOUT_MS: 30000
# -- If "true", composition images will be pulled sequentially
FORCE_COMPOSE_SERIAL_PULL: false
# -- Level of logging for engine
LOGGER_LEVEL: debug
# -- Enable debug-level logging of outgoing HTTP/HTTPS requests
LOG_OUTGOING_HTTP_REQUESTS: false
# -- Enable emitting metrics from engine
METRICS_PROMETHEUS_ENABLED: true
# -- Enable legacy metrics
METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false
# -- Enable collecting process metrics
METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false
# -- Host for Prometheus metrics server
METRICS_PROMETHEUS_HOST: '0.0.0.0'
# -- Port for Prometheus metrics server
METRICS_PROMETHEUS_PORT: 9100
# -- Set workflow limits.
workflowLimits:
# -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds.
MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600
# -- Maximum time for workflow execution; seconds.
MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400
# -- Maximum time allowed to workflow to spend in "elected" state; seconds.
MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900
# -- Maximum retry attempts allowed for workflow.
MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20
# -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900
# -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300
# -- Time since the last health check report after which workflow is terminated; seconds.
TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300
# -- Time since the last health check report after which the engine is considered unhealthy; seconds.
TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60
# -- Time since the last workflow logs activity after which workflow is terminated; seconds.
TIME_INACTIVE_UNTIL_TERMINATION: 2700
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Set extra env vars
userEnvVars: []
# E.g.
# userEnvVars:
# - name: GITHUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: github-token
# key: token
# -- Parameters for `runtime-patch` post-upgrade/install hook
# @default -- See below
patch:
enabled: true
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
env:
HOME: /tmp
# -- Parameters for `gencerts-dind` post-upgrade/install hook
# @default -- See below
gencerts:
enabled: true
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.28.4
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
# -- DinD pod daemon config
# @default -- See below
dindDaemon:
hosts:
- unix:///var/run/docker.sock
- tcp://0.0.0.0:1300
tlsverify: true
tls: true
tlscacert: /etc/ssl/cf-client/ca.pem
tlscert: /etc/ssl/cf/server-cert.pem
tlskey: /etc/ssl/cf/server-key.pem
insecure-registries:
- 192.168.99.100:5000
metrics-addr: 0.0.0.0:9323
experimental: true
# App-Proxy parameters
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation
# @default -- See below
appProxy:
# -- Enable app-proxy
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-app-proxy
tag: 0.0.47
# -- Add additional env vars
env: {}
# Set app-proxy ingress parameters
# @default -- See below
ingress:
# -- Set path prefix for ingress (keep empty for default `/` path)
pathPrefix: ""
# -- Set ingress class
class: ""
# -- Set DNS hostname the ingress will use
host: ""
# -- Set k8s tls secret for the ingress object
tlsSecret: ""
# -- Set extra annotations for ingress object
annotations: {}
# E.g.
# ingress:
# pathPrefix: "/cf-app-proxy"
# class: "nginx"
# host: "mydomain.com"
# tlsSecret: "tls-cert-app-proxy"
# annotations:
# nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
podSecurityContext: {}
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# Monitor parameters
# @default -- See below
monitor:
# -- Enable monitor
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-k8s-agent
tag: 1.3.18
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
podSecurityContext: {}
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Add serviceMonitor
# @default -- See below
serviceMonitor:
main:
# -- Enable service monitor for dind pods
enabled: false
nameOverride: dind
selector:
matchLabels:
app: dind
endpoints:
- path: /metrics
targetPort: 9100
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
# -- Add podMonitor (for engine pods)
# @default -- See below
podMonitor:
main:
# -- Enable pod monitor for engine pods
enabled: false
nameOverride: engine
selector:
matchLabels:
app: runtime
podMetricsEndpoints:
- path: /metrics
targetPort: 9100
runner:
# -- Enable pod monitor for runner pod
enabled: false
nameOverride: runner
selector:
matchLabels:
codefresh.io/application: runner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
volume-provisioner:
# -- Enable pod monitor for volumeProvisioner pod
enabled: false
nameOverride: volume-provisioner
selector:
matchLabels:
codefresh.io/application: volume-provisioner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
# -- Event exporter parameters
# @default -- See below
event-exporter:
# -- Enable event-exporter
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: docker.io
repository: codefresh/k8s-event-exporter
tag: latest
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: false
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Array of extra objects to deploy with the release
extraResources: []
# E.g.
# extraResources:
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
# metadata:
# name: codefresh-role
# rules:
# - apiGroups: [ "*"]
# resources: ["*"]
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# - apiVersion: v1
# kind: ServiceAccount
# metadata:
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRoleBinding
# metadata:
# name: codefresh-user
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: codefresh-role
# subjects:
# - kind: ServiceAccount
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: v1
# kind: Secret
# type: kubernetes.io/service-account-token
# metadata:
# name: codefresh-user-token
# namespace: "{{ .Release.Namespace }}"
# annotations:
# kubernetes.io/service-account.name: "codefresh-user"

23
charts/dell/csi-powerstore/2.11.1/Chart.yaml Normal file
View File

@ -0,0 +1,23 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI PowerStore
catalog.cattle.io/kube-version: '>= 1.24.0'
catalog.cattle.io/release-name: powerstore
apiVersion: v2
appVersion: 2.11.1
description: 'PowerStore CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as a PowerStore
StorageClass. '
home: https://github.com/dell/csi-powerstore
icon: file://assets/icons/csi-powerstore.png
keywords:
- csi
- storage
kubeVersion: '>= 1.24.0'
maintainers:
- name: DellEMC
name: csi-powerstore
sources:
- https://github.com/dell/csi-powerstore
type: application
version: 2.11.1

92
charts/dell/csi-powerstore/2.11.1/app-readme.md Normal file
View File

@ -0,0 +1,92 @@
# CSI Driver for Dell PowerStore Helm chart
The [CSI Driver for Dell PowerStore](https://github.com/dell/csi-powerstore) is part of the CSM (Container Storage Modules) open-source suite of Kubernetes storage enablers for Dell EMC products. CSI Driver for PowerStore is a Container Storage Interface (CSI) driver that provides support for provisioning persistent storage using Dell EMC PowerStore storage array.
## Prerequisites
- Kubernetes version >= 1.23 (see [supported version](https://dell.github.io/csm-docs/docs/csidriver/#features-and-capabilities))
- Helm 3
- If you plan to use either the Fibre Channel or iSCSI or NVMe/TCP or NVMe/FC protocol, refer to either _Fibre Channel requirements_ or _Set up the iSCSI Initiator_ or _Set up the NVMe Initiator_ sections below. You can use NFS volumes without FC or iSCSI or NVMe/TCP or NVMe/FC configuration.
> You can use either the Fibre Channel or iSCSI or NVMe/TCP or NVMe/FC protocol, but you do not need all the four.
> If you want to use preconfigured iSCSI/FC hosts be sure to check that they are not part of any host group
- Linux native multipathing requirements
- Mount propagation is enabled on container runtime that is being used
- If using Snapshot feature, satisfy all Volume Snapshot requirements
- Nonsecure registries are defined in Docker or other container runtimes, for CSI drivers that are hosted in a non-secure location.
- You can access your cluster with kubectl and helm.
- Ensure that your nodes support mounting NFS volumes.
- Install the Volume Snapshot CRDs by referring to [this](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerstore/#optional-volume-snapshot-requirements) page.
> Refer [this](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerstore/#prerequisites) for setting up the prerequisites.
## Optional Features
- [Volume Snapshot](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerstore/#optional-volume-snapshot-requirements)
- [Volume Health Monitoring](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerstore/#volume-health-monitoring)
- [Replication](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/powerstore/#optional-replication-feature-requirements)
## Install the Driver
**Steps**
1. Create a namespace where you want to install the driver (e.g. "csi-powerstore"). You can choose any name for the namespace, but make sure to align to the same namespace during the whole installation.
2. Create a secret named "powerstore-config" in the namespace created above. Sample [secret.yaml](https://github.com/dell/csi-powerstore/blob/main/samples/secret/secret.yaml).
>Secret must be of type opaque.
3. Create storage classes using ones from [samples](https://github.com/dell/csi-powerstore/tree/main/samples/storageclass) folder as an example.
> If you do not specify `arrayID` parameter in the storage class then the array that was specified as the default would be used for provisioning volumes.
4. Install the chart with the name "powerstore". The value.yaml file used during installation can be found [here](https://github.com/dell/csi-powerstore/blob/main/helm/csi-powerstore/values.yaml)
The following table lists the configurable parameters of the chart and their default values.
| Parameter | Description | Required | Default |
|-------------------------------------|-----------------------------------------------------------------------------------------------------------|----------|----------------------------|
| logLevel | Defines CSI driver log level | No | "debug" |
| logFormat | Defines CSI driver log format | No | "JSON" |
| externalAccess | Defines additional entries for hostAccess of NFS volumes, single IP address and subnet are valid entries | No | " " |
| kubeletConfigDir | Defines kubelet config path for cluster | Yes | "/var/lib/kubelet" |
| imagePullPolicy | Policy to determine if the image should be pulled prior to starting the container. | Yes | "IfNotPresent" |
| nfsAcls | Defines permissions - POSIX mode bits or NFSv4 ACLs, to be set on NFS target mount directory. | No | "0777" |
| connection.enableCHAP | Defines whether the driver should use CHAP for iSCSI connections or not | No | False |
| controller.controllerCount | Defines number of replicas of controller deployment | Yes | 2 |
| controller.volumeNamePrefix | Defines the string added to each volume that the CSI driver creates | No | "csivol" |
| controller.snapshot.enabled | Allows to enable/disable snapshotter sidecar with driver installation for snapshot feature | No | "true" |
| controller.snapshot.snapNamePrefix | Defines prefix to apply to the names of a created snapshots | No | "csisnap" |
| controller.resizer.enabled | Allows to enable/disable resizer sidecar with driver installation for volume expansion feature | No | "true" |
| controller.healthMonitor.enabled | Allows to enable/disable volume health monitor | No | false |
| controller.healthMonitor.interval | Interval of monitoring volume health condition | No | 60s |
| controller.nodeSelector | Defines what nodes would be selected for pods of controller deployment | Yes | " " |
| controller.tolerations | Defines toleration that would be applied to controller deployment | Yes | " " |
| node.nodeNamePrefix | Defines the string added to each node that the CSI driver registers | No | "csi-node" |
| node.nodeIDPath | Defines a path to file with a unique identifier identifying the node in the Kubernetes cluster | No | "/etc/machine-id" |
| node.healthMonitor.enabled | Allows to enable/disable volume health monitor | No | false |
| node.nodeSelector | Defines what nodes would be selected for pods of node daemonset | Yes | " " |
| node.tolerations | Defines toleration that would be applied to node daemonset | Yes | " " |
| fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" |
| controller.vgsnapshot.enabled | To enable or disable the volume group snapshot feature | No | "true" |
| images.driverRepository | To use an image from custom repository | No | dockerhub |
| version | To use any driver version | No | Latest driver version |
| allowAutoRoundOffFilesystemSize | Allows the controller to round off filesystem to 3Gi which is the minimum supported value | No | false |
| storageCapacity.enabled | Enable/Disable storage capacity tracking | No | true |
| storageCapacity.pollInterval | Configure how often the driver checks for changed capacity | No | 5m |
*NOTE:*
- By default, the driver scans available SCSI adapters and tries to register them with the storage array under the SCSI hostname using `node.nodeNamePrefix` and the ID read from the file pointed to by `node.nodeIDPath`. If an adapter is already registered with the storage under a different hostname, the adapter is not used by the driver.
- A hostname the driver uses for registration of adapters is in the form `<nodeNamePrefix>-<nodeID>-<nodeIP>`. By default, these are csi-node and the machine ID read from the file `/etc/machine-id`.
- To customize the hostname, for example if you want to make them more user friendly, adjust nodeIDPath and nodeNamePrefix accordingly. For example, you can set `nodeNamePrefix` to `k8s` and `nodeIDPath` to `/etc/hostname` to produce names such as `k8s-worker1-192.168.1.2`.
- (Optional) Enable additional Mount Options - A user is able to specify additional mount options as needed for the driver.
- Mount options are specified in storageclass yaml under _mountOptions_.
- *WARNING*: Before utilizing mount options, you must first be fully aware of the potential impact and understand your environment's requirements for the specified option.
## Support
The CSI Driver for Dell PowerStore is fully supported by DELL.
For all your support needs or to follow the latest ongoing discussions and updates, join our Slack group. Click [Here](http://del.ly/Slack_request) to request your invite.
You can also interact with us on [GitHub](https://github.com/dell/csm) by creating a [GitHub Issue](https://github.com/dell/csm/issues).
## Contributing
We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [Contribution Guidelines](https://dell.github.io/csm-docs/docs/references/contributionguidelines/).
## License
This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/dell/csi-powerstore/blob/main/licenses/Apache.txt) for details.

