andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Make charts - Loft 2.2.1

pull/472/head
Samuel Attwood 2022-07-20 15:44:47 -04:00
parent f07c14c144
commit 52af8f18fd
17 changed files with 752 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/loft/loft-2.2.101.tgz Normal file
View File

Binary file not shown.

21
charts/loft/loft/2.2.101/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

31
charts/loft/loft/2.2.101/Chart.yaml Normal file
View File

@ -0,0 +1,31 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Loft
catalog.cattle.io/release-name: loft
apiVersion: v2
description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual
Clusters
home: https://loft.sh
icon: https://static.loft.sh/loft/logo/loft-logo.svg
keywords:
- developer
- development
- sharing
- share
- multi-tenancy
- tenancy
- cluster
- space
- namespace
- vcluster
- vclusters
kubeVersion: '>= 1.22-0'
maintainers:
- email: info@loft.sh
name: Loft Labs, Inc.
url: https://twitter.com/loft_sh
name: loft
sources:
- https://github.com/loft-sh/loft
type: application
version: 2.2.101

12
charts/loft/loft/2.2.101/app-readme.md Normal file
View File

@ -0,0 +1,12 @@
# Loft Chart
## Namespace & Virtual Cluster Manager for Kubernetes
- Lightweight Virtual Clusters that are flexible like namespaces but much more powerful
- Sleep Mode to put idle namespaces and virtual clusters asleep and saves up to 70% cloud costs
- Accounts & Account Users to separate tenants in a shared Kubernetes cluster
- Self-Service Namespace Provisioning for account users
- Account Limits to ensure quality of service and fairness when sharing a cluster
- Namespace Templates for secure tenant isolation and self-service namespace initialization
- Multi-Cluster Tenant Management for sharing a pool of clusters
- GitOps-Ready: Custom Resource Definitions for everything loft does

8
charts/loft/loft/2.2.101/templates/NOTES.txt Normal file
View File

@ -0,0 +1,8 @@
Thank you for installing {{ .Chart.Name }}.
Your release is named {{ .Release.Name }}.
To learn more about the release, try:
$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}

74
charts/loft/loft/2.2.101/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,74 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "loft.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "loft.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "loft.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "loft.labels" -}}
app.kubernetes.io/name: {{ include "loft.name" . }}
helm.sh/chart: {{ include "loft.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- else }}
app.kubernetes.io/version: {{ .Chart.Version | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "loft.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "loft.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Get access key for invite link
*/}}
{{- $}}
{{- define "loft.admin.accessKey" -}}
{{- now | unixEpoch | toString | trunc 8 | sha256sum -}}
{{- end -}}
{{/*
Get loft admin user username
*/}}
{{- $}}
{{- define "loft.admin.name" -}}
admin
{{- end -}}

22
charts/loft/loft/2.2.101/templates/cert-issuer/issuer.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- if .Values.certIssuer.create }}
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: {{ .Values.certIssuer.name }}
spec:
acme:
email: {{ .Values.certIssuer.email }}
server: {{ .Values.certIssuer.server }}
privateKeySecretRef:
name: {{ .Values.certIssuer.secretName }}
solvers:
{{- if .Values.certIssuer.httpResolver.enabled }}
- http01:
ingress:
class: {{ .Values.certIssuer.httpResolver.ingressClass }}
{{- end }}
{{- range .Values.certIssuer.resolvers }}
-
{{ toYaml . | indent 6 }}
{{- end }}
{{- end }}

