diff --git a/assets/loft/loft-2.2.101.tgz b/assets/loft/loft-2.2.101.tgz new file mode 100644 index 000000000..aae24bdb9 Binary files /dev/null and b/assets/loft/loft-2.2.101.tgz differ diff --git a/charts/loft/loft/2.2.101/.helmignore b/charts/loft/loft/2.2.101/.helmignore new file mode 100644 index 000000000..f0c131944 --- /dev/null +++ b/charts/loft/loft/2.2.101/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/loft/loft/2.2.101/Chart.yaml b/charts/loft/loft/2.2.101/Chart.yaml new file mode 100644 index 000000000..a6c0c6de1 --- /dev/null +++ b/charts/loft/loft/2.2.101/Chart.yaml @@ -0,0 +1,31 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Loft + catalog.cattle.io/release-name: loft +apiVersion: v2 +description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual + Clusters +home: https://loft.sh +icon: https://static.loft.sh/loft/logo/loft-logo.svg +keywords: +- developer +- development +- sharing +- share +- multi-tenancy +- tenancy +- cluster +- space +- namespace +- vcluster +- vclusters +kubeVersion: '>= 1.22-0' +maintainers: +- email: info@loft.sh + name: Loft Labs, Inc. + url: https://twitter.com/loft_sh +name: loft +sources: +- https://github.com/loft-sh/loft +type: application +version: 2.2.101 diff --git a/charts/loft/loft/2.2.101/app-readme.md b/charts/loft/loft/2.2.101/app-readme.md new file mode 100644 index 000000000..d566f1492 --- /dev/null +++ b/charts/loft/loft/2.2.101/app-readme.md @@ -0,0 +1,12 @@ +# Loft Chart + +## Namespace & Virtual Cluster Manager for Kubernetes + +- Lightweight Virtual Clusters that are flexible like namespaces but much more powerful +- Sleep Mode to put idle namespaces and virtual clusters asleep and saves up to 70% cloud costs +- Accounts & Account Users to separate tenants in a shared Kubernetes cluster +- Self-Service Namespace Provisioning for account users +- Account Limits to ensure quality of service and fairness when sharing a cluster +- Namespace Templates for secure tenant isolation and self-service namespace initialization +- Multi-Cluster Tenant Management for sharing a pool of clusters +- GitOps-Ready: Custom Resource Definitions for everything loft does diff --git a/charts/loft/loft/2.2.101/templates/NOTES.txt b/charts/loft/loft/2.2.101/templates/NOTES.txt new file mode 100644 index 000000000..6f54f1872 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/NOTES.txt @@ -0,0 +1,8 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To learn more about the release, try: + + $ helm status {{ .Release.Name }} + $ helm get all {{ .Release.Name }} diff --git a/charts/loft/loft/2.2.101/templates/_helpers.tpl b/charts/loft/loft/2.2.101/templates/_helpers.tpl new file mode 100644 index 000000000..8501a436b --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/_helpers.tpl @@ -0,0 +1,74 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "loft.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "loft.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "loft.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "loft.labels" -}} +app.kubernetes.io/name: {{ include "loft.name" . }} +helm.sh/chart: {{ include "loft.chart" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- else }} +app.kubernetes.io/version: {{ .Chart.Version | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "loft.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} +{{ default (include "loft.fullname" .) .Values.serviceAccount.name }} +{{- else -}} +{{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} + +{{/* +Get access key for invite link +*/}} +{{- $}} +{{- define "loft.admin.accessKey" -}} +{{- now | unixEpoch | toString | trunc 8 | sha256sum -}} +{{- end -}} + +{{/* +Get loft admin user username +*/}} +{{- $}} +{{- define "loft.admin.name" -}} +admin +{{- end -}} diff --git a/charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml b/charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml new file mode 100644 index 000000000..349738671 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml @@ -0,0 +1,22 @@ +{{- if .Values.certIssuer.create }} +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: {{ .Values.certIssuer.name }} +spec: + acme: + email: {{ .Values.certIssuer.email }} + server: {{ .Values.certIssuer.server }} + privateKeySecretRef: + name: {{ .Values.certIssuer.secretName }} + solvers: + {{- if .Values.certIssuer.httpResolver.enabled }} + - http01: + ingress: + class: {{ .Values.certIssuer.httpResolver.ingressClass }} + {{- end }} + {{- range .Values.certIssuer.resolvers }} + - +{{ toYaml . | indent 6 }} + {{- end }} +{{- end }} diff --git a/charts/loft/loft/2.2.101/templates/deployment.yaml b/charts/loft/loft/2.2.101/templates/deployment.yaml new file mode 100644 index 000000000..12ccda428 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/deployment.yaml @@ -0,0 +1,183 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "loft.