10
charts/dell/csi-powerstore/2.11.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,10 @@
{{/*
Return true if storage capacity tracking is enabled and is supported based on k8s version
*/}}
{{- define "csi-powerstore.isStorageCapacitySupported" -}}
{{- if eq .Values.storageCapacity.enabled true -}}
{{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{- end -}}

457
charts/dell/csi-powerstore/2.11.1/templates/controller.yaml Normal file
View File

@ -0,0 +1,457 @@
#
#
# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "patch"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
{{- end }}
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "update", "patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "update", "patch", "delete"]
{{- else }}
verbs: ["get", "list", "watch", "update", "patch"]
{{- end }}
{{- end }}
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
{{- if hasKey .Values.controller "vgsnapshot" }}
{{- if eq .Values.controller.vgsnapshot.enabled true }}
- apiGroups: ["volumegroup.storage.dell.com"]
resources: ["dellcsivolumegroupsnapshots","dellcsivolumegroupsnapshots/status"]
verbs: ["create", "list", "watch", "delete", "update"]
{{- end }}
{{- end }}
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots", "volumesnapshots/status"]
{{- if hasKey .Values.controller "vgsnapshot" }}
{{- if eq .Values.controller.vgsnapshot.enabled true }}
verbs: ["get", "list", "watch", "update", "create", "delete"]
{{- else }}
verbs: ["get", "list", "watch", "update"]
{{- end }}
{{- end }}
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
- apiGroups: [""]
resources: ["pods"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
verbs: ["get", "list", "watch", "update", "delete"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
{{- end }}
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete"]
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch"]
# below for resizer
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
# below for dell-csi-replicator
{{- if hasKey .Values.controller "replication" }}
{{- if eq .Values.controller.replication.enabled true}}
- apiGroups: ["replication.storage.dell.com"]
resources: ["dellcsireplicationgroups"]
verbs: ["create", "delete", "get", "list", "patch", "update", "watch"]
- apiGroups: ["replication.storage.dell.com"]
resources: ["dellcsireplicationgroups/status"]
verbs: ["get", "patch", "update"]
- apiGroups: [""]
resources: ["configmaps"]
verbs: ["create", "delete", "get", "list", "watch", "update", "patch"]
{{- end}}
{{- end}}
# Permissions for CSIStorageCapacity
{{- if eq (include "csi-powerstore.isStorageCapacitySupported" .) "true" }}
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get"]
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-controller
apiGroup: rbac.authorization.k8s.io
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
name: {{ .Release.Name }}-controller
{{- if lt (.Values.controller.controllerCount | toString | atoi ) 1 -}}
{{- fail "value for .Values.controller.controllerCount should be atleast 1" }}
{{- else }}
replicas: {{ required "Must provide the number of controller instances to create." .Values.controller.controllerCount }}
{{- end }}
template:
metadata:
labels:
name: {{ .Release.Name }}-controller
annotations:
kubectl.kubernetes.io/default-container: driver
spec:
{{ if .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
{{ end }}
{{ if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 6 }}
{{ end }}
serviceAccountName: {{ .Release.Name }}-controller
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "name"
operator: In
values:
- {{ .Release.Name }}-controller
topologyKey: "kubernetes.io/hostname"
containers:
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.controller.args | nindent 12 }}
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: powerstore-config-params
mountPath: /powerstore-config-params
{{- end }}
{{- end }}
{{- if hasKey .Values "dev" }}
{{ if .Values.dev.enableTracing }}{{- include "pstore.tracing" . | nindent 8 }}{{ end }}
{{- end }}
- name: attacher
image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election"
- "--worker-threads=130"
- "--resync=10s"
- "--timeout=130s"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- if hasKey .Values.controller "resizer" }}
{{- if eq .Values.controller.resizer.enabled true }}
- name: resizer
image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{end}}
{{end}}
- name: provisioner
image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--volume-name-prefix={{ required "Must provide a value to prefix to driver created volume names" .Values.controller.volumeNamePrefix }}"
- "--volume-name-uuid-length=10"
- "--v=5"
- "--leader-election"
- "--default-fstype={{ .Values.defaultFsType | default "ext4" }}"
- "--extra-create-metadata"
- "--feature-gates=Topology=true"
- "--enable-capacity={{ (include "csi-powerstore.isStorageCapacitySupported" .) | default false }}"
- "--capacity-ownerref-level=2"
- "--capacity-poll-interval={{ .Values.storageCapacity.pollInterval | default "5m" }}"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- if hasKey .Values.controller "snapshot" }}
{{- if eq .Values.controller.snapshot.enabled true }}
- name: snapshotter
image: {{ required "Must provide the CSI snapshotter container image." .Values.images.snapshotter }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election"
- "--snapshot-name-prefix={{ required "Must privided a Snapshot Name Prefix" .Values.controller.snapshot.snapNamePrefix }}"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{end}}
{{end}}
{{- if hasKey .Values.controller "vgsnapshot" }}
{{- if eq .Values.controller.vgsnapshot.enabled true }}
- name: vg-snapshotter
image: {{ required "Must provide the vgsnapshotter container image." .Values.images.vgsnapshotter }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "replication" }}
{{- if eq .Values.controller.replication.enabled true}}
- name: dell-csi-replicator
image: {{ required "Must provide the Dell CSI Replicator image." .Values.images.replication }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--csi-address=$(ADDRESS)"
- "--leader-election=true"
- "--worker-threads=2"
- "--retry-interval-start=1s"
- "--retry-interval-max=300s"
- "--timeout=300s"
- "--context-prefix={{ .Values.controller.replication.replicationContextPrefix}}"
- "--prefix={{ .Values.controller.replication.replicationPrefix}}"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
- name: X_CSI_REPLICATION_CONFIG_DIR
value: /powerstore-config-params
- name: X_CSI_REPLICATION_CONFIG_FILE_NAME
value: driver-config-params.yaml
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: powerstore-config-params
mountPath: /powerstore-config-params
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true}}
- name: csi-external-health-monitor-controller
image: {{ required "Must provide the CSI external health monitor controller image." .Values.images.healthmonitor }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
- "--http-endpoint=:8080"
- "--enable-node-watcher=true"
- "--monitor-interval={{ .Values.controller.healthMonitor.interval | default "60s" }}"
- "--timeout=180s"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
- name: csi-metadata-retriever
image: {{ required "Must provide the CSI Metadata retriever container image." .Values.images.metadataretriever }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: [ "/csi-metadata-retriever" ]
env:
{{- if hasKey .Values "dev" }}
- name: ENABLE_TRACING
value: {{ .Values.dev.enableTracing | quote }}
{{ if .Values.dev.enableTracing }}{{- include "pstore.tracingenvvars" . | nindent 12 }}{{ end }}
{{- end }}
- name: CSI_RETRIEVER_ENDPOINT
value: /var/run/csi/csi_retriever.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: driver
image: {{ required "Must provide the PowerStore driver image repository." .Values.images.driver }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: [ "/csi-powerstore" ]
env:
{{- if hasKey .Values "dev" }}
- name: ENABLE_TRACING
value: {{ .Values.dev.enableTracing | quote }}
{{ if .Values.dev.enableTracing }}{{- include "pstore.tracingenvvars" . | nindent 12 }}{{ end }}
{{- end }}
- name: CSI_ENDPOINT
value: /var/run/csi/csi.sock
- name: CSI_RETRIEVER_ENDPOINT
value: /var/run/csi/csi_retriever.sock
- name: X_CSI_MODE
value: controller
- name: X_CSI_DRIVER_NAME
value: {{ .Values.driverName }}
- name: X_CSI_POWERSTORE_EXTERNAL_ACCESS
value: {{ .Values.externalAccess }}
- name: X_CSI_NFS_ACLS
value: "{{ .Values.nfsAcls }}"
- name: X_CSI_POWERSTORE_CONFIG_PATH
value: /powerstore-config/config
- name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH
value: /powerstore-config-params/driver-config-params.yaml
{{- if hasKey .Values "podmon" }}
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.controller.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmonAPIPort }}"
{{- if hasKey .Values.controller "replication" }}
{{- if eq .Values.controller.replication.enabled true}}
- name: X_CSI_REPLICATION_CONTEXT_PREFIX
value: {{ .Values.controller.replication.replicationContextPrefix | default "powerstore"}}
- name: X_CSI_REPLICATION_PREFIX
value: {{ .Values.controller.replication.replicationPrefix | default "replication.storage.dell.com"}}
{{- end }}
{{- end }}
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true}}
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.controller.healthMonitor.enabled }}"
{{- end }}
{{- end }}
- name: GOPOWERSTORE_DEBUG
value: "true"
- name: CSI_AUTO_ROUND_OFF_FILESYSTEM_SIZE
value: "{{ .Values.allowAutoRoundOffFilesystemSize | default true }}"
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: powerstore-config
mountPath: /powerstore-config
- name: powerstore-config-params
mountPath: /powerstore-config-params
volumes:
- name: socket-dir
emptyDir:
- name: powerstore-config-params
configMap:
name: {{ .Release.Name }}-config-params
- name: powerstore-config
secret:
secretName: {{ .Release.Name }}-config