183
charts/loft/loft/2.2.101/templates/deployment.yaml Normal file
View File

@ -0,0 +1,183 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "loft.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- with .Values.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.annotations .Values.commonAnnotations }}
annotations:
{{- with .Values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.commonAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
selector:
matchLabels:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}
replicas: {{ .Values.replicaCount }}
strategy:
rollingUpdate:
maxSurge: 1
{{- if (eq (int .Values.replicaCount) 1) }}
maxUnavailable: 0
{{- else }}
maxUnavailable: 1
{{- end }}
type: RollingUpdate
template:
metadata:
labels:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}
{{- if .Values.podLabels }}
{{ toYaml .Values.podLabels | indent 8 }}
{{- end }}
{{- if .Values.podAnnotations }}
annotations:
{{ toYaml .Values.podAnnotations | indent 8 }}
{{- end }}
spec:
terminationGracePeriodSeconds: 10
serviceAccountName: {{ template "loft.serviceAccountName" . }}
volumes:
{{- if .Values.volumes }}
{{ toYaml .Values.volumes | indent 8 }}
{{- end }}
{{- if .Values.audit }}
{{- if .Values.audit.persistence.enabled }}
- name: audit-log
persistentVolumeClaim:
claimName: {{ template "loft.fullname" . }}-audit
{{- else if .Values.audit.enableSideCar }}
- name: audit-log
emptyDir: {}
{{- end }}
{{- end }}
containers:
- name: manager
{{- if .Values.image }}
image: "{{ .Values.image }}"
{{- else }}
image: "loftsh/loft:{{ .Chart.Version }}"
{{- end }}
ports:
- name: http
containerPort: 8080
- name: https
containerPort: 10443
- name: https-priv
containerPort: 443
{{- if .Values.livenessProbe }}
{{- if .Values.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthz
port: 8080
failureThreshold: 20
initialDelaySeconds: 5
periodSeconds: 10
{{- end }}
{{- end }}
{{- if .Values.readinessProbe }}
{{- if .Values.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthz
port: 8080
failureThreshold: 20
initialDelaySeconds: 5
periodSeconds: 10
{{- end }}
{{- end }}
env:
- name: ADMIN_EMAIL
value: {{ .Values.admin.email | quote }}
{{- if .Values.admin.password }}
- name: ADMIN_PASSWORD_HASH
value: {{ .Values.admin.password | sha256sum | quote }}
{{- end }}
{{- range $key, $value := .Values.envValueFrom }}
- name: {{ $key | quote }}
valueFrom:
{{ toYaml $value | indent 12 }}
{{- end }}
{{- if .Values.tls }}
{{- if .Values.tls.enabled }}
- name: PROXY_TLS_CERT
valueFrom:
secretKeyRef:
name: {{ .Values.tls.secret }}
key: {{ .Values.tls.crtKey }}
- name: PROXY_TLS_KEY
valueFrom:
secretKeyRef:
name: {{ .Values.tls.secret }}
key: {{ .Values.tls.keyKey }}
{{- end }}
{{- end }}
{{- if not .Values.apiService.enabled }}
- name: APISERVICE_DISABLED
value: "true"
{{- end }}
{{- range $key, $value := .Values.env }}
- name: {{ $key | quote }}
value: {{ $value | quote }}
{{- end }}
volumeMounts:
{{- if .Values.volumeMounts }}
{{ toYaml .Values.volumeMounts | indent 10 }}
{{- end }}
{{- if .Values.audit }}
{{- if or .Values.audit.enableSideCar .Values.audit.persistence.enabled }}
- mountPath: /var/log/loft
name: audit-log
{{- end }}
{{- end }}
resources:
{{ toYaml .Values.resources | indent 10 }}
{{- if .Values.securityContext }}
{{- if .Values.securityContext.enabled }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
runAsNonRoot: true
{{- end }}
{{- end }}
{{- if .Values.audit }}
{{- if .Values.audit.enableSideCar }}
- name: audit
image: "{{ .Values.audit.image }}"
command: ["sh"]
args: ["-c", "touch /var/log/loft/audit.log && tail -F /var/log/loft/audit.log"]
volumeMounts:
- mountPath: /var/log/loft
name: audit-log
{{- end }}
{{- end }}
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{ toYaml .Values.affinity | indent 8 }}
{{- end }}
{{- if .Values.tolerations }}
tolerations:
{{ toYaml .Values.tolerations | indent 8 }}
{{- end }}

56
charts/loft/loft/2.2.101/templates/ingress.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- if .Values.ingress.enabled }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress"}}
apiVersion: networking.k8s.io/v1
{{- else }}
apiVersion: networking.k8s.io/v1beta1
{{- end }}
kind: Ingress
metadata:
name: {{ .Values.ingress.name }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- with .Values.ingress.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
annotations:
kubernetes.io/ingress.class: {{ .Values.ingress.ingressClass }}
nginx.ingress.kubernetes.io/proxy-read-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-send-timeout: "43200"
nginx.ingress.kubernetes.io/proxy-buffers-number: "8 32k"
nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"
nginx.org/websocket-services: loft
{{- with .Values.ingress.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.commonAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.path }}
{{- if $.Capabilities.APIVersions.Has "networking.k8s.io/v1/Ingress" }}
pathType: ImplementationSpecific
backend:
service:
name: loft
port:
number: 80
{{- else }}
backend:
serviceName: loft
servicePort: 80
{{- end }}
{{- if .Values.ingress.tls.enabled }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.ingress.tls.secret }}
{{- end }}
{{- end }}