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- with .Values.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.annotations .Values.commonAnnotations }} + annotations: + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "loft.fullname" . }} + release: {{ .Release.Name }} + replicas: {{ .Values.replicaCount }} + strategy: + rollingUpdate: + maxSurge: 1 + {{- if (eq (int .Values.replicaCount) 1) }} + maxUnavailable: 0 + {{- else }} + maxUnavailable: 1 + {{- end }} + type: RollingUpdate + template: + metadata: + labels: + app: {{ template "loft.fullname" . }} + release: {{ .Release.Name }} +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} + spec: + terminationGracePeriodSeconds: 10 + serviceAccountName: {{ template "loft.serviceAccountName" . }} + volumes: + {{- if .Values.volumes }} +{{ toYaml .Values.volumes | indent 8 }} + {{- end }} + {{- if .Values.audit }} + {{- if .Values.audit.persistence.enabled }} + - name: audit-log + persistentVolumeClaim: + claimName: {{ template "loft.fullname" . }}-audit + {{- else if .Values.audit.enableSideCar }} + - name: audit-log + emptyDir: {} + {{- end }} + {{- end }} + containers: + - name: manager + {{- if .Values.image }} + image: "{{ .Values.image }}" + {{- else }} + image: "loftsh/loft:{{ .Chart.Version }}" + {{- end }} + ports: + - name: http + containerPort: 8080 + - name: https + containerPort: 10443 + - name: https-priv + containerPort: 443 + {{- if .Values.livenessProbe }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /healthz + port: 8080 + failureThreshold: 20 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- end }} + {{- end }} + {{- if .Values.readinessProbe }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /healthz + port: 8080 + failureThreshold: 20 + initialDelaySeconds: 5 + periodSeconds: 10 + {{- end }} + {{- end }} + env: + - name: ADMIN_EMAIL + value: {{ .Values.admin.email | quote }} + {{- if .Values.admin.password }} + - name: ADMIN_PASSWORD_HASH + value: {{ .Values.admin.password | sha256sum | quote }} + {{- end }} + {{- range $key, $value := .Values.envValueFrom }} + - name: {{ $key | quote }} + valueFrom: +{{ toYaml $value | indent 12 }} + {{- end }} + {{- if .Values.tls }} + {{- if .Values.tls.enabled }} + - name: PROXY_TLS_CERT + valueFrom: + secretKeyRef: + name: {{ .Values.tls.secret }} + key: {{ .Values.tls.crtKey }} + - name: PROXY_TLS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.tls.secret }} + key: {{ .Values.tls.keyKey }} + {{- end }} + {{- end }} + {{- if not .Values.apiService.enabled }} + - name: APISERVICE_DISABLED + value: "true" + {{- end }} + {{- range $key, $value := .Values.env }} + - name: {{ $key | quote }} + value: {{ $value | quote }} + {{- end }} + volumeMounts: + {{- if .Values.volumeMounts }} +{{ toYaml .Values.volumeMounts | indent 10 }} + {{- end }} + {{- if .Values.audit }} + {{- if or .Values.audit.enableSideCar .Values.audit.persistence.enabled }} + - mountPath: /var/log/loft + name: audit-log + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + {{- if .Values.securityContext }} + {{- if .Values.securityContext.enabled }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + add: + - NET_BIND_SERVICE + runAsNonRoot: true + {{- end }} + {{- end }} + {{- if .Values.audit }} + {{- if .Values.audit.enableSideCar }} + - name: audit + image: "{{ .Values.audit.image }}" + command: ["sh"] + args: ["-c", "touch /var/log/loft/audit.log && tail -F /var/log/loft/audit.log"] + volumeMounts: + - mountPath: /var/log/loft + name: audit-log + {{- end }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/ingress.yaml b/charts/loft/loft/2.2.101/templates/ingress.yaml new file mode 100644 index 000000000..ed844bda3 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/ingress.yaml @@ -0,0 +1,56 @@ +{{- if .Values.ingress.enabled }} +{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress"}} +apiVersion: networking.k8s.io/v1 +{{- else }} +apiVersion: networking.k8s.io/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: {{ .Values.ingress.name }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- with .Values.ingress.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + annotations: + kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass }} + nginx.ingress.kubernetes.io/proxy-read-timeout: "43200" + nginx.ingress.kubernetes.io/proxy-send-timeout: "43200" + nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k" + nginx.ingress.kubernetes.io/proxy-buffer-size: "32k" + nginx.org/websocket-services: loft + {{- with .Values.ingress.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: {{ .Values.ingress.path }} + {{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }} + pathType: ImplementationSpecific + backend: + service: + name: loft + port: + number: 80 + {{- else }} + backend: + serviceName: loft + servicePort: 80 + {{- end }} + {{- if .Values.ingress.tls.enabled }} + tls: + - hosts: + - {{ .Values.ingress.host }} + secretName: {{ .Values.ingress.tls.secret }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/pvc.yaml b/charts/loft/loft/2.2.101/templates/pvc.yaml new file mode 100644 index 000000000..cbe9a0602 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/pvc.yaml @@ -0,0 +1,18 @@ +{{- if .Values.audit }} +{{- if .Values.audit.persistence.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ template "loft.fullname" . }}-audit + {{- if .Values.commonAnnotations }} + annotations: + {{- toYaml .Values.commonAnnotations | nindent 4 }} + {{- end }} +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: {{ .Values.audit.persistence.storageClassName }} + resources: + requests: + storage: {{ .Values.audit.persistence.size }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml b/charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml new file mode 100644 index 000000000..175eedbdb --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: loft-management-admin + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- if .Values.commonAnnotations }} + annotations: + {{- toYaml .Values.commonAnnotations | nindent 4 }} + {{- end }} +subjects: +- kind: ServiceAccount + name: {{ template "loft.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.serviceAccount.clusterRole }} + apiGroup: rbac.authorization.k8s.io \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/secret.yaml b/charts/loft/loft/2.2.101/templates/secret.yaml new file mode 100644 index 000000000..76b75093d --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/secret.yaml @@ -0,0 +1,19 @@ +{{- if .Values.config }} +apiVersion: v1 +kind: Secret +metadata: + name: loft-config + namespace: {{ .Release.Namespace }} + annotations: + helm.sh/hook: pre-install + {{- if or .Values.commonAnnotations .Values.secretAnnotations }} + {{- with .Values.secretAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +data: + config: {{ toYaml .Values.config | b64enc }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/service.yaml b/charts/loft/loft/2.2.101/templates/service.yaml new file mode 100644 index 000000000..260d40214 --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/service.yaml @@ -0,0 +1,39 @@ +apiVersion: v1 +kind: Service +metadata: + name: loft + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + loft.sh/service: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- with .Values.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- with .Values.service.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + port: 80 + targetPort: 8080 + nodePort: {{ .Values.service.httpNodePort }} + protocol: TCP + - name: https + port: 443 + targetPort: 10443 + nodePort: {{ .Values.service.httpsNodePort }} + protocol: TCP + selector: + app: {{ template "loft.fullname" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/templates/serviceaccount.yaml b/charts/loft/loft/2.2.101/templates/serviceaccount.yaml new file mode 100644 index 000000000..0ca0fb51e --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/serviceaccount.yaml @@ -0,0 +1,25 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "loft.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "loft.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- with .Values.serviceAccount.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.commonAnnotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +{{- if .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: +{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }} +{{- end }} +{{- end }} diff --git a/charts/loft/loft/2.2.101/templates/servicemonitor.yaml b/charts/loft/loft/2.2.101/templates/servicemonitor.yaml new file mode 100644 index 000000000..d85207d7a --- /dev/null +++ b/charts/loft/loft/2.2.101/templates/servicemonitor.yaml @@ -0,0 +1,32 @@ +{{- if .Values.serviceMonitor }} +{{- if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: loft + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- else }} + namespace: {{ .Release.Namespace | quote }} + {{- end }} + labels: + app: {{ template "loft.fullname" . }} +{{- if .Values.serviceMonitor.labels }} +{{ toYaml .Values.serviceMonitor.labels | indent 4}} +{{- end }} +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + targetPort: {{ .Values.serviceMonitor.targetPort }} + path: {{ .Values.serviceMonitor.path }} + interval: {{ .Values.serviceMonitor.interval }} + scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} + jobLabel: {{ .Values.serviceMonitor.jobLabel }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + loft.sh/service: {{ template "loft.fullname" . }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/loft/loft/2.2.101/values.yaml b/charts/loft/loft/2.2.101/values.yaml new file mode 100644 index 000000000..9faac0d3b --- /dev/null +++ b/charts/loft/loft/2.2.101/values.yaml @@ -0,0 +1,155 @@ +# If an admin user should be created during deployment +admin: + create: true + username: admin + password: "my-password" + +# Loft service options +service: + type: ClusterIP + # labels: {} # {key: value} map of labels for the service + # annotations: {} # {key: value} map of annotations for the service + +# Ingress options to use loft behind an ingress +ingress: + enabled: false + name: loft-ingress + # labels: {} # {key: value} map of labels for the ingress + # annotations: {} # {key: value} map of annotations for the ingress + host: loft.mydomain.tld + ingressClass: nginx + path: / + tls: + enabled: true + secret: tls-loft + clusterIssuer: lets-encrypt-http-issuer + +# TLS configuration with a custom cert and key +# Make sure the secret exists prior to deploying loft, +# otherwise the loft pod will not be able to start +tls: + enabled: false + secret: loft-tls + crtKey: tls.crt + keyKey: tls.key + +# Additional annotations for the loft deployment +# annotations: {} + +# Additional labels for the loft deployment +# labels: {} + +# Additional annotations for the loft pod +# podAnnotations: {} + +# Additional common annotations for all resources +# commonAnnotations: {} + +# Annotations for the loft-config secret +# secretAnnotations: {} + +# Additional labels for the loft pod +# podLabels: {} + +# Default values for loft deployment. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# Default value is: loftsh/loft:{{ .Chart.Version }} +image: loftsh/loft:2.2.1 + +# Additional enviroment variables in the form of +# VAR_NAME: VAR_VALUE +env: {} + +# Additional environment variables in the form of +# VAR_NAME: +# secretKeyRef: +# name: mysecret +# key: username +envValueFrom: {} + +# Replica amount of the loft deployment +replicaCount: 1 + +# Resources of the loft deployment +resources: + requests: + memory: 128Mi + cpu: 50m + limits: + memory: 2Gi + cpu: "2" + +# Additional volumes that should be mounted to the loft deployment +volumes: [] + +# Additional volume mounts that should be mounted into the loft container +volumeMounts: [] + +# If the readinessProbe should be enabled +readinessProbe: + enabled: true + +# If the livenessProbe should be enabled +livenessProbe: + enabled: true + +# If an extension api service should be registered for +# the loft apis in kubernetes +apiService: + enabled: false + +# Additional loft service account options +serviceAccount: + name: loft + create: true + clusterRole: cluster-admin + annotations: {} + +nameOverride: "" +fullnameOverride: "" + +# If a cert issuer should be created for loft +certIssuer: + create: false + email: "" # This is a required field if create == true + name: lets-encrypt-http-issuer + secretName: loft-letsencrypt-credentials + server: https://acme-v02.api.letsencrypt.org/directory + httpResolver: + enabled: true + ingressClass: nginx + resolvers: [] + +# Additional options for audit logging +audit: + enableSideCar: false + image: library/alpine:3.13.1 + persistence: + enabled: false + size: 10Gi + # Optional storage class + #storageClassName: my-storage-class + +# Prometheus Service Monitor Configuration +serviceMonitor: + enabled: false + jobLabel: loft + targetPort: 80 + path: /metrics + interval: 60s + scrapeTimeout: 30s + labels: {} + +# Loft config to use initially +config: + audit: + enabled: true + +# Enables running loft agent with a security context that: +# - disables privileged escalation +# - drops all capabilities +# - runs as non-root +securityContext: + enabled: true diff --git a/index.yaml b/index.yaml index 61f36cec7..d099c6389 100755 --- a/index.yaml +++ b/index.yaml @@ -3245,6 +3245,42 @@ entries: urls: - assets/linkerd/linkerd2-2.11.0.tgz version: 2.11.0 + loft: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Loft + catalog.cattle.io/release-name: loft + apiVersion: v2 + created: "2022-07-20T15:43:52.926618-04:00" + description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual + Clusters + digest: 023d80f68967529b5c98f4b4feaa5f6f108ea8b119f12264fc8f9093985f10cf + home: https://loft.sh + icon: https://static.loft.sh/loft/logo/loft-logo.svg + keywords: + - developer + - development + - sharing + - share + - multi-tenancy + - tenancy + - cluster + - space + - namespace + - vcluster + - vclusters + kubeVersion: '>= 1.22-0' + maintainers: + - email: info@loft.sh + name: Loft Labs, Inc. + url: https://twitter.com/loft_sh + name: loft + sources: + - https://github.com/loft-sh/loft + type: application + urls: + - assets/loft/loft-2.2.101.tgz + version: 2.2.101 minio-operator: - annotations: catalog.cattle.io/certified: partner