27
charts/dell/csi-powerstore/2.11.1/templates/csidriver.yaml Normal file
View File

@ -0,0 +1,27 @@
#
#
# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: {{ .Values.driverName }}
spec:
storageCapacity: {{ (include "csi-powerstore.isStorageCapacitySupported" .) | default false }}
podInfoOnMount: true
fsGroupPolicy: {{ .Values.fsGroupPolicy }}
volumeLifecycleModes:
- Persistent
- Ephemeral

31
charts/dell/csi-powerstore/2.11.1/templates/driver-config-params.yaml Normal file
View File

@ -0,0 +1,31 @@
#
#
# Copyright © 2021-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-config-params
namespace: {{ .Release.Namespace }}
data:
driver-config-params.yaml: |
CSI_LOG_LEVEL: "{{ .Values.logLevel }}"
CSI_LOG_FORMAT: "{{ .Values.logFormat }}"
{{ if .Values.podmon.enabled }}
PODMON_CONTROLLER_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_CONTROLLER_LOG_FORMAT: "{{ .Values.logFormat }}"
PODMON_NODE_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_NODE_LOG_FORMAT: "{{ .Values.logFormat }}"
{{ end }}

353
charts/dell/csi-powerstore/2.11.1/templates/node.yaml Normal file
View File

@ -0,0 +1,353 @@
#
#
# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
rules:
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["create", "delete", "get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["persistentvolumesclaims"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: [""]
resources: ["events"]
verbs: ["get", "list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get", "list", "watch", "update", "patch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["security.openshift.io"]
resourceNames: ["privileged"]
resources: ["securitycontextconstraints"]
verbs: ["use"]
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- apiGroups: [""]
resources: ["pods"]
verbs: ["get", "list", "watch", "update", "delete"]
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
{{ end }}
{{ end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-node
apiGroup: rbac.authorization.k8s.io
---
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
app: {{ .Release.Name }}-node
template:
metadata:
labels:
app: {{ .Release.Name }}-node
{{- if .Values.podmon.enabled }}
driver.dellemc.com: dell-storage
{{- end }}
annotations:
kubectl.kubernetes.io/default-container: driver
spec:
{{ if .Values.node.nodeSelector }}
nodeSelector:
{{- toYaml .Values.node.nodeSelector | nindent 8 }}
{{ end }}
{{ if .Values.node.tolerations }}
tolerations:
{{- toYaml .Values.node.tolerations | nindent 6 }}
{{ end }}
serviceAccount: {{ .Release.Name }}-node
dnsPolicy: ClusterFirstWithHostNet
hostNetwork: true
hostIPC: true
containers:
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: podmon
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
{{- toYaml .Values.podmon.node.args | nindent 12 }}
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_PRIVATE_MOUNT_DIR
value: {{ .Values.kubeletConfigDir }}
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: kubelet-pods
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/{{ .Values.driverName }}
mountPropagation: "Bidirectional"
- name: csi-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: usr-bin
mountPath: /usr-bin
- name: var-run
mountPath: /var/run
- name: powerstore-config-params
mountPath: /powerstore-config-params
{{- end }}
{{- end }}
{{- if hasKey .Values "dev" }}
{{ if .Values.dev.enableTracing }}{{- include "pstore.tracing" . | nindent 8 }}{{ end }}
{{- end}}
- name: driver
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: {{ required "Must provide the Powerstore driver image repository." .Values.images.driver }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: [ "/csi-powerstore" ]
env:
{{- if hasKey .Values "dev" }}
- name: ENABLE_TRACING
value: {{ .Values.dev.enableTracing | quote}}
{{ if .Values.dev.enableTracing }}{{- include "pstore.tracingenvvars" . | nindent 12 }}{{ end }}
{{- end}}
- name: CSI_ENDPOINT
value: unix://{{ .Values.kubeletConfigDir }}/plugins/{{ .Values.driverName }}/csi_sock
- name: X_CSI_MODE
value: node
- name: X_CSI_POWERSTORE_KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_POWERSTORE_NODE_NAME_PREFIX
value: {{ .Values.node.nodeNamePrefix }}
- name: X_CSI_POWERSTORE_NODE_ID_PATH
value: /node-id
- name: X_CSI_POWERSTORE_MAX_VOLUMES_PER_NODE
value: "{{ .Values.maxPowerstoreVolumesPerNode }}"
- name: X_CSI_POWERSTORE_NODE_CHROOT_PATH
value: /noderoot
- name: X_CSI_POWERSTORE_TMP_DIR
value: {{ .Values.kubeletConfigDir }}/plugins/{{ .Values.driverName }}/tmp
- name: X_CSI_DRIVER_NAME
value: {{ .Values.driverName }}
- name: X_CSI_FC_PORTS_FILTER_FILE_PATH
value: {{ .Values.nodeFCPortsFilterFile }}
{{- if eq .Values.connection.enableCHAP true }}
- name: X_CSI_POWERSTORE_ENABLE_CHAP
value: "true"
{{- else }}
- name: X_CSI_POWERSTORE_ENABLE_CHAP
value: "false"
{{- end }}
- name: X_CSI_POWERSTORE_CONFIG_PATH
value: /powerstore-config/config
- name: X_CSI_POWERSTORE_CONFIG_PARAMS_PATH
value: /powerstore-config-params/driver-config-params.yaml
- name: GOPOWERSTORE_DEBUG
value: "true"
{{- if hasKey .Values.node "healthMonitor" }}
{{- if eq .Values.node.healthMonitor.enabled true}}
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.controller.healthMonitor.enabled }}"
{{- end }}
{{- end }}
{{- if hasKey .Values "podmon" }}
- name: X_CSI_PODMON_ENABLED
value: "{{ .Values.podmon.enabled }}"
{{- if eq .Values.podmon.enabled true }}
{{- range $key, $value := .Values.podmon.node.args }}
{{- if contains "--arrayConnectivityPollRate" $value }}
- name: X_CSI_PODMON_ARRAY_CONNECTIVITY_POLL_RATE
value: "{{ (split "=" $value)._1 }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}
- name: X_CSI_PODMON_API_PORT
value: "{{ .Values.podmonAPIPort }}"
volumeMounts:
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/{{ .Values.driverName }}
- name: csi-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: sys
mountPath: /sys
- name: run
mountPath: /run
- name: node-id
mountPath: /node-id
- name: etciscsi
mountPath: /etc/iscsi
- name: mpath
mountPath: /etc/multipath.conf
- name: noderoot
mountPath: /noderoot
- name: powerstore-config
mountPath: /powerstore-config
- name: powerstore-config-params
mountPath: /powerstore-config-params
- name: registrar
image: {{ required "Must provide the CSI node registrar container image." .Values.images.registrar }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- --kubelet-registration-path={{ .Values.kubeletConfigDir }}/plugins/{{ .Values.driverName }}/csi_sock
env:
- name: ADDRESS
value: /csi/csi_sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- name: registration-dir
mountPath: /registration
- name: driver-path
mountPath: /csi
volumes:
- name: registration-dir
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins_registry/
type: DirectoryOrCreate
- name: driver-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/{{ .Values.driverName }}
type: DirectoryOrCreate
- name: csi-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
- name: pods-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/pods
type: Directory
- name: dev
hostPath:
path: /dev
type: Directory
- name: node-id
hostPath:
path: {{ required "Must provide the path to file with node identifier." .Values.node.nodeIDPath }}
type: File
- name: etciscsi
hostPath:
path: /etc/iscsi
type: DirectoryOrCreate
- name: mpath
hostPath:
path: /etc/multipath.conf
type: FileOrCreate
- name: noderoot
hostPath:
path: /
type: Directory
- name: sys
hostPath:
path: /sys
type: Directory
- name: run
hostPath:
path: /run
type: Directory
- name: powerstore-config-params
configMap:
name: {{ .Release.Name }}-config-params
- name: powerstore-config
secret:
secretName: {{ .Release.Name }}-config
{{- if hasKey .Values "podmon" }}
{{- if eq .Values.podmon.enabled true }}
- name: usr-bin
hostPath:
path: /usr/bin
type: Directory
- name: kubelet-pods
hostPath:
path: /var/lib/kubelet/pods
type: Directory
- name: var-run
hostPath:
path: /var/run
type: Directory
{{ end }}
{{ end }}