18
charts/loft/loft/2.2.101/templates/pvc.yaml Normal file
View File

@ -0,0 +1,18 @@
{{- if .Values.audit }}
{{- if .Values.audit.persistence.enabled }}
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: {{ template "loft.fullname" . }}-audit
{{- if .Values.commonAnnotations }}
annotations:
{{- toYaml .Values.commonAnnotations | nindent 4 }}
{{- end }}
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: {{ .Values.audit.persistence.storageClassName }}
resources:
requests:
storage: {{ .Values.audit.persistence.size }}
{{- end }}
{{- end }}

21
charts/loft/loft/2.2.101/templates/rbac/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,21 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: loft-management-admin
labels:
app: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if .Values.commonAnnotations }}
annotations:
{{- toYaml .Values.commonAnnotations | nindent 4 }}
{{- end }}
subjects:
- kind: ServiceAccount
name: {{ template "loft.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Values.serviceAccount.clusterRole }}
apiGroup: rbac.authorization.k8s.io

19
charts/loft/loft/2.2.101/templates/secret.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- if .Values.config }}
apiVersion: v1
kind: Secret
metadata:
name: loft-config
namespace: {{ .Release.Namespace }}
annotations:
helm.sh/hook: pre-install
{{- if or .Values.commonAnnotations .Values.secretAnnotations }}
{{- with .Values.secretAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.commonAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
data:
config: {{ toYaml .Values.config | b64enc }}
{{- end }}

39
charts/loft/loft/2.2.101/templates/service.yaml Normal file
View File

@ -0,0 +1,39 @@
apiVersion: v1
kind: Service
metadata:
name: loft
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
loft.sh/service: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- with .Values.service.labels }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- if or .Values.service.annotations .Values.commonAnnotations }}
annotations:
{{- with .Values.service.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.commonAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
type: {{ .Values.service.type }}
ports:
- name: http
port: 80
targetPort: 8080
nodePort: {{ .Values.service.httpNodePort }}
protocol: TCP
- name: https
port: 443
targetPort: 10443
nodePort: {{ .Values.service.httpsNodePort }}
protocol: TCP
selector:
app: {{ template "loft.fullname" . }}
release: {{ .Release.Name }}

25
charts/loft/loft/2.2.101/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,25 @@
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "loft.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "loft.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
annotations:
{{- with .Values.serviceAccount.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.commonAnnotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- if .Values.serviceAccount.imagePullSecrets }}
imagePullSecrets:
{{ toYaml .Values.serviceAccount.imagePullSecrets | indent 2 }}
{{- end }}
{{- end }}

32
charts/loft/loft/2.2.101/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- if .Values.serviceMonitor }}
{{- if .Values.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: loft
{{- if .Values.serviceMonitor.namespace }}
namespace: {{ .Values.serviceMonitor.namespace }}
{{- else }}
namespace: {{ .Release.Namespace | quote }}
{{- end }}
labels:
app: {{ template "loft.fullname" . }}
{{- if .Values.serviceMonitor.labels }}
{{ toYaml .Values.serviceMonitor.labels | indent 4}}
{{- end }}
spec:
endpoints:
- bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
targetPort: {{ .Values.serviceMonitor.targetPort }}
path: {{ .Values.serviceMonitor.path }}
interval: {{ .Values.serviceMonitor.interval }}
scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
jobLabel: {{ .Values.serviceMonitor.jobLabel }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
loft.sh/service: {{ template "loft.fullname" . }}
{{- end }}
{{- end }}