350
charts/dell/csi-powerstore/2.11.1/values.yaml Normal file
View File

@ -0,0 +1,350 @@
#
#
# Copyright © 2020-2023 Dell Inc. or its subsidiaries. All Rights Reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
## K8S/DRIVER ATTRIBUTES
########################
# driverName: defines the name of driver
# Allowed values: string
# Default value: None
driverName: "csi-powerstore.dellemc.com"
# "version" is used to verify the values file matches driver version
# Not recommend to change
version: v2.11.1
# "images" defines every container images used for the driver and its sidecars.
# To use your own images, or a private registry, change the values here.
images:
# "driver" defines the container image, used for the driver container.
driver: dellemc/csi-powerstore:v2.11.1
# CSI sidecars
attacher: registry.k8s.io/sig-storage/csi-attacher:v4.6.1
provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1
snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1
resizer: registry.k8s.io/sig-storage/csi-resizer:v1.11.1
registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1
# CSM sidecars
replication: dellemc/dell-csi-replicator:v1.9.0
vgsnapshotter: dellemc/csi-volumegroup-snapshotter:v1.6.0
podmon: dellemc/podmon:v1.10.0
metadataretriever: dellemc/csi-metadata-retriever:v1.8.0
# Specify kubelet config dir path.
# Ensure that the config.yaml file is present at this path.
# Default value: /var/lib/kubelet
kubeletConfigDir: /var/lib/kubelet
# nodeFCPortsFilterFile: It is the name of the environment variable which store path to the file which
# provide list of WWPN which should be used by the driver for FC connection on this node
# If file not exist or empty or in invalid format, then the driver will use all available FC ports
# Allowed Values: string
# Default Value: None
# Example:
# content of the file:
# 21:00:00:29:ff:48:9f:6e,21:00:00:29:ff:48:9f:6e
nodeFCPortsFilterFile: /etc/fc-ports-filter
# externalAccess: allows to specify additional entries for hostAccess of NFS volumes. Both single IP address and subnet are valid entries.
# Allowed Values: x.x.x.x/xx or x.x.x.x
# Default Value: None
externalAccess:
# imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container.
# Allowed values:
# Always: Always pull the image.
# IfNotPresent: Only pull the image if it does not already exist on the node.
# Never: Never pull the image.
# Default value: None
imagePullPolicy: IfNotPresent
# maxPowerstoreVolumesPerNode: Specify default value for maximum number of volumes that controller can publish to the node.
# If value is zero CO SHALL decide how many volumes of this type can be published by the controller to the node.
# This limit is applicable to all the nodes in the cluster for which node label 'max-powerstore-volumes-per-node' is not set.
# Allowed values: n, where n >= 0
# Default value: 0
maxPowerstoreVolumesPerNode: 0
# nfsAcls: enables setting permissions on NFS mount directory
# This value acts as default value for NFS ACL (nfsAcls), if not specified for an array config in secret
# Permissions can be specified in two formats:
# 1) Unix mode (NFSv3)
# 2) NFSv4 ACLs (NFSv4)
# NFSv4 ACLs are supported on NFSv4 share only.
# Allowed values:
# 1) Unix mode: valid octal mode number
# Examples: "0777", "777", "0755"
# 2) NFSv4 acls: valid NFSv4 acls, seperated by comma
# Examples: "A::OWNER@:RWX,A::GROUP@:RWX", "A::OWNER@:rxtncy"
# Optional: true
# Default value: "0777"
nfsAcls: "0777"
# podmonAPIPort: Defines the port to be used within the kubernetes cluster
# Allowed values:
# Any valid and free port.
# Default value: 8083
podmonAPIPort: 8083
# controller: configure controller specific parameters
controller:
# controllerCount: defines the number of csi-powerstore controller pods to deploy to
# the Kubernetes release.
# Allowed values: n, where n > 0
# Default value: None
controllerCount: 2
# volumeNamePrefix: defines a string prepended to each volume created by the CSI driver.
# Allowed values: string
# Default value: None
volumeNamePrefix: csivol
# vgsnapshot: allows to configure volume-group-snapshot
# volume-group-snapshot CRDs must be installed before installing driver
vgsnapshot:
# enabled: Enable/Disable volume-group-snapshot feature
# Allowed values:
# true: enable volume-group-snapshot feature(install vg-snapshotter sidecar)
# false: disable volume-group-snapshot feature(do not install vg-snapshotter sidecar)
# Default value: false
enabled: false
# snapshot: allows to enable/disable snapshot feature
# snapshot CRDs needs to be installed before enabling this feature
snapshot:
# enabled: Enable/Disable volume snapshot feature
# Allowed values:
# true: enable volume snapshot feature(install snapshotter sidecar)
# false: disable volume snapshot feature(do not install snapshotter sidecar)
# Default value: None
enabled: true
# snapNamePrefix: Prefix to apply to the names of a created snapshots
# Allowed values: string
# Default value: None
snapNamePrefix: csisnap
# resizer: allows to enable/disable resizer feature
resizer:
# enabled: Enable/Disable volume expansion feature
# Allowed values:
# true: enable volume expansion feature(install resizer sidecar)
# false: disable volume expansion feature(do not install resizer sidecar)
# Default value: true
enabled: true
healthMonitor:
# enabled: Enable/Disable health monitor of CSI volumes
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: false
enabled: false
# interval: Interval of monitoring volume health condition
# Allowed values: Number followed by unit (s,m,h)
# Examples: 60s, 5m, 1h
# Default value: 60s
interval: 60s
# replication: allows to configure replication
# Replication CRDs must be installed before installing driver
replication:
# enabled: Enable/Disable replication feature
# Allowed values:
# true: enable replication feature(install dell-csi-replicator sidecar)
# false: disable replication feature(do not install dell-csi-replicator sidecar)
# Default value: false
enabled: false
# replicationContextPrefix: prefix to use for naming of resources created by replication feature
# Allowed values: string
# Default value: powerstore
replicationContextPrefix: "powerstore"
# replicationPrefix: prefix to prepend to storage classes parameters
# Allowed values: string
# Default value: replication.storage.dell.com
replicationPrefix: "replication.storage.dell.com"
# nodeSelector: Define node selection constraints for controller pods.
# For the pod to be eligible to run on a node, the node must have each
# of the indicated key-value pairs as labels.
# Leave as blank to consider all nodes
# Allowed values: map of key-value pairs
# Default value: None
nodeSelector:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# node-role.kubernetes.io/master
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# node-role.kubernetes.io/control-plane
# tolerations: Define tolerations for the controllers, if required.
# Leave as blank to install controller on worker nodes
# Default value: None
tolerations:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoSchedule"
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# tolerations:
# - key: "node-role.kubernetes.io/control-plane"
# operator: "Exists"
# effect: "NoSchedule"
# node: configure node pod specific parameters
node:
# nodeNamePrefix: defines a string prepended to each node registered by the CSI driver.
# Allowed values: string
# Default value: None
nodeNamePrefix: csi-node
# nodeIDPath: defines the path to file with node identifier (e.g. /etc/machine-id, /etc/hostname).
# Allowed values: string
# Default value: None
nodeIDPath: /etc/machine-id
healthMonitor:
# enabled: Enable/Disable health monitor of CSI volumes- volume usage, volume condition
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: None
enabled: false
# nodeSelector: Define node selection constraints for node pods.
# For the pod to be eligible to run on a node, the node must have each
# of the indicated key-value pairs as labels.
# Leave as blank to consider all nodes
# Allowed values: map of key-value pairs
# Default value: None
nodeSelector:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# node-role.kubernetes.io/master
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# node-role.kubernetes.io/control-plane
# tolerations: Define tolerations for the node pods, if required.
# Leave as blank to consider all worker nodes
# Default value: None
tolerations:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoSchedule"
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# tolerations:
# - key: "node-role.kubernetes.io/control-plane"
# operator: "Exists"
# effect: "NoSchedule"
# Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled
# tolerations:
# - key: "offline.vxflexos.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "vxflexos.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "offline.unity.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "unity.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "offline.isilon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "isilon.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "offline.powerstore.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "powerstore.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
## PLATFORM ATTRIBUTES
######################
# connection: allows to configure connection to storage array
connection:
# connection.enableCHAP: allows to enable CHAP for iSCSI connections
# CHAP password will be autogenerated by driver
# Allowed values:
# true : enable CHAP
# false: disable CHAP
# Default value: false
enableCHAP: false
# CSI driver log level
# Allowed values: "error", "warn"/"warning", "info", "debug", "error"
# Default value: "debug"
logLevel: "debug"
# CSI driver log format
# Allowed values: "TEXT" or "JSON"
# Default value: "JSON"
logFormat: "JSON"
# Following modes are supported: None, File and ReadWriteOnceWithFSType
fsGroupPolicy: ReadWriteOnceWithFSType
# Allows the controller to round off filesystem to 3Gi which is the minimum supported value
allowAutoRoundOffFilesystemSize: true
# Storage Capacity Tracking
# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions.
storageCapacity:
# enabled : Enable/Disable storage capacity tracking
# Allowed values:
# true: enable storage capacity tracking
# false: disable storage capacity tracking
# Default value: true
enabled: true
# pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity
# Allowed values: 1m,2m,3m,...,10m,...,60m etc
# Default value: 5m
pollInterval: 5m
# Enable this feature only after contact support for additional information
podmon:
enabled: false
controller:
args:
- "--csisock=unix:/var/run/csi/csi.sock"
- "--labelvalue=csi-powerstore"
- "--arrayConnectivityPollRate=60"
- "--driverPath=csi-powerstore.dellemc.com"
- "--mode=controller"
- "--skipArrayConnectionValidation=false"
- "--driver-config-params=/powerstore-config-params/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"
node:
args:
- "--csisock=unix:/var/lib/kubelet/plugins/csi-powerstore.dellemc.com/csi_sock"
- "--labelvalue=csi-powerstore"
- "--arrayConnectivityPollRate=60"
- "--driverPath=csi-powerstore.dellemc.com"
- "--mode=node"
- "--leaderelection=false"
- "--driver-config-params=/powerstore-config-params/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"

22
charts/dell/csi-unity/2.11.1/Chart.yaml Normal file
View File

@ -0,0 +1,22 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dell CSI Unity
catalog.cattle.io/kube-version: '>= 1.24.0'
catalog.cattle.io/release-name: unity
apiVersion: v2
appVersion: 2.11.1
description: 'Unity XT CSI (Container Storage Interface) driver Kubernetes integration.
This chart includes everything required to provision via CSI as well as a Unity
XT StorageClass. '
icon: file://assets/icons/csi-unity.png
keywords:
- csi
- storage
kubeVersion: '>= 1.24.0'
maintainers:
- name: DellEMC
name: csi-unity
sources:
- https://github.com/dell/csi-unity
type: application
version: 2.11.1

93
charts/dell/csi-unity/2.11.1/app-readme.md Normal file
View File

@ -0,0 +1,93 @@
The [CSI Driver for Unity XT](https://github.com/dell/csi-unity) is part of the CSM (Container Storage Modules) open-source suite of Kubernetes storage enablers for Dell products. CSI Driver for Unity XT is a Container Storage Interface (CSI) driver that provides support for provisioning persistent storage using Dell Unity XT storage array.
## Pre-Requisites
- Install Kubernetes (see [supported versions](https://dell.github.io/csm-docs/docs/csidriver/#features-and-capabilities))
- Install Helm v3 (follow [steps](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/unity/#install-helm-30))
- Install sshpass
- Configure the pre-installation steps according to the protocols you are using:
- To use FC protocol, the host must be zoned with Unity XT array and Multipath needs to be configured
- To use iSCSI protocol, iSCSI initiator utils packages need to be installed and Multipath needs to be configured
- To use NFS protocol, NFS utility packages needs to be installed
- Enable mount propagation on container runtime that is being used
- In order to use the Kubernetes Volume Snapshot feature, ensure to deploy `Volume Snapshot CRDs` and `Volume Snapshot Controller` in the kubernetes cluster as a pre-requisite. Refer [here](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/unity/#installation-example) for installation example of CRD's and default snapshot controller
For more information, refer to the [documentation](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/unity/#prerequisites)
## Install CSI Driver for Unity XT
1. Clone the [git repository](https://github.com/dell/csi-unity) that has the helm charts and install scripts
2. Create a namespace called `unity`
3. Collect information from the Unity XT Systems like Unique ArrayId, IP address, username, and password. Using the information, prepare `secrets.yaml`. Create the secrets. Samples available [here](https://github.com/dell/csi-unity/blob/main/samples/secret/secret.yaml)
>NOTE: For certificate validation of Unisphere REST API calls refer [here](https://dell.github.io/csm-docs/docs/csidriver/installation/helm/unity/#certificate-validation-for-unisphere-rest-api-calls). Otherwise, create an empty secret. Samples available [here](https://github.com/dell/csi-unity/tree/main/samples/secret/emptysecret.yaml)
4. Copy the `helm/csi-unity/values.yaml` into a file named `myvalues.yaml` in the same directory of csi-install.sh, to customize settings for installation
5. Edit `myvalues.yaml` to set the following parameters for your installation:
The following table lists the primary configurable parameters of the Unity XT driver chart and their default values. More detailed information can be found in the [`values.yaml`](https://github.com/dell/csi-unity/blob/master/helm/csi-unity/values.yaml) file in this repository.
| Parameter | Description | Required | Default |
| --------- | ----------- | -------- |-------- |
| version | helm version | true | - |
| logLevel | LogLevel is used to set the logging level of the driver | true | info |
| allowRWOMultiPodAccess | Flag to enable multiple pods to use the same PVC on the same node with RWO access mode. | false | false |
| kubeletConfigDir | Specify kubelet config dir path | Yes | /var/lib/kubelet |
| syncNodeInfoInterval | Time interval to add node info to the array. Default 15 minutes. The minimum value should be 1 minute. | false | 15 |
| maxUnityVolumesPerNode | Maximum number of volumes that controller can publish to the node. | false | 0 |
| certSecretCount | Represents the number of certificate secrets, which the user is going to create for SSL authentication. (unity-cert-0..unity-cert-n). The minimum value should be 1. | false | 1 |
| imagePullPolicy | The default pull policy is IfNotPresent which causes the Kubelet to skip pulling an image if it already exists. | Yes | IfNotPresent |
| podmon.enabled | service to monitor failing jobs and notify | false | - |
| podmon.image| pod man image name | false | - |
| tenantName | Tenant name added while adding host entry to the array | No | |
| fsGroupPolicy | Defines which FS Group policy mode to be used, Supported modes `None, File and ReadWriteOnceWithFSType` | No | "ReadWriteOnceWithFSType" |
| **controller** | Allows configuration of the controller-specific parameters.| - | - |
| controllerCount | Defines the number of csi-unity controller pods to deploy to the Kubernetes release| Yes | 2 |
| volumeNamePrefix | Defines a string prefix for the names of PersistentVolumes created | Yes | "k8s" |
| snapshot.enabled | Enable/Disable volume snapshot feature | Yes | true |
| snapshot.snapNamePrefix | Defines a string prefix for the names of the Snapshots created | Yes | "snapshot" |
| resizer.enabled | Enable/Disable volume expansion feature | Yes | true |
| nodeSelector | Define node selection constraints for pods of controller deployment | No | |
| tolerations | Define tolerations for the controller deployment, if required | No | |
| healthMonitor.enabled | Enable/Disable deployment of external health monitor sidecar for controller side volume health monitoring. | No | false |
| healthMonitor.interval | Interval of monitoring volume health condition. Allowed values: Number followed by unit (s,m,h) | No | 60s |
| ***node*** | Allows configuration of the node-specific parameters.| - | - |
| dnsPolicy | Define the DNS Policy of the Node service | Yes | ClusterFirstWithHostNet |
| healthMonitor.enabled | Enable/Disable health monitor of CSI volumes- volume usage, volume condition | No | false |
| nodeSelector | Define node selection constraints for pods of node deployment | No | |
| tolerations | Define tolerations for the node deployment, if required | No | |
**Note**:
* User should provide all boolean values with double-quotes. This applies only for `myvalues.yaml`. Example: "true"/"false"
* controllerCount parameter value should be <= number of nodes in the kubernetes cluster else install script fails
6. Run the `./csi-install.sh --namespace unity --values ./myvalues.yaml` command to proceed with the installation using bash script or you can also install the driver using standalone helm chart by running helm install command `helm install --dry-run --values <myvalues.yaml-location> --namespace <namespace> <name-of-secret> <helmPath>` <br/>
`<namespace>` - namespace of the driver installation <br/>
`<name of secret>` - unity in case of unity-creds and unity-certs-0 secrets <br/>
`<helmPath>` - Path of the helm directory <br/>
7. Create storage classes from [samples](https://github.com/dell/csi-unity/tree/main/samples/storageclass)
**Note**:
* At least one storage class is required for one array
* In case you want to make updates to an existing storage class, ensure to delete it using the `kubectl delete storageclass <storageclass-name>` command. Deleting a storage class has no impact on a running Pod with mounted PVCs. You cannot provision new PVCs until at least one storage class is newly created
For full-length documentation, please visit Container Storage Modules documentation [page](https://dell.github.io/csm-docs/).
## Support
The CSI Driver for Dell Unity XT is fully supported by DELL.
For all your support needs or to follow the latest ongoing discussions and updates, join our Slack group. Click [Here](http://del.ly/Slack_request) to request your invite.
You can also interact with us on [GitHub](https://github.com/dell/csm) by creating a [GitHub Issue](https://github.com/dell/csm/issues).
## Contributing
We value all feedback and contributions. If you find any issues or want to contribute, please feel free to open an issue or file a PR. More details in [Contribution Guidelines](https://dell.github.io/csm-docs/docs/references/contributionguidelines/).
## License
This is open source software licensed using the Apache License 2.0. Please see [LICENSE](https://github.com/dell/csi-powerstore/blob/main/licenses/Apache.txt) for details.

10
charts/dell/csi-unity/2.11.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,10 @@
{{/*
Return true if storage capacity tracking is enabled and is supported based on k8s version
*/}}
{{- define "csi-unity.isStorageCapacitySupported" -}}
{{- if eq .Values.storageCapacity.enabled true -}}
{{- if and (eq .Capabilities.KubeVersion.Major "1") (ge (trimSuffix "+" .Capabilities.KubeVersion.Minor) "24") -}}
{{- true -}}
{{- end -}}
{{- end -}}
{{- end -}}

328
charts/dell/csi-unity/2.11.1/templates/controller.yaml Normal file
View File

@ -0,0 +1,328 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
rules:
- apiGroups: ["coordination.k8s.io"]
resources: ["leases"]
verbs: ["get", "watch", "list", "delete", "update", "create"]
- apiGroups: [""]
resources: ["events"]
verbs: ["list", "watch", "create", "update", "patch"]
- apiGroups: [""]
resources: ["nodes"]
{{- if .Values.podmon.enabled }}
verbs: ["get", "list", "watch", "patch"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
- apiGroups: [""]
resources: ["persistentvolumes"]
verbs: ["get", "list", "watch", "create", "delete", "update","patch"]
- apiGroups: [""]
resources: ["persistentvolumeclaims"]
verbs: ["get", "list", "create", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["storageclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments"]
{{- if .Values.podmon.enabled }}
verbs: ["get", "list", "watch", "update", "patch", "delete"]
{{- else }}
verbs: ["get", "list", "watch", "update","patch"]
{{- end }}
- apiGroups: ["storage.k8s.io"]
resources: ["csinodes"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
- apiGroups: ["csi.storage.k8s.io"]
resources: ["csinodeinfos"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["pods"]
{{- if .Values.podmon.enabled }}
verbs: ["get", "list", "watch", "update", "delete"]
{{- else }}
verbs: ["get", "list", "watch"]
{{- end }}
# below for snapshotter
- apiGroups: [""]
resources: ["secrets"]
verbs: ["get", "list"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotclasses"]
verbs: ["get", "list", "watch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents"]
verbs: ["create", "get", "list", "watch", "update", "delete", "patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots/status"]
verbs: ["update"]
- apiGroups: ["storage.k8s.io"]
resources: ["volumeattachments/status"]
verbs: ["patch"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshots"]
verbs: ["get", "list", "watch", "update"]
- apiGroups: ["apiextensions.k8s.io"]
resources: ["customresourcedefinitions"]
verbs: ["create", "list", "watch", "delete"]
- apiGroups: ["snapshot.storage.k8s.io"]
resources: ["volumesnapshotcontents/status"]
verbs: ["update", "patch"]
# below for resizer
- apiGroups: [""]
resources: ["persistentvolumeclaims/status"]
verbs: ["update", "patch"]
# Permissions for CSIStorageCapacity
{{- if eq (include "csi-unity.isStorageCapacitySupported" .) "true" }}
- apiGroups: ["storage.k8s.io"]
resources: ["csistoragecapacities"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
resources: ["pods"]
verbs: ["get"]
- apiGroups: ["apps"]
resources: ["replicasets"]
verbs: ["get"]
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-controller
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-controller
apiGroup: rbac.authorization.k8s.io
---
{{ $releaseName := .Release.Name }}
kind: Deployment
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-controller
namespace: {{ .Release.Namespace }}
spec:
{{- if lt (.Values.controller.controllerCount | toString | atoi ) 1 -}}
{{- fail "value for .Values.controller.controllerCount should be atleast 1" }}
{{- else }}
replicas: {{ required "Must provide the number of controller instances to create." .Values.controller.controllerCount }}
{{- end }}
selector:
matchLabels:
app: {{ .Release.Name }}-controller
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: "driver"
labels:
app: {{ .Release.Name }}-controller
spec:
serviceAccountName: {{ .Release.Name }}-controller
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app
operator: In
values:
- {{ .Release.Name }}-controller
topologyKey: "kubernetes.io/hostname"
{{- if .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml .Values.controller.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.controller.tolerations }}
tolerations:
{{- toYaml .Values.controller.tolerations | nindent 6 }}
{{- end }}
containers:
{{- if .Values.podmon.enabled }}
- name: podmon
imagePullPolicy: {{ .Values.imagePullPolicy }}
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
args:
{{- toYaml .Values.podmon.controller.args | nindent 12 }}
env:
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: unity-config
mountPath: /unity-config
{{- end }}
- name: attacher
image: {{ required "Must provide the CSI attacher container image." .Values.images.attacher }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: provisioner
image: {{ required "Must provide the CSI provisioner container image." .Values.images.provisioner }}
args:
- "--csi-address=$(ADDRESS)"
- "--volume-name-prefix={{ required "Must provide a Volume Name Prefix." .Values.controller.volumeNamePrefix }}"
- "--volume-name-uuid-length=10"
- "--timeout=180s"
- "--worker-threads=6"
- "--v=5"
- "--feature-gates=Topology=true"
- "--strict-topology=true"
- "--leader-election"
- "--leader-election-namespace={{ .Release.Namespace }}"
- "--default-fstype={{ .Values.defaultFsType | default "ext4" }}"
- "--enable-capacity={{ (include "csi-unity.isStorageCapacitySupported" .) | default false }}"
- "--capacity-ownerref-level=2"
- "--capacity-poll-interval={{ .Values.storageCapacity.pollInterval | default "5m" }}"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- if hasKey .Values.controller "snapshot" }}
{{- if eq .Values.controller.snapshot.enabled true }}
- name: snapshotter
image: {{ required "Must provide the CSI snapshotter container image. " .Values.images.snapshotter }}
args:
- "--csi-address=$(ADDRESS)"
- "--snapshot-name-prefix={{ required "Must privided a Snapshot Name Prefix" .Values.controller.snapshot.snapNamePrefix }}"
- "--snapshot-name-uuid-length=10"
- "--timeout=360s"
- "--v=5"
- "--leader-election"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end}}
{{- end}}
{{- if hasKey .Values.controller "resizer" }}
{{- if eq .Values.controller.resizer.enabled true }}
- name: resizer
image: {{ required "Must provide the CSI resizer container image." .Values.images.resizer }}
args:
- "--csi-address=$(ADDRESS)"
- "--v=5"
- "--leader-election"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{ end }}
{{ end }}
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true }}
- name: csi-external-health-monitor-controller
image: {{ required "Must provide the CSI external health monitor image." .Values.images.healthmonitor }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- "--leader-election"
- "--http-endpoint=:8080"
- "--enable-node-watcher=true"
- "--monitor-interval={{ .Values.controller.healthMonitor.interval | default "60s" }}"
- "--timeout=180s"
env:
- name: ADDRESS
value: /var/run/csi/csi.sock
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
{{- end }}
{{- end }}
- name: driver
image: "{{ required "Must provide the driver image repository." .Values.images.driver }}"
args:
- "--driver-name=csi-unity.dellemc.com"
- "--driver-config=/unity-config/driver-config-params.yaml"
- "--driver-secret=/unity-secret/config"
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: CSI_ENDPOINT
value: /var/run/csi/csi.sock
- name: X_CSI_MODE
value: controller
- name: X_CSI_UNITY_AUTOPROBE
value: "true"
- name: SSL_CERT_DIR
value: /certs
{{- if hasKey .Values.controller "healthMonitor" }}
{{- if eq .Values.controller.healthMonitor.enabled true }}
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.controller.healthMonitor.enabled }}"
{{- end }}
{{- end }}
volumeMounts:
- name: socket-dir
mountPath: /var/run/csi
- name: certs
mountPath: /certs
readOnly: true
- name: unity-config
mountPath: /unity-config
- name: unity-secret
mountPath: /unity-secret
volumes:
- name: certs
projected:
sources:
{{- range $i, $e := until (int .Values.certSecretCount ) }}
- secret:
name: {{ print $releaseName "-certs-" $e }}
items:
- key: cert-{{ $e }}
path: cert-{{ $e }}
{{- end }}
- name: socket-dir
emptyDir:
- name: unity-config
configMap:
name: {{ .Release.Name }}-config-params
- name: unity-secret
secret:
secretName: {{ .Release.Name }}-creds

12
charts/dell/csi-unity/2.11.1/templates/csidriver.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: csi-unity.dellemc.com
spec:
storageCapacity: {{ (include "csi-unity.isStorageCapacitySupported" .) | default false }}
attachRequired: true
podInfoOnMount: true
volumeLifecycleModes:
- Persistent
- Ephemeral
fsGroupPolicy: {{ .Values.fsGroupPolicy }}

18
charts/dell/csi-unity/2.11.1/templates/driver-config-params.yaml Normal file
View File

@ -0,0 +1,18 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ .Release.Name }}-config-params
namespace: {{ .Release.Namespace }}
data:
driver-config-params.yaml: |
CSI_LOG_LEVEL: "{{ .Values.logLevel }}"
ALLOW_RWO_MULTIPOD_ACCESS: "{{ .Values.allowRWOMultiPodAccess }}"
MAX_UNITY_VOLUMES_PER_NODE: "{{ .Values.maxUnityVolumesPerNode }}"
SYNC_NODE_INFO_TIME_INTERVAL: "{{ .Values.syncNodeInfoInterval }}"
TENANT_NAME: "{{ .Values.tenantName }}"
{{ if .Values.podmon.enabled }}
PODMON_CONTROLLER_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_CONTROLLER_LOG_FORMAT: "TEXT"
PODMON_NODE_LOG_LEVEL: "{{ .Values.logLevel }}"
PODMON_NODE_LOG_FORMAT: "TEXT"
{{ end }}

283
charts/dell/csi-unity/2.11.1/templates/node.yaml Normal file
View File

@ -0,0 +1,283 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "create", "delete", "get", "list", "watch", "update" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumesclaims" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "get", "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch", "update", "patch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "volumeattachments" ]
verbs: [ "get", "list", "watch", "update" ]
- apiGroups: [ "security.openshift.io" ]
resourceNames: [ "privileged" ]
resources: [ "securitycontextconstraints" ]
verbs: [ "use" ]
{{- if .Values.podmon.enabled }}
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "watch", "list", "delete", "update", "create" ]
{{- end }}
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ .Release.Name }}-node
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}-node
apiGroup: rbac.authorization.k8s.io
---
{{ $releaseName := .Release.Name }}
kind: DaemonSet
apiVersion: apps/v1
metadata:
name: {{ .Release.Name }}-node
namespace: {{ .Release.Namespace }}
spec:
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: {{ .Release.Name }}-node
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: "driver"
labels:
app: {{ .Release.Name }}-node
{{- if .Values.podmon.enabled }}
driver.dellemc.com: dell-storage
{{- end }}
spec:
serviceAccountName: {{ .Release.Name }}-node
{{- if .Values.node.nodeSelector }}
nodeSelector:
{{- toYaml .Values.node.nodeSelector | nindent 8 }}
{{- end }}
{{- if .Values.node.tolerations }}
tolerations:
{{- toYaml .Values.node.tolerations | nindent 8 }}
{{- end }}
hostIPC: true
hostNetwork: true
dnsPolicy: {{ .Values.node.dnsPolicy }}
containers:
{{- if .Values.podmon.enabled }}
- name: podmon
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
imagePullPolicy: {{ .Values.imagePullPolicy }}
image: {{ required "Must provide the podmon container image." .Values.images.podmon }}
args:
{{- toYaml .Values.podmon.node.args | nindent 12 }}
env:
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_PRIVATE_MOUNT_DIR
value: "{{ .Values.kubeletConfigDir }}/plugins/unity.emc.dell.com/disks"
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: MY_POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: MY_POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
volumeMounts:
- name: kubelet-pods
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/unity.emc.dell.com
mountPropagation: "Bidirectional"
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: usr-bin
mountPath: /usr-bin
- name: var-run
mountPath: /var/run
- name: unity-config
mountPath: /unity-config
{{- end }}
- name: driver
securityContext:
privileged: true
capabilities:
add: ["SYS_ADMIN"]
allowPrivilegeEscalation: true
image: "{{ required "Must provide the driver image repository." .Values.images.driver }}"
args:
- "--driver-name=csi-unity.dellemc.com"
- "--driver-config=/unity-config/driver-config-params.yaml"
- "--driver-secret=/unity-secret/config"
imagePullPolicy: {{ .Values.imagePullPolicy }}
env:
- name: CSI_ENDPOINT
value: {{ .Values.kubeletConfigDir }}/plugins/unity.emc.dell.com/csi_sock
- name: X_CSI_MODE
value: node
- name: X_CSI_UNITY_AUTOPROBE
value: "true"
- name: X_CSI_UNITY_ALLOW_MULTI_POD_ACCESS
value: {{ .Values.allowRWOMultiPodAccess | default "false" | lower | quote }}
- name: X_CSI_ALLOWED_NETWORKS
value: "{{ .Values.allowedNetworks }}"
- name: X_CSI_PRIVATE_MOUNT_DIR
value: "{{ .Values.kubeletConfigDir }}/plugins/unity.emc.dell.com/disks"
- name: X_CSI_EPHEMERAL_STAGING_PATH
value: "{{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi/pv/"
- name: X_CSI_ISCSI_CHROOT
value: {{ .Values.ISCSIChroot | default "/noderoot" }}
- name: X_CSI_UNITY_NODENAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
- name: X_CSI_UNITY_NODENAME_PREFIX
value: {{ .Values.nodeNamePrefix }}
- name: SSL_CERT_DIR
value: /certs
- name: X_CSI_UNITY_SYNC_NODEINFO_INTERVAL
value: {{ .Values.syncNodeInfoInterval | default "15" | quote }}
{{- if hasKey .Values.node "healthMonitor" }}
{{- if eq .Values.node.healthMonitor.enabled true }}
- name: X_CSI_HEALTH_MONITOR_ENABLED
value: "{{ .Values.node.healthMonitor.enabled }}"
{{- end }}
{{- end }}
volumeMounts:
- name: driver-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/unity.emc.dell.com
- name: volumedevices-path
mountPath: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
mountPropagation: "Bidirectional"
- name: pods-path
mountPath: {{ .Values.kubeletConfigDir }}/pods
mountPropagation: "Bidirectional"
- name: dev
mountPath: /dev
- name: noderoot
mountPath: /noderoot
- name: certs
mountPath: /certs
readOnly: true
- name: unity-config
mountPath: /unity-config
- name: unity-secret
mountPath: /unity-secret
- name: registrar
image: {{ required "Must provide the CSI registrar container image." .Values.images.registrar }}
args:
- "--v=5"
- "--csi-address=$(ADDRESS)"
- --kubelet-registration-path={{ .Values.kubeletConfigDir }}/plugins/unity.emc.dell.com/csi_sock
env:
- name: ADDRESS
value: /csi/csi_sock
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
volumeMounts:
- name: registration-dir
mountPath: /registration
- name: driver-path
mountPath: /csi
volumes:
- name: registration-dir
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins_registry/
type: DirectoryOrCreate
- name: driver-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/unity.emc.dell.com
type: DirectoryOrCreate
- name: volumedevices-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/plugins/kubernetes.io/csi
type: DirectoryOrCreate
- name: pods-path
hostPath:
path: {{ .Values.kubeletConfigDir }}/pods
type: Directory
- name: dev
hostPath:
path: /dev
type: Directory
- name: noderoot
hostPath:
path: /
type: Directory
- name: certs
projected:
sources:
{{- range $i, $e := until (int .Values.certSecretCount ) }}
- secret:
name: {{ print $releaseName "-certs-" $e }}
items:
- key: cert-{{ $e }}
path: cert-{{ $e }}
{{- end }}
- name: unity-config
configMap:
name: {{ .Release.Name }}-config-params
- name: unity-secret
secret:
secretName: {{ .Release.Name }}-creds
{{- if .Values.podmon.enabled }}
- name: usr-bin
hostPath:
path: /usr/bin
type: Directory
- name: kubelet-pods
hostPath:
path: {{ .Values.kubeletConfigDir }}/pods
type: Directory
- name: var-run
hostPath:
path: /var/run
type: Directory
{{- end }}

273
charts/dell/csi-unity/2.11.1/values.yaml Normal file
View File

@ -0,0 +1,273 @@
## K8S/DRIVER ATTRIBUTES
########################
# version: version of this values file
# Note: Do not change this value
# Examples : "v2.9.0" , "nightly"
version: "v2.11.1"
images:
# "driver" defines the container image, used for the driver container.
driver: dellemc/csi-unity:v2.11.1
# CSI sidecars
attacher: registry.k8s.io/sig-storage/csi-attacher:v4.6.1
provisioner: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1
snapshotter: registry.k8s.io/sig-storage/csi-snapshotter:v8.0.1
resizer: registry.k8s.io/sig-storage/csi-resizer:v1.11.1
registrar: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.10.1
healthmonitor: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.12.1
# CSM sidecars
podmon: dellemc/podmon:v1.10.0
# LogLevel is used to set the logging level of the driver.
# Allowed values: "error", "warn"/"warning", "info", "debug"
# Default value: "info"
logLevel: "info"
# certSecretCount: Represents number of certificate secrets, which user is going to create for
# ssl authentication. (unity-cert-0..unity-cert-n)
# Allowed values: n, where n > 0
# Default value: None
certSecretCount: 1
# allowedNetworks: Custom networks for Unity export
# Specify list of networks which can be used for NFS I/O traffic; CIDR format should be used.
# Allowed values: list of one or more networks (comma separated)
# Default value: None
# Examples: 192.168.1.0/24, 192.168.100.0/22
allowedNetworks:
# imagePullPolicy: Policy to determine if the image should be pulled prior to starting the container.
# Allowed values:
# Always: Always pull the image.
# IfNotPresent: Only pull the image if it does not already exist on the node.
# Never: Never pull the image.
# Default value: IfNotPresent
imagePullPolicy: Always
# Specify kubelet config dir path.
# Ensure that the config.yaml file is present at this path.
# Default value: /var/lib/kubelet
kubeletConfigDir: /var/lib/kubelet
# fsGroupPolicy: Defines if the underlying volume supports changing ownership and permission of the volume before being mounted.
# Allowed values:
# ReadWriteOnceWithFSType: supports volume ownership and permissions change only if the fsType is defined
# and the volume's accessModes contains ReadWriteOnce.
# File: kubernetes may use fsGroup to change permissions and ownership of the volume
# to match user requested fsGroup in the pod's security policy regardless of fstype or access mode.
# None: volumes will be mounted with no modifications.
# Default value: ReadWriteOnceWithFSType
fsGroupPolicy: ReadWriteOnceWithFSType
# To set nodeSelectors and tolerations for controller.
# controller: configure controller pod specific parameters
controller:
# controllerCount: defines the number of csi-unity controller pods to deploy to
# the Kubernetes release.
# Allowed values: n, where n > 0
# Default value: None
controllerCount: 2
# volumeNamePrefix: Prefix of PersistentVolume names created
# Allowed values: string
# Default value: None
volumeNamePrefix: csivol
snapshot:
# enabled: Enable/Disable volume snapshot feature
# Allowed values:
# true: enable volume snapshot feature(install snapshotter sidecar)
# false: disable volume snapshot feature(do not install snapshotter sidecar)
# Default value: None
enabled: true
# snapNamePrefix: Prefix to apply to the names of a created snapshots
# Allowed values: string
# Default value: None
snapNamePrefix: csi-snap
resizer:
# enabled: Enable/Disable volume expansion feature
# Allowed values:
# true: enable volume expansion feature(install resizer sidecar)
# false: disable volume snapshot feature(do not install resizer sidecar)
# Default value: None
enabled: true
# nodeSelector: Define node selection constraints for controller pods.
# For the pod to be eligible to run on a node, the node must have each
# of the indicated key-value pairs as labels.
# Leave as blank to consider all nodes
# Allowed values: map of key-value pairs
# Default value: None
nodeSelector:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# node-role.kubernetes.io/master: ""
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# node-role.kubernetes.io/control-plane: ""
# tolerations: Define tolerations for the controllers, if required.
# Leave as blank to install controller on worker nodes
# Default value: None
tolerations:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoExecute"
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# - key: "node-role.kubernetes.io/control-plane"
# operator: "Exists"
# effect: "NoSchedule"
healthMonitor:
# enabled: Enable/Disable health monitor of CSI volumes- volume state, volume condition
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: None
enabled: false
# interval: Interval of monitoring volume health condition
# Allowed values: Number followed by unit of time (s,m,h)
# Default value: 60s
interval: 60s
# node: configure node pod specific parameters
node:
# dnsPolicy : Define the DNS Policy of the Node service.
# ClusterFirstWithHostNet is the recommended and default DNS policy for the driver.
# Prior to v1.6 of the driver, the default DNS policy was ClusterFirst.
# In certain scenarios, users might need to change the default dnsPolicy.
# Default value: None
dnsPolicy: "ClusterFirstWithHostNet"
healthMonitor:
# enabled: Enable/Disable health monitor of CSI Volumes - volume usage
# Allowed values:
# true: enable checking of health condition of CSI volumes
# false: disable checking of health condition of CSI volumes
# Default value: None
enabled: false
# nodeSelector: Define node selection constraints for node pods.
# For the pod to be eligible to run on a node, the node must have each
# of the indicated key-value pairs as labels.
# Leave as blank to consider all nodes
# Allowed values: map of key-value pairs
# Default value: None
nodeSelector:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# node-role.kubernetes.io/master: ""
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# node-role.kubernetes.io/control-plane: ""
# tolerations: Define tolerations for the node daemonset, if required.
# Default value: None
tolerations:
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/master taint
# - key: "node-role.kubernetes.io/master"
# operator: "Exists"
# effect: "NoExecute"
# Uncomment if nodes you wish to use have the node-role.kubernetes.io/control-plane taint
# - key: "node-role.kubernetes.io/control-plane"
# operator: "Exists"
# effect: "NoExecute"
# - key: "node.kubernetes.io/memory-pressure"
# operator: "Exists"
# effect: "NoExecute"
# - key: "node.kubernetes.io/disk-pressure"
# operator: "Exists"
# effect: "NoExecute"
# - key: "node.kubernetes.io/network-unavailable"
# operator: "Exists"
# effect: "NoExecute"
# Uncomment if CSM for Resiliency and CSI Driver pods monitor are enabled
# - key: "offline.vxflexos.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "vxflexos.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "offline.unity.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "unity.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "offline.isilon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# - key: "isilon.podmon.storage.dell.com"
# operator: "Exists"
# effect: "NoSchedule"
# CSM module attributes
# service to monitor failing jobs and notify
podmon:
# enabled - flag to enable or disable podmon
# allowed values : boolean
# defaule value : None
# Examples : true , false
enabled: false
controller:
args:
- "--csisock=unix:/var/run/csi/csi.sock"
- "--labelvalue=csi-unity"
- "--driverPath=csi-unity.dellemc.com"
- "--mode=controller"
- "--skipArrayConnectionValidation=false"
- "--driver-config-params=/unity-config/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"
node:
args:
- "--csisock=unix:/var/lib/kubelet/plugins/unity.emc.dell.com/csi_sock"
- "--labelvalue=csi-unity"
- "--driverPath=csi-unity.dellemc.com"
- "--mode=node"
- "--leaderelection=false"
- "--driver-config-params=/unity-config/driver-config-params.yaml"
- "--driverPodLabelValue=dell-storage"
- "--ignoreVolumelessPods=false"
### The below parameters have been discontinued for configuration from secret.yaml and will have to be configured only in values.yaml
# syncNodeInfoInterval - Time interval to add node info to array. Default 15 minutes. Minimum value should be 1.
# Allowed values: integer
# Default value: 15
# Examples : 0 , 2
syncNodeInfoInterval: 15
# allowRWOMultiPodAccess - Flag to enable sharing of volumes across multiple pods within the same node in RWO access mode.
# Allowed values: boolean
# Default value: "false"
# Examples : "true" , "false"
allowRWOMultiPodAccess: "false"
# maxUnityVolumesPerNode - Maximum number of volumes that controller can publish to the node.
# Allowed values: integer
# Default value: 0
# Examples : 0 , 1
maxUnityVolumesPerNode: 0
# tenantName - Tenant name that need to added while adding host entry to the array.
# Allowed values: string
# Default value: ""
# Examples : "tenant2" , "tenant3"
tenantName: ""
# Storage Capacity Tracking
# Note: Capacity tracking is supported in kubernetes v1.24 and above, this feature will be automatically disabled in older versions.
storageCapacity:
# enabled : Enable/Disable storage capacity tracking
# Allowed values:
# true: enable storage capacity tracking
# false: disable storage capacity tracking
# Default value: true
enabled: true
# pollInterval : Configure how often external-provisioner polls the driver to detect changed capacity
# Allowed values: 1m,2m,3m,...,10m,...,60m etc
# Default value: 5m
pollInterval: 5m

6
charts/external-secrets/external-secrets/0.10.4/Chart.lock Normal file
View File

@ -0,0 +1,6 @@
dependencies:
- name: bitwarden-sdk-server
repository: oci://ghcr.io/external-secrets/charts
version: v0.3.1
digest: sha256:2d01e9083fc32c18dca4f9614625e0172e338a663138c2670e5b911645b6b8ee
generated: "2024-09-20T12:57:07.63511+02:00"

25
charts/external-secrets/external-secrets/0.10.4/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: External Secrets Operator
catalog.cattle.io/kube-version: '>= 1.19.0-0'
catalog.cattle.io/release-name: external-secrets
apiVersion: v2
appVersion: v0.10.4
dependencies:
- condition: bitwarden-sdk-server.enabled
name: bitwarden-sdk-server
repository: file://./charts/bitwarden-sdk-server
version: v0.3.1
description: External secret management for Kubernetes
home: https://github.com/external-secrets/external-secrets
icon: file://assets/icons/external-secrets.png
keywords:
- kubernetes-external-secrets
- secrets
kubeVersion: '>= 1.19.0-0'
maintainers:
- email: kellinmcavoy@gmail.com
name: mcavoyk
name: external-secrets
type: application
version: 0.10.4

225
charts/external-secrets/external-secrets/0.10.4/README.md Normal file
View File

@ -0,0 +1,225 @@
# External Secrets
<p><img src="https://raw.githubusercontent.com/external-secrets/external-secrets/main/assets/eso-logo-large.png" width="100x" alt="external-secrets"></p>
[//]: # (README.md generated by gotmpl. DO NOT EDIT.)
![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.4](https://img.shields.io/badge/Version-0.10.4-informational?style=flat-square)
External secret management for Kubernetes
## TL;DR
```bash
helm repo add external-secrets https://charts.external-secrets.io
helm install external-secrets external-secrets/external-secrets
```
## Installing the Chart
To install the chart with the release name `external-secrets`:
```bash
helm install external-secrets external-secrets/external-secrets
```
### Custom Resources
By default, the chart will install external-secrets CRDs, this can be controlled with `installCRDs` value.
## Uninstalling the Chart
To uninstall the `external-secrets` deployment:
```bash
helm uninstall external-secrets
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| bitwarden-sdk-server.enabled | bool | `false` | |
| certController.affinity | object | `{}` | |
| certController.create | bool | `true` | Specifies whether a certificate controller deployment be created. |
| certController.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
| certController.extraArgs | object | `{}` | |
| certController.extraEnv | list | `[]` | |
| certController.extraVolumeMounts | list | `[]` | |
| certController.extraVolumes | list | `[]` | |
| certController.fullnameOverride | string | `""` | |
| certController.hostNetwork | bool | `false` | Run the certController on the host network |
| certController.image.flavour | string | `""` | |
| certController.image.pullPolicy | string | `"IfNotPresent"` | |
| certController.image.repository | string | `"oci.external-secrets.io/external-secrets/external-secrets"` | |
| certController.image.tag | string | `""` | |
| certController.imagePullSecrets | list | `[]` | |
| certController.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook |
| certController.metrics.listen.port | int | `8080` | |
| certController.metrics.service.annotations | object | `{}` | Additional service annotations |
| certController.metrics.service.enabled | bool | `false` | Enable if you use another monitoring tool than Prometheus to scrape the metrics |
| certController.metrics.service.port | int | `8080` | Metrics service port to scrape |
| certController.nameOverride | string | `""` | |
| certController.nodeSelector | object | `{}` | |
| certController.podAnnotations | object | `{}` | Annotations to add to Pod |
| certController.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
| certController.podLabels | object | `{}` | |
| certController.podSecurityContext.enabled | bool | `true` | |
| certController.priorityClassName | string | `""` | Pod priority class name. |
| certController.rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
| certController.readinessProbe.address | string | `""` | Address for readiness probe |
| certController.readinessProbe.port | int | `8081` | ReadinessProbe port for kubelet |
| certController.replicaCount | int | `1` | |
| certController.requeueInterval | string | `"5m"` | |
| certController.resources | object | `{}` | |
| certController.revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| certController.securityContext.allowPrivilegeEscalation | bool | `false` | |
| certController.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| certController.securityContext.enabled | bool | `true` | |
| certController.securityContext.readOnlyRootFilesystem | bool | `true` | |
| certController.securityContext.runAsNonRoot | bool | `true` | |
| certController.securityContext.runAsUser | int | `1000` | |
| certController.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| certController.serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
| certController.serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the pod |
| certController.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
| certController.serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. |
| certController.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| certController.tolerations | list | `[]` | |
| certController.topologySpreadConstraints | list | `[]` | |
| commonLabels | object | `{}` | Additional labels added to all helm chart resources. |
| concurrent | int | `1` | Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at a time. |
| controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. |
| crds.annotations | object | `{}` | |
| crds.conversion.enabled | bool | `true` | |
| crds.createClusterExternalSecret | bool | `true` | If true, create CRDs for Cluster External Secret. |
| crds.createClusterSecretStore | bool | `true` | If true, create CRDs for Cluster Secret Store. |
| crds.createPushSecret | bool | `true` | If true, create CRDs for Push Secret. |
| createOperator | bool | `true` | Specifies whether an external secret operator deployment be created. |
| deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
| dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment |
| dnsPolicy | string | `"ClusterFirst"` | Specifies `dnsPolicy` to deployment |
| extendedMetricLabels | bool | `false` | If true external secrets will use recommended kubernetes annotations as prometheus metric labels. |
| extraArgs | object | `{}` | |
| extraContainers | list | `[]` | |
| extraEnv | list | `[]` | |
| extraObjects | list | `[]` | |
| extraVolumeMounts | list | `[]` | |
| extraVolumes | list | `[]` | |
| fullnameOverride | string | `""` | |
| global.affinity | object | `{}` | |
| global.compatibility.openshift.adaptSecurityContext | string | `"auto"` | Manages the securityContext properties to make them compatible with OpenShift. Possible values: auto - Apply configurations if it is detected that OpenShift is the target platform. force - Always apply configurations. disabled - No modification applied. |
| global.nodeSelector | object | `{}` | |
| global.tolerations | list | `[]` | |
| global.topologySpreadConstraints | list | `[]` | |
| hostNetwork | bool | `false` | Run the controller on the host network |
| image.flavour | string | `""` | The flavour of tag you want to use There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default, the distroless image is used. |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"oci.external-secrets.io/external-secrets/external-secrets"` | |
| image.tag | string | `""` | The image tag to use. The default is the chart appVersion. |
| imagePullSecrets | list | `[]` | |
| installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. |
| leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. |
| log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook |
| metrics.listen.port | int | `8080` | |
| metrics.service.annotations | object | `{}` | Additional service annotations |
| metrics.service.enabled | bool | `false` | Enable if you use another monitoring tool than Prometheus to scrape the metrics |
| metrics.service.port | int | `8080` | Metrics service port to scrape |
| nameOverride | string | `""` | |
| namespaceOverride | string | `""` | |
| nodeSelector | object | `{}` | |
| podAnnotations | object | `{}` | Annotations to add to Pod |
| podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
| podLabels | object | `{}` | |
| podSecurityContext.enabled | bool | `true` | |
| podSpecExtra | object | `{}` | Any extra pod spec on the deployment |
| priorityClassName | string | `""` | Pod priority class name. |
| processClusterExternalSecret | bool | `true` | if true, the operator will process cluster external secret. Else, it will ignore them. |
| processClusterStore | bool | `true` | if true, the operator will process cluster store. Else, it will ignore them. |
| processPushSecret | bool | `true` | if true, the operator will process push secret. Else, it will ignore them. |
| rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
| rbac.servicebindings.create | bool | `true` | Specifies whether a clusterrole to give servicebindings read access should be created. |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
| revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| scopedNamespace | string | `""` | If set external secrets are only reconciled in the provided namespace |
| scopedRBAC | bool | `false` | Must be used with scopedNamespace. If true, create scoped RBAC roles under the scoped namespace and implicitly disable cluster stores and cluster external secrets |
| securityContext.allowPrivilegeEscalation | bool | `false` | |
| securityContext.capabilities.drop[0] | string | `"ALL"` | |
| securityContext.enabled | bool | `true` | |
| securityContext.readOnlyRootFilesystem | bool | `true` | |
| securityContext.runAsNonRoot | bool | `true` | |
| securityContext.runAsUser | int | `1000` | |
| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| service.ipFamilies | list | `[]` | Sets the families that should be supported and the order in which they should be applied to ClusterIP as well. Can be IPv4 and/or IPv6. |
| service.ipFamilyPolicy | string | `""` | Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) |
| serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
| serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the pod |
| serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
| serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. |
| serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| serviceMonitor.additionalLabels | object | `{}` | Additional labels |
| serviceMonitor.enabled | bool | `false` | Specifies whether to create a ServiceMonitor resource for collecting Prometheus metrics |
| serviceMonitor.honorLabels | bool | `false` | Let prometheus add an exported_ prefix to conflicting labels |
| serviceMonitor.interval | string | `"30s"` | Interval to scrape metrics |
| serviceMonitor.metricRelabelings | list | `[]` | Metric relabel configs to apply to samples before ingestion. [Metric Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs) |
| serviceMonitor.namespace | string | `""` | namespace where you want to install ServiceMonitors |
| serviceMonitor.relabelings | list | `[]` | Relabel configs to apply to samples before ingestion. [Relabeling](https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config) |
| serviceMonitor.scrapeTimeout | string | `"25s"` | Timeout if metrics can't be retrieved in given time interval |
| tolerations | list | `[]` | |
| topologySpreadConstraints | list | `[]` | |
| webhook.affinity | object | `{}` | |
| webhook.certCheckInterval | string | `"5m"` | Specifices the time to check if the cert is valid |
| webhook.certDir | string | `"/tmp/certs"` | |
| webhook.certManager.addInjectorAnnotations | bool | `true` | Automatically add the cert-manager.io/inject-ca-from annotation to the webhooks and CRDs. As long as you have the cert-manager CA Injector enabled, this will automatically setup your webhook's CA to the one used by cert-manager. See https://cert-manager.io/docs/concepts/ca-injector |
| webhook.certManager.cert.annotations | object | `{}` | Add extra annotations to the Certificate resource. |
| webhook.certManager.cert.create | bool | `true` | Create a certificate resource within this chart. See https://cert-manager.io/docs/usage/certificate/ |
| webhook.certManager.cert.duration | string | `"8760h"` | Set the requested duration (i.e. lifetime) of the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec One year by default. |
| webhook.certManager.cert.issuerRef | object | `{"group":"cert-manager.io","kind":"Issuer","name":"my-issuer"}` | For the Certificate created by this chart, setup the issuer. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec |
| webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificates expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. |
| webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ |
| webhook.create | bool | `true` | Specifies whether a webhook deployment be created. |
| webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |
| webhook.extraArgs | object | `{}` | |
| webhook.extraEnv | list | `[]` | |
| webhook.extraVolumeMounts | list | `[]` | |
| webhook.extraVolumes | list | `[]` | |
| webhook.failurePolicy | string | `"Fail"` | Specifies whether validating webhooks should be created with failurePolicy: Fail or Ignore |
| webhook.fullnameOverride | string | `""` | |
| webhook.hostNetwork | bool | `false` | Specifies if webhook pod should use hostNetwork or not. |
| webhook.image.flavour | string | `""` | The flavour of tag you want to use |
| webhook.image.pullPolicy | string | `"IfNotPresent"` | |
| webhook.image.repository | string | `"oci.external-secrets.io/external-secrets/external-secrets"` | |
| webhook.image.tag | string | `""` | The image tag to use. The default is the chart appVersion. |
| webhook.imagePullSecrets | list | `[]` | |
| webhook.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook |
| webhook.lookaheadInterval | string | `""` | Specifices the lookaheadInterval for certificate validity |
| webhook.metrics.listen.port | int | `8080` | |
| webhook.metrics.service.annotations | object | `{}` | Additional service annotations |
| webhook.metrics.service.enabled | bool | `false` | Enable if you use another monitoring tool than Prometheus to scrape the metrics |
| webhook.metrics.service.port | int | `8080` | Metrics service port to scrape |
| webhook.nameOverride | string | `""` | |
| webhook.nodeSelector | object | `{}` | |
| webhook.podAnnotations | object | `{}` | Annotations to add to Pod |
| webhook.podDisruptionBudget | object | `{"enabled":false,"minAvailable":1}` | Pod disruption budget - for more details see https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
| webhook.podLabels | object | `{}` | |
| webhook.podSecurityContext.enabled | bool | `true` | |
| webhook.port | int | `10250` | The port the webhook will listen to |
| webhook.priorityClassName | string | `""` | Pod priority class name. |
| webhook.rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
| webhook.readinessProbe.address | string | `""` | Address for readiness probe |
| webhook.readinessProbe.port | int | `8081` | ReadinessProbe port for kubelet |
| webhook.replicaCount | int | `1` | |
| webhook.resources | object | `{}` | |
| webhook.revisionHistoryLimit | int | `10` | Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) |
| webhook.secretAnnotations | object | `{}` | Annotations to add to Secret |
| webhook.securityContext.allowPrivilegeEscalation | bool | `false` | |
| webhook.securityContext.capabilities.drop[0] | string | `"ALL"` | |
| webhook.securityContext.enabled | bool | `true` | |
| webhook.securityContext.readOnlyRootFilesystem | bool | `true` | |
| webhook.securityContext.runAsNonRoot | bool | `true` | |
| webhook.securityContext.runAsUser | int | `1000` | |
| webhook.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | |
| webhook.serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
| webhook.serviceAccount.automount | bool | `true` | Automounts the service account token in all containers of the pod |
| webhook.serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
| webhook.serviceAccount.extraLabels | object | `{}` | Extra Labels to add to the service account. |
| webhook.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. |
| webhook.tolerations | list | `[]` | |
| webhook.topologySpreadConstraints | list | `[]` | |

Some files were not shown because too many files have changed in this diff Show More