155
charts/loft/loft/2.2.101/values.yaml Normal file
View File

@ -0,0 +1,155 @@
# If an admin user should be created during deployment
admin:
create: true
username: admin
password: "my-password"
# Loft service options
service:
type: ClusterIP
# labels: {} # {key: value} map of labels for the service
# annotations: {} # {key: value} map of annotations for the service
# Ingress options to use loft behind an ingress
ingress:
enabled: false
name: loft-ingress
# labels: {} # {key: value} map of labels for the ingress
# annotations: {} # {key: value} map of annotations for the ingress
host: loft.mydomain.tld
ingressClass: nginx
path: /
tls:
enabled: true
secret: tls-loft
clusterIssuer: lets-encrypt-http-issuer
# TLS configuration with a custom cert and key
# Make sure the secret exists prior to deploying loft,
# otherwise the loft pod will not be able to start
tls:
enabled: false
secret: loft-tls
crtKey: tls.crt
keyKey: tls.key
# Additional annotations for the loft deployment
# annotations: {}
# Additional labels for the loft deployment
# labels: {}
# Additional annotations for the loft pod
# podAnnotations: {}
# Additional common annotations for all resources
# commonAnnotations: {}
# Annotations for the loft-config secret
# secretAnnotations: {}
# Additional labels for the loft pod
# podLabels: {}
# Default values for loft deployment.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# Default value is: loftsh/loft:{{ .Chart.Version }}
image: loftsh/loft:2.2.1
# Additional enviroment variables in the form of
# VAR_NAME: VAR_VALUE
env: {}
# Additional environment variables in the form of
# VAR_NAME:
# secretKeyRef:
# name: mysecret
# key: username
envValueFrom: {}
# Replica amount of the loft deployment
replicaCount: 1
# Resources of the loft deployment
resources:
requests:
memory: 128Mi
cpu: 50m
limits:
memory: 2Gi
cpu: "2"
# Additional volumes that should be mounted to the loft deployment
volumes: []
# Additional volume mounts that should be mounted into the loft container
volumeMounts: []
# If the readinessProbe should be enabled
readinessProbe:
enabled: true
# If the livenessProbe should be enabled
livenessProbe:
enabled: true
# If an extension api service should be registered for
# the loft apis in kubernetes
apiService:
enabled: false
# Additional loft service account options
serviceAccount:
name: loft
create: true
clusterRole: cluster-admin
annotations: {}
nameOverride: ""
fullnameOverride: ""
# If a cert issuer should be created for loft
certIssuer:
create: false
email: "" # This is a required field if create == true
name: lets-encrypt-http-issuer
secretName: loft-letsencrypt-credentials
server: https://acme-v02.api.letsencrypt.org/directory
httpResolver:
enabled: true
ingressClass: nginx
resolvers: []
# Additional options for audit logging
audit:
enableSideCar: false
image: library/alpine:3.13.1
persistence:
enabled: false
size: 10Gi
# Optional storage class
#storageClassName: my-storage-class
# Prometheus Service Monitor Configuration
serviceMonitor:
enabled: false
jobLabel: loft
targetPort: 80
path: /metrics
interval: 60s
scrapeTimeout: 30s
labels: {}
# Loft config to use initially
config:
audit:
enabled: true
# Enables running loft agent with a security context that:
# - disables privileged escalation
# - drops all capabilities
# - runs as non-root
securityContext:
enabled: true

36
index.yaml
View File

@ -3245,6 +3245,42 @@ entries:
urls: urls:
- assets/linkerd/linkerd2-2.11.0.tgz - assets/linkerd/linkerd2-2.11.0.tgz
version: 2.11.0 version: 2.11.0
loft:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Loft
catalog.cattle.io/release-name: loft
apiVersion: v2
created: "2022-07-20T15:43:52.926618-04:00"
description: Secure Cluster Sharing, Self-Service Namespace Provisioning and Virtual
Clusters
digest: 023d80f68967529b5c98f4b4feaa5f6f108ea8b119f12264fc8f9093985f10cf
home: https://loft.sh
icon: https://static.loft.sh/loft/logo/loft-logo.svg
keywords:
- developer
- development
- sharing
- share
- multi-tenancy
- tenancy
- cluster
- space
- namespace
- vcluster
- vclusters
kubeVersion: '>= 1.22-0'
maintainers:
- email: info@loft.sh
name: Loft Labs, Inc.
url: https://twitter.com/loft_sh
name: loft
sources:
- https://github.com/loft-sh/loft
type: application
urls:
- assets/loft/loft-2.2.101.tgz
version: 2.2.101
minio-operator: minio-operator:
- annotations: - annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner