andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

codefresh/cf-runtime:
    - 7.3.5
  haproxy/haproxy:
    - 1.44.0
pull/1094/head
github-actions[bot] 2025-01-11 00:03:41 +00:00
parent edb9917a99
commit 6935aefd68
152 changed files with 9823 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/codefresh/cf-runtime-7.3.5.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.44.0.tgz Normal file
View File

Binary file not shown.

3
charts/codefresh/cf-runtime/7.3.5/.helmignore Normal file
View File

@ -0,0 +1,3 @@
tests/
.ci/
test-values/

28
charts/codefresh/cf-runtime/7.3.5/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
artifacthub.io/changes: |
- kind: fixed
description: "include error cause in pre-steps error reporting from engine"
artifacthub.io/containsSecurityUpdates: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: ""
apiVersion: v2
dependencies:
- name: cf-common
repository: oci://quay.io/codefresh/charts
version: 0.21.0
description: A Helm chart for Codefresh Runner
home: https://codefresh.io/
icon: file://assets/icons/cf-runtime.png
keywords:
- codefresh
- runner
kubeVersion: '>=1.18-0'
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
sources:
- https://github.com/codefresh-io/venona
version: 7.3.5

1289
charts/codefresh/cf-runtime/7.3.5/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

1065
charts/codefresh/cf-runtime/7.3.5/README.md.gotmpl Normal file
View File

File diff suppressed because it is too large Load Diff

37
charts/codefresh/cf-runtime/7.3.5/files/cleanup-runtime.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "AGENT: ${AGENT}"
echo "AGENT_SECRET_NAME: ${AGENT_SECRET_NAME}"
echo "DIND_SECRET_NAME: ${DIND_SECRET_NAME}"
echo "-----"
auth() {
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
}
remove_runtime() {
if [ "$AGENT" == "true" ]; then
codefresh delete re ${RUNTIME_NAME} || true
else
codefresh delete sys-re ${RUNTIME_NAME} || true
fi
}
remove_agent() {
codefresh delete agent ${AGENT_NAME} || true
}
remove_secrets() {
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
kubectl delete secret $AGENT_SECRET_NAME || true
kubectl delete secret $DIND_SECRET_NAME || true
}
auth
remove_runtime
remove_agent
remove_secrets

132
charts/codefresh/cf-runtime/7.3.5/files/configure-dind-certs.sh Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env bash
#
#---
fatal() {
echo "ERROR: $1"
exit 1
}
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
exit_trap () {
local lc="$BASH_COMMAND" rc=$?
if [ $rc != 0 ]; then
if [[ -n "$SLEEP_ON_ERROR" ]]; then
echo -e "\nSLEEP_ON_ERROR is set - Sleeping to fix error"
sleep $SLEEP_ON_ERROR
fi
fi
}
trap exit_trap EXIT
usage() {
echo "Usage:
$0 [-n | --namespace] [--server-cert-cn] [--server-cert-extra-sans] codefresh-api-host codefresh-api-token
Example:
$0 -n workflow https://g.codefresh.io 21341234.423141234.412431234
"
}
# Args
while [[ $1 =~ ^(-(n|h)|--(namespace|server-cert-cn|server-cert-extra-sans|help)) ]]
do
key=$1
value=$2
case $key in
-h|--help)
usage
exit
;;
-n|--namespace)
NAMESPACE="$value"
shift
;;
--server-cert-cn)
SERVER_CERT_CN="$value"
shift
;;
--server-cert-extra-sans)
SERVER_CERT_EXTRA_SANS="$value"
shift
;;
esac
shift # past argument or value
done
API_HOST=${1:-"$CF_API_HOST"}
API_TOKEN=${2:-"$CF_API_TOKEN"}
[[ -z "$API_HOST" ]] && usage && fatal "Missing API_HOST"
[[ -z "$API_TOKEN" ]] && usage && fatal "Missing token"
API_SIGN_PATH=${API_SIGN_PATH:-"api/custom_clusters/signServerCerts"}
NAMESPACE=${NAMESPACE:-default}
RELEASE=${RELEASE:-cf-runtime}
DIR=$(dirname $0)
TMPDIR=/tmp/codefresh/
TMP_CERTS_FILE_ZIP=$TMPDIR/cf-certs.zip
TMP_CERTS_HEADERS_FILE=$TMPDIR/cf-certs-response-headers.txt
CERTS_DIR=$TMPDIR/ssl
SRV_TLS_CA_CERT=${CERTS_DIR}/ca.pem
SRV_TLS_KEY=${CERTS_DIR}/server-key.pem
SRV_TLS_CSR=${CERTS_DIR}/server-cert.csr
SRV_TLS_CERT=${CERTS_DIR}/server-cert.pem
CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
mkdir -p $TMPDIR $CERTS_DIR
K8S_CERT_SECRET_NAME=codefresh-certs-server
echo -e "\n------------------\nGenerating server tls certificates ... "
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
###
openssl genrsa -out $SRV_TLS_KEY 4096 || fatal "Failed to generate openssl key "
openssl req -subj "/CN=${SERVER_CERT_CN}" -new -key $SRV_TLS_KEY -out $SRV_TLS_CSR || fatal "Failed to generate openssl csr "
GENERATE_CERTS=true
CSR=$(sed ':a;N;$!ba;s/\n/\\n/g' ${SRV_TLS_CSR})
SERVER_CERT_SANS="IP:127.0.0.1,DNS:dind,DNS:*.dind.${NAMESPACE},DNS:*.dind.${NAMESPACE}.svc${KUBE_DOMAIN},DNS:*.cf-cd.com,DNS:*.codefresh.io"
if [[ -n "${SERVER_CERT_EXTRA_SANS}" ]]; then
SERVER_CERT_SANS=${SERVER_CERT_SANS},${SERVER_CERT_EXTRA_SANS}
fi
echo "{\"reqSubjectAltName\": \"${SERVER_CERT_SANS}\", \"csr\": \"${CSR}\" }" > ${TMPDIR}/sign_req.json
rm -fv ${TMP_CERTS_HEADERS_FILE} ${TMP_CERTS_FILE_ZIP}
SIGN_STATUS=$(curl -k -sSL -d @${TMPDIR}/sign_req.json -H "Content-Type: application/json" -H "Authorization: ${API_TOKEN}" -H "Expect: " \
-o ${TMP_CERTS_FILE_ZIP} -D ${TMP_CERTS_HEADERS_FILE} -w '%{http_code}' ${API_HOST}/${API_SIGN_PATH} )
echo "Sign request completed with HTTP_STATUS_CODE=$SIGN_STATUS"
if [[ $SIGN_STATUS != 200 ]]; then
echo "ERROR: Cannot sign certificates"
if [[ -f ${TMP_CERTS_FILE_ZIP} ]]; then
mv ${TMP_CERTS_FILE_ZIP} ${TMP_CERTS_FILE_ZIP}.error
cat ${TMP_CERTS_FILE_ZIP}.error
fi
exit 1
fi
unzip -o -d ${CERTS_DIR}/ ${TMP_CERTS_FILE_ZIP} || fatal "Failed to unzip certificates to ${CERTS_DIR} "
cp -v ${CF_SRV_TLS_CA_CERT} $SRV_TLS_CA_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains ca.pem"
cp -v ${CF_SRV_TLS_CERT} $SRV_TLS_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains cf-server-cert.pem"
echo -e "\n------------------\nCreating certificate secret "
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
--from-file=$SRV_TLS_CA_CERT \
--from-file=$SRV_TLS_KEY \
--from-file=$SRV_TLS_CERT \
--dry-run=client -o yaml | kubectl apply --overwrite -f -
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'

80
charts/codefresh/cf-runtime/7.3.5/files/init-runtime.sh Normal file
View File

@ -0,0 +1,80 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "SECRET_NAME: ${SECRET_NAME}"
echo "-----"
create_agent_secret() {
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: ${SECRET_NAME}
namespace: ${KUBE_NAMESPACE}
labels:
codefresh.io/internal: "true"
finalizers:
- kubernetes
ownerReferences:
- apiVersion: apps/v1
kind: Deploy
name: ${OWNER_NAME}
uid: ${OWNER_UID}
stringData:
agent-codefresh-token: ${1}
EOF
}
OWNER_UID=$(kubectl get deploy ${OWNER_NAME} --namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.uid}')
echo "got owner uid: ${OWNER_UID}"
if [ ! -z "${AGENT_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "runtime and agent are already initialized"
echo "-----"
exit 0
fi
if [ ! -z "${EXISTING_AGENT_CODEFRESH_TOKEN}" ]; then
echo "using existing agentToken value"
create_agent_secret $EXISTING_AGENT_CODEFRESH_TOKEN
exit 0
fi
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
echo "-----"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
# AGENT_TOKEN might be empty, in which case it will be returned by the call
RES=$(codefresh install agent \
--name ${AGENT_NAME} \
--kube-context-name ${KUBE_CONTEXT} \
--kube-namespace ${KUBE_NAMESPACE} \
--agent-kube-namespace ${KUBE_NAMESPACE} \
--install-runtime \
--runtime-name ${RUNTIME_NAME} \
--skip-cluster-creation \
--platform-only)
AGENT_CODEFRESH_TOKEN=$(echo "${RES}" | tail -n 1)
echo "generated agent + runtime in platform"
create_agent_secret $AGENT_CODEFRESH_TOKEN
echo "-----"
echo "done initializing runtime and agent"
echo "-----"

38
charts/codefresh/cf-runtime/7.3.5/files/reconcile-runtime.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "CONFIGMAP_NAME: ${CONFIGMAP_NAME}"
echo "RECONCILE_INTERVAL: ${RECONCILE_INTERVAL}"
echo "-----"
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
err "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
while true; do
msg "Reconciling ${RUNTIME_NAME} runtime"
sleep $RECONCILE_INTERVAL
codefresh get re \
--name ${RUNTIME_NAME} \
-o yaml \
| yq 'del(.version, .metadata.changedBy, .metadata.creationTime)' > /tmp/runtime.yaml
kubectl get cm ${CONFIGMAP_NAME} -n ${KUBE_NAMESPACE} -o yaml \
| yq 'del(.metadata.resourceVersion, .metadata.uid)' \
| yq eval '.data["runtime.yaml"] = load_str("/tmp/runtime.yaml")' \
| kubectl apply -f -
done

70
charts/codefresh/cf-runtime/7.3.5/templates/_components/app-proxy/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "app-proxy.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "app-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "app-proxy.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "app-proxy.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: app-proxy
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "app-proxy.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 3000
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

19
charts/codefresh/cf-runtime/7.3.5/templates/_components/app-proxy/_env-vars.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "app-proxy.environment-variables.defaults" }}
PORT: 3000
{{- end }}
{{- define "app-proxy.environment-variables.calculated" }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- with .Values.ingress.pathPrefix }}
API_PATH_PREFIX: {{ . | quote }}
{{- end }}
{{- end }}
{{- define "app-proxy.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "app-proxy.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "app-proxy.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/7.3.5/templates/_components/app-proxy/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "app-proxy.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app-proxy.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "app-proxy.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Selector labels
*/}}
{{- define "app-proxy.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "app-proxy.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "app-proxy.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

32
charts/codefresh/cf-runtime/7.3.5/templates/_components/app-proxy/_ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- define "app-proxy.resources.ingress" -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "app-proxy.fullname" . }}
labels: {{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.class (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.class }}
{{- end }}
{{- if .Values.ingress.tlsSecret }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.ingress.tlsSecret }}
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.pathPrefix | default "/" }}
pathType: ImplementationSpecific
backend:
service:
name: {{ include "app-proxy.fullname" . }}
port:
number: 80
{{- end -}}

47
charts/codefresh/cf-runtime/7.3.5/templates/_components/app-proxy/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "app-proxy.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app-proxy.serviceAccountName" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "app-proxy.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "app-proxy.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/7.3.5/templates/_components/app-proxy/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "app-proxy.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
selector:
{{- include "app-proxy.selectorLabels" . | nindent 4 }}
{{- end -}}

62
charts/codefresh/cf-runtime/7.3.5/templates/_components/event-exporter/_deployment.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- define "event-exporter.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "event-exporter.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "event-exporter.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: event-exporter
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
args: [--running-in-cluster=true]
env:
{{- include "event-exporter.environment-variables" . | nindent 8 }}
ports:
- name: metrics
containerPort: 9102
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

14
charts/codefresh/cf-runtime/7.3.5/templates/_components/event-exporter/_env-vars.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.environment-variables.defaults" }}
{{- end }}
{{- define "event-exporter.environment-variables.calculated" }}
{{- end }}
{{- define "event-exporter.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "event-exporter.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "event-exporter.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/7.3.5/templates/_components/event-exporter/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "event-exporter.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "event-exporter.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "event-exporter.labels" -}}
{{ include "cf-runtime.labels" . }}
app: event-exporter
{{- end }}
{{/*
Selector labels
*/}}
{{- define "event-exporter.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
app: event-exporter
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "event-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "event-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
charts/codefresh/cf-runtime/7.3.5/templates/_components/event-exporter/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "event-exporter.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "event-exporter.serviceAccountName" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: [events]
verbs: [get, list, watch]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "event-exporter.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "event-exporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/7.3.5/templates/_components/event-exporter/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "event-exporter.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: metrics
port: 9102
targetPort: metrics
protocol: TCP
selector:
{{- include "event-exporter.selectorLabels" . | nindent 4 }}
{{- end -}}

14
charts/codefresh/cf-runtime/7.3.5/templates/_components/event-exporter/_serviceMontor.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.resources.serviceMonitor" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
{{- end -}}

70
charts/codefresh/cf-runtime/7.3.5/templates/_components/monitor/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "monitor.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "monitor.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "monitor.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 9020
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /api/ping
port: 9020
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

26
charts/codefresh/cf-runtime/7.3.5/templates/_components/monitor/_env-vars.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- define "monitor.environment-variables.defaults" }}
SERVICE_NAME: {{ include "monitor.fullname" . }}
PORT: 9020
HELM3: true
NODE_OPTIONS: "--max_old_space_size=4096"
{{- end }}
{{- define "monitor.environment-variables.calculated" }}
API_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
CLUSTER_ID: {{ include "runtime.runtime-environment-spec.context-name" . }}
API_URL: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}/api/k8s-monitor/events
ACCOUNT_ID: {{ .Values.global.accountId }}
NAMESPACE: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
ROLE_BINDING: true
{{- end }}
{{- end }}
{{- define "monitor.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "monitor.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "monitor.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

42
charts/codefresh/cf-runtime/7.3.5/templates/_components/monitor/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "monitor.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Selector labels
*/}}
{{- define "monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "monitor.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "monitor.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

56
charts/codefresh/cf-runtime/7.3.5/templates/_components/monitor/_rbac.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- define "monitor.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "monitor.serviceAccountName" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "monitor.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
name: {{ include "monitor.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/7.3.5/templates/_components/monitor/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "monitor.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9020
selector:
{{- include "monitor.selectorLabels" . | nindent 4 }}
{{- end -}}

103
charts/codefresh/cf-runtime/7.3.5/templates/_components/runner/_deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- define "runner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "runner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "runner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "runner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
- name: init
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.init.image "context" .) }}
imagePullPolicy: {{ .Values.init.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/init-runtime.sh" | nindent 10 }}
env:
{{- include "runner-init.environment-variables" . | nindent 8 }}
{{- with .Values.init.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
containers:
- name: runner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
env:
{{- include "runner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.sidecar.enabled }}
- name: reconcile-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.sidecar.image "context" .) }}
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/reconcile-runtime.sh" | nindent 10 }}
env:
{{- include "runner-sidecar.environment-variables" . | nindent 8 }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

42
charts/codefresh/cf-runtime/7.3.5/templates/_components/runner/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "runner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "runner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

53
charts/codefresh/cf-runtime/7.3.5/templates/_components/runner/_rbac.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- define "runner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runner.serviceAccountName" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "pods", "persistentvolumeclaims" ]
verbs: [ "get", "create", "delete", patch ]
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets" ]
verbs: [ "get", "create", "update", patch ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "runner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "runner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

30
charts/codefresh/cf-runtime/7.3.5/templates/_components/runner/environment-variables/_init-container.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- define "runner-init.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-init.environment-variables.calculated" }}
AGENT_NAME: {{ include "runtime.runtime-environment-spec.agent-name" . }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
AGENT_CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
optional: true
EXISTING_AGENT_CODEFRESH_TOKEN: {{ include "runtime.agent-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
SECRET_NAME: {{ include "runner.fullname" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
{{- end }}
{{- define "runner-init.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-init.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-init.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

29
charts/codefresh/cf-runtime/7.3.5/templates/_components/runner/environment-variables/_main-container.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- define "runner.environment-variables.defaults" }}
AGENT_MODE: InCluster
SELF_DEPLOYMENT_NAME:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- end }}
{{- define "runner.environment-variables.calculated" }}
AGENT_ID: {{ include "runtime.runtime-environment-spec.agent-name" . }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
CODEFRESH_IN_CLUSTER_RUNTIME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
RUNTIME_CHART_VERSION: {{ .Chart.Version }}
{{- end }}
{{- define "runner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

22
charts/codefresh/cf-runtime/7.3.5/templates/_components/runner/environment-variables/_sidecar-container.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "runner-sidecar.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-sidecar.environment-variables.calculated" }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CONFIGMAP_NAME: {{ printf "%s-%s" (include "runtime.fullname" .) "spec" }}
{{- end }}
{{- define "runner-sidecar.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-sidecar.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-sidecar.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.sidecar.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

58
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_cronjob.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- define "dind-volume-provisioner.resources.cronjob" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- if not (eq .Values.storage.backend "local") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "dind-volume-cleanup.fullname" . }}
labels:
{{- include "dind-volume-cleanup.labels" . | nindent 4 }}
spec:
concurrencyPolicy: {{ .Values.concurrencyPolicy }}
schedule: {{ .Values.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.successfulJobsHistory }}
failedJobsHistoryLimit: {{ .Values.failedJobsHistory }}
{{- with .Values.suspend }}
suspend: {{ . }}
{{- end }}
jobTemplate:
spec:
template:
metadata:
labels:
{{- include "dind-volume-cleanup.selectorLabels" . | nindent 12 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 10 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
restartPolicy: {{ .Values.restartPolicy | default "Never" }}
containers:
- name: dind-volume-cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 12 }}
- name: PROVISIONED_BY
value: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
resources:
{{- toYaml .Values.resources | nindent 14 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end -}}

98
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_daemonset.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- define "dind-volume-provisioner.resources.daemonset" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $localVolumeParentDir := .Values.storage.local.volumeParentDir }}
{{- if eq .Values.storage.backend "local" }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "dind-lv-monitor.fullname" . }}
labels:
{{- include "dind-lv-monitor.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.volumePermissions.image "context" .) }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $localVolumeParentDir }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
name: dind-volume-dir
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 10 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.volumePermissions.resources | nindent 10 }}
{{- end }}
containers:
- name: dind-lv-monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- /home/dind-volume-utils/bin/local-volumes-agent
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 10 }}
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VOLUME_PARENT_DIR
value: {{ $localVolumeParentDir }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
readOnly: false
name: dind-volume-dir
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- name: dind-volume-dir
hostPath:
path: {{ $localVolumeParentDir }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end -}}

67
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_deployment.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- define "dind-volume-provisioner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: dind-volume-provisioner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
command:
- /usr/local/bin/dind-volume-provisioner
- -v=4
- --resync-period=50s
env:
{{- include "dind-volume-provisioner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- include "dind-volume-provisioner.volumeMounts.calculated" . | nindent 8 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- include "dind-volume-provisioner.volumes.calculated" . | nindent 6 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

88
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_env-vars.yaml Normal file
View File

@ -0,0 +1,88 @@
{{- define "dind-volume-provisioner.environment-variables.defaults" }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables.calculated" }}
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
PROVISIONER_NAME: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.accessKeyIdSecretKeyRef }}
AWS_ACCESS_KEY_ID:
{{- if .Values.storage.ebs.accessKeyId }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_access_key_id
{{- else if .Values.storage.ebs.accessKeyIdSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.accessKeyIdSecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.ebs.secretAccessKey .Values.storage.ebs.secretAccessKeySecretKeyRef }}
AWS_SECRET_ACCESS_KEY:
{{- if .Values.storage.ebs.secretAccessKey }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_secret_access_key
{{- else if .Values.storage.ebs.secretAccessKeySecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.secretAccessKeySecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }}
{{- end }}
{{- if and .Values.storage.mountAzureJson }}
AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json
CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "dind-volume-provisioner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "dind-volume-provisioner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}
{{- define "dind-volume-provisioner.volumes.calculated" }}
{{- if .Values.storage.gcedisk.serviceAccountJson }}
- name: credentials
secret:
secretName: {{ include "dind-volume-provisioner.fullname" . }}
optional: true
{{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
secret:
secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }}
optional: true
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.volumeMounts.calculated" }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
readOnly: true
mountPath: "/etc/dind-volume-provisioner/credentials"
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
readOnly: true
mountPath: "/etc/kubernetes/azure.json"
{{- end }}
{{- end }}

93
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_helpers.tpl Normal file
View File

@ -0,0 +1,93 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dind-volume-provisioner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dind-volume-provisioner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "dind-volume-cleanup.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-cleanup" | trunc 52 | trimSuffix "-" }}
{{- end }}
{{- define "dind-lv-monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Provisioner name for storage class
*/}}
{{- define "dind-volume-provisioner.volumeProvisionerName" }}
{{- printf "codefresh.io/dind-volume-provisioner-runner-%s" .Release.Namespace }}
{{- end }}
{{/*
Common labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Selector labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Common labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Selector labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dind-volume-provisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dind-volume-provisioner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.storageClassName" }}
{{- printf "dind-local-volumes-runner-%s" .Release.Namespace }}
{{- end }}

71
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_rbac.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- define "dind-volume-provisioner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get", "list" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "create", "update" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "dind-volume-provisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

22
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_secret.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "dind-volume-provisioner.resources.secret" -}}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.secretAccessKey .Values.storage.gcedisk.serviceAccountJson }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
stringData:
{{- with .Values.storage.gcedisk.serviceAccountJson }}
google-service-account.json: |
{{- . | nindent 4 }}
{{- end }}
{{- with .Values.storage.ebs.accessKeyId }}
aws_access_key_id: {{ . }}
{{- end }}
{{- with .Values.storage.ebs.secretAccessKey }}
aws_secret_access_key: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

47
charts/codefresh/cf-runtime/7.3.5/templates/_components/volume-provisioner/_storageclass.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "dind-volume-provisioner.resources.storageclass" -}}
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
{{/* has to be exactly that */}}
name: {{ include "dind-volume-provisioner.storageClassName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
provisioner: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}
volumeBackend: local
volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
{{- else if eq .Values.storage.backend "gcedisk" }}
volumeBackend: {{ .Values.storage.backend }}
type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
zone: {{ required ".Values.storage.gcedisk.availabilityZone is required" .Values.storage.gcedisk.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
{{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
volumeBackend: {{ .Values.storage.backend }}
VolumeType: {{ .Values.storage.ebs.volumeType | default "gp3" }}
AvailabilityZone: {{ required ".Values.storage.ebs.availabilityZone is required" .Values.storage.ebs.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
encrypted: {{ .Values.storage.ebs.encrypted | default "false" | quote }}
{{- with .Values.storage.ebs.kmsKeyId }}
kmsKeyId: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.iops }}
iops: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.throughput }}
throughput: {{ . | quote }}
{{- end }}
{{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
volumeBackend: {{ .Values.storage.backend }}
kind: managed
skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
{{- with .Values.storage.azuredisk.availabilityZone }}
availabilityZone: {{ . | quote }}
{{- end }}
{{- with .Values.storage.azuredisk.resourceGroup }}
resourceGroup: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/codefresh/cf-runtime/7.3.5/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cf-runtime.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cf-runtime.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cf-runtime.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cf-runtime.labels" -}}
helm.sh/chart: {{ include "cf-runtime.chart" . }}
{{ include "cf-runtime.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cf-runtime.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/app-proxy/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.deployment" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/app-proxy/ingress.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.ingress" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/app-proxy/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.rbac" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/app-proxy/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.service" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/event-exporter/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.deployment" $eventExporterContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/event-exporter/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.rbac" $eventExporterContext }}
{{- end }}

11
charts/codefresh/cf-runtime/7.3.5/templates/event-exporter/service.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.service" $eventExporterContext }}
---
{{- include "event-exporter.resources.serviceMonitor" $eventExporterContext }}
{{- end }}

6
charts/codefresh/cf-runtime/7.3.5/templates/extra/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- range .Values.extraResources }}
---
{{ include (printf "%s.tplrender" $cfCommonTplSemver) (dict "Values" . "context" $) }}
{{- end }}

19
charts/codefresh/cf-runtime/7.3.5/templates/extra/runtime-images-cm.yaml Normal file
View File

@ -0,0 +1,19 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.engine.runtimeImages }}
---
kind: ConfigMap
apiVersion: v1
metadata:
{{- /* dummy template just to list runtime images */}}
name: {{ include "runtime.fullname" . }}-images
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
images: |
{{- range $key, $val := $values }}
image: {{ $val }}
{{- end }}

18
charts/codefresh/cf-runtime/7.3.5/templates/hooks/post-install/cm-update-runtime.yaml Normal file
View File

@ -0,0 +1,18 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "runtime.fullname" . }}-spec
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
runtime.yaml: |
{{ include "runtime.runtime-environment-spec.template" . | nindent 4 | trim }}
{{- end }}

68
charts/codefresh/cf-runtime/7.3.5/templates/hooks/post-install/job-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,68 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "3"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-gencerts-dind
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: gencerts-dind
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/configure-dind-certs.sh" | nindent 10 }}
env:
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: RELEASE
value: {{ .Release.Name }}
- name: CF_API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: CF_API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

77
charts/codefresh/cf-runtime/7.3.5/templates/hooks/post-install/job-update-runtime.yaml Normal file
View File

@ -0,0 +1,77 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "5"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: patch-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- |
codefresh auth create-context --api-key $API_KEY --url $API_HOST
cat /usr/share/extras/runtime.yaml
codefresh get re
{{- if .Values.runtime.agent }}
codefresh patch re -f /usr/share/extras/runtime.yaml
{{- else }}
codefresh patch sys-re -f /usr/share/extras/runtime.yaml
{{- end }}
env:
- name: API_KEY
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
volumeMounts:
- name: config
mountPath: /usr/share/extras/runtime.yaml
subPath: runtime.yaml
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
volumes:
- name: config
configMap:
name: {{ include "runtime.fullname" . }}-spec
{{- end }}

37
charts/codefresh/cf-runtime/7.3.5/templates/hooks/post-install/rbac-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,37 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-gencerts-dind
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
{{ end }}

73
charts/codefresh/cf-runtime/7.3.5/templates/hooks/pre-delete/job-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,73 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-cleanup
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/cleanup-runtime.sh" | nindent 10 }}
env:
- name: AGENT_NAME
value: {{ include "runtime.runtime-environment-spec.agent-name" . }}
- name: RUNTIME_NAME
value: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: AGENT
value: {{ .Values.runtime.agent | quote }}
- name: AGENT_SECRET_NAME
value: {{ include "runner.fullname" . }}
- name: DIND_SECRET_NAME
value: codefresh-certs-server
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

46
charts/codefresh/cf-runtime/7.3.5/templates/hooks/pre-delete/rbac-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,46 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-cleanup
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
{{ end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/monitor/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.deployment" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/monitor/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.rbac" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/monitor/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.service" $monitorContext }}
{{- end }}

2
charts/codefresh/cf-runtime/7.3.5/templates/other/external-secrets.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.external-secrets" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/7.3.5/templates/other/podMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.podMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/7.3.5/templates/other/serviceMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.serviceMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

9
charts/codefresh/cf-runtime/7.3.5/templates/runner/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.deployment" $runnerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/runner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.rbac" $runnerContext }}
{{- end }}

123
charts/codefresh/cf-runtime/7.3.5/templates/runtime/_helpers.tpl Normal file
View File

@ -0,0 +1,123 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runtime.name" -}}
{{- printf "%s" (include "cf-runtime.name" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runtime.fullname" -}}
{{- printf "%s" (include "cf-runtime.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runtime.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runtime.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Return runtime image (classic runtime) with private registry prefix
*/}}
{{- define "runtime.runtimeImageName" -}}
{{- if .registry -}}
{{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
{{- printf "%s/%s" .registry $imageName -}}
{{- else -}}
{{- printf "%s" .imageFullName -}}
{{- end -}}
{{- end -}}
{{/*
Environment variable value of Codefresh installation token
*/}}
{{- define "runtime.installation-token-env-var-value" -}}
{{- if .Values.global.codefreshToken }}
valueFrom:
secretKeyRef:
name: {{ include "runtime.installation-token-secret-name" . }}
key: codefresh-api-token
{{- else if .Values.global.codefreshTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Environment variable value of Codefresh agent token
*/}}
{{- define "runtime.agent-token-env-var-value" -}}
{{- if .Values.global.agentToken }}
{{- printf "%s" .Values.global.agentToken | toYaml }}
{{- else if .Values.global.agentTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.agentTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Print Codefresh API token secret name
*/}}
{{- define "runtime.installation-token-secret-name" }}
{{- print "codefresh-user-token" }}
{{- end }}
{{/*
Print Codefresh host
*/}}
{{- define "runtime.runtime-environment-spec.codefresh-host" }}
{{- if and (not .Values.global.codefreshHost) }}
{{- fail "ERROR: .global.codefreshHost is required" }}
{{- else }}
{{- printf "%s" (trimSuffix "/" .Values.global.codefreshHost) }}
{{- end }}
{{- end }}
{{/*
Print runtime-environment name
*/}}
{{- define "runtime.runtime-environment-spec.runtime-name" }}
{{- if and (not .Values.global.runtimeName) }}
{{- printf "%s/%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.runtimeName }}
{{- end }}
{{- end }}
{{/*
Print agent name
*/}}
{{- define "runtime.runtime-environment-spec.agent-name" }}
{{- if and (not .Values.global.agentName) }}
{{- printf "%s_%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.agentName }}
{{- end }}
{{- end }}
{{/*
Print context
*/}}
{{- define "runtime.runtime-environment-spec.context-name" }}
{{- if and (not .Values.global.context) }}
{{- fail "ERROR: .global.context is required" }}
{{- else }}
{{- printf "%s" .Values.global.context }}
{{- end }}
{{- end }}

10
charts/codefresh/cf-runtime/7.3.5/templates/runtime/cm-dind-daemon.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- /* has to be a constant */}}
name: codefresh-dind-config
labels:
{{- include "runtime.labels" . | nindent 4 }}
data:
daemon.json: |
{{ coalesce .Values.re.dindDaemon .Values.runtime.dindDaemon | toPrettyJson | indent 4 }}

48
charts/codefresh/cf-runtime/7.3.5/templates/runtime/rbac.yaml Normal file
View File

@ -0,0 +1,48 @@
{{ $values := .Values.runtime }}
---
{{- if or $values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- /* has to be a constant */}}
name: codefresh-engine
labels:
{{- include "runtime.labels" . | nindent 4 }}
{{- with $values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if $values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with $values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and $values.serviceAccount.create $values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: codefresh-engine
roleRef:
kind: Role
name: codefresh-engine
apiGroup: rbac.authorization.k8s.io
{{- end }}

235
charts/codefresh/cf-runtime/7.3.5/templates/runtime/runtime-env-spec-tmpl.yaml Normal file
View File

@ -0,0 +1,235 @@
{{- define "runtime.runtime-environment-spec.template" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version -}}
{{- $kubeconfigFilePath := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $name := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $engineContext := .Values.runtime.engine -}}
{{- $dindContext := .Values.runtime.dind -}}
{{- $imageRegistry := .Values.global.imageRegistry -}}
metadata:
name: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
agent: {{ .Values.runtime.agent }}
runtimeScheduler:
type: KubernetesPod
{{- if $engineContext.image }}
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $engineContext.image.pullPolicy }}
{{- with $engineContext.command }}
command: {{- toYaml . | nindent 4 }}
{{- end }}
envVars:
{{- with $engineContext.env }}
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
COMPOSE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COMPOSE_IMAGE) | squote }}
CONTAINER_LOGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CONTAINER_LOGGER_IMAGE) | squote }}
DOCKER_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_BUILDER_IMAGE) | squote }}
DOCKER_PULLER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PULLER_IMAGE) | squote }}
DOCKER_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PUSHER_IMAGE) | squote }}
DOCKER_TAG_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) | squote }}
FS_OPS_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.FS_OPS_IMAGE) | squote }}
GIT_CLONE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GIT_CLONE_IMAGE) | squote }}
KUBE_DEPLOY: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.KUBE_DEPLOY) | squote }}
PIPELINE_DEBUGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.PIPELINE_DEBUGGER_IMAGE) | squote }}
TEMPLATE_ENGINE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.TEMPLATE_ENGINE) | squote }}
CR_6177_FIXER: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CR_6177_FIXER) | squote }}
GC_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GC_BUILDER_IMAGE) | squote }}
COSIGN_IMAGE_SIGNER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COSIGN_IMAGE_SIGNER_IMAGE) | squote }}
RUNTIME_CHART_VERSION: {{ .Chart.Version }}
{{- with $engineContext.userEnvVars }}
userEnvVars: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.workflowLimits }}
workflowLimits: {{- toYaml . | nindent 4 }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $engineContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $engineContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $engineContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $engineContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $engineContext.schedulerName }}
schedulerName: {{ $engineContext.schedulerName }}
{{- end }}
resources:
{{- if $engineContext.resources}}
{{- toYaml $engineContext.resources | nindent 4 }}
{{- end }}
{{- with $engineContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
dockerDaemonScheduler:
type: DindKubernetesPod
{{- if $dindContext.image }}
dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $dindContext.image.pullPolicy }}
{{- with $dindContext.userAccess }}
userAccess: {{ . }}
{{- end }}
{{- with $dindContext.env }}
envVars:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $dindContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $dindContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $dindContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $dindContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.schedulerName }}
schedulerName: {{ $dindContext.schedulerName }}
{{- end }}
{{- if $dindContext.pvcs }}
pvcs:
{{- range $index, $pvc := $dindContext.pvcs }}
- name: {{ $pvc.name }}
reuseVolumeSelector: {{ $pvc.reuseVolumeSelector | squote }}
reuseVolumeSortOrder: {{ $pvc.reuseVolumeSortOrder }}
storageClassName: {{ include (printf "%v.tplrender" $cfCommonTplSemver) (dict "Values" $pvc.storageClassName "context" $) }}
volumeSize: {{ $pvc.volumeSize }}
{{- with $pvc.annotations }}
annotations: {{ . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
defaultDindResources:
{{- with $dindContext.resources }}
{{- if not .requests }}
limits: {{- toYaml .limits | nindent 6 }}
requests: null
{{- else }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- with $dindContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with $dindContext.userVolumeMounts }}
userVolumeMounts: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.userVolumes }}
userVolumes: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .Values.runtime.agent) }}
clientCertPath: /etc/ssl/cf/
volumeMounts:
codefresh-certs-server:
name: codefresh-certs-server
mountPath: /etc/ssl/cf
readOnly: false
volumes:
codefresh-certs-server:
name: codefresh-certs-server
secret:
secretName: codefresh-certs-server
{{- end }}
{{- with $dindContext.podSecurityContext }}
podSecurityContext: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.containerSecurityContext }}
containerSecurityContext: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.volumePermissions.image "context" .) }}
imagePullPolicy: {{ $dindContext.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ $dindContext.containerSecurityContext.runAsUser }}:{{ $dindContext.podSecurityContext.fsGroup }} /home/rootless/.local/share/docker
volumeMounts:
- mountPath: /home/rootless/.local/share/docker
name: dind
{{- if eq ( toString ( $dindContext.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit $dindContext.volumePermissions.securityContext "runAsUser" | toYaml | nindent 6 }}
{{- else }}
securityContext: {{- $dindContext.volumePermissions.securityContext | toYaml | nindent 6 }}
{{- end }}
resources:
{{- toYaml $dindContext.volumePermissions.resources | nindent 6 }}
{{- end }}
extends: {{- toYaml .Values.runtime.runtimeExtends | nindent 2 }}
{{- if .Values.runtime.description }}
description: {{ .Values.runtime.description }}
{{- else }}
description: null
{{- end }}
{{- if .Values.global.accountId }}
accountId: {{ .Values.global.accountId }}
{{- end }}
{{- if not .Values.runtime.agent }}
accounts: {{- toYaml .Values.runtime.accounts | nindent 2 }}
{{- end }}
{{- if .Values.appProxy.enabled }}
appProxy:
externalIP: >-
{{ printf "https://%s%s" .Values.appProxy.ingress.host (.Values.appProxy.ingress.pathPrefix | default "/") }}
{{- end }}
{{- if not .Values.runtime.agent }}
systemHybrid: true
{{- end }}
{{- end }}

11
charts/codefresh/cf-runtime/7.3.5/templates/runtime/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.global.codefreshToken }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "runtime.installation-token-secret-name" . }}
labels:
{{- include "runtime.labels" . | nindent 4 }}
stringData:
codefresh-api-token: {{ .Values.global.codefreshToken }}
{{- end }}

16
charts/codefresh/cf-runtime/7.3.5/templates/runtime/svc-dind.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "runtime.labels" . | nindent 4 }}
app: dind
{{/* has to be a constant */}}
name: dind
spec:
ports:
- name: "dind-port"
port: 1300
protocol: TCP
clusterIP: None
selector:
app: dind

11
charts/codefresh/cf-runtime/7.3.5/templates/volume-provisioner/cronjob.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-volume-cleanup") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.cronjob" $volumeProvisionerContext }}
{{- end }}

11
charts/codefresh/cf-runtime/7.3.5/templates/volume-provisioner/daemonset.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-lv-monitor") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.daemonset" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/7.3.5/templates/volume-provisioner/deployment.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/7.3.5/templates/volume-provisioner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.rbac" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/7.3.5/templates/volume-provisioner/secret.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.secret" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/7.3.5/templates/volume-provisioner/storageclass.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.storageclass" $volumeProvisionerContext }}
{{- end }}

38
charts/codefresh/cf-runtime/7.3.5/values-rootless.yaml Normal file
View File

@ -0,0 +1,38 @@
volumeProvisioner:
env:
IS_ROOTLESS: true
# -- Only if local volumes are used as backend storage (ignored for ebs/ebs-csi disks)
dind-lv-monitor:
image:
tag: 1.30.0-rootless
digest: sha256:712e549e6e843b04684647f17e0973f8047e0d60e6e8b38a693ea64dc75b0479
containerSecurityContext:
runAsUser: 1000
podSecurityContext:
fsGroup: 1000
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
fsGroupChangePolicy: "OnRootMismatch"
# -- Enable initContainer to run chmod for /var/lib/codefresh/dind-volumes on host nodes
volumePermissions:
enabled: false
runtime:
dind:
image:
tag: 26.1.4-1.28.10-rootless
digest: sha256:59dfc004eb22a8f09c8a3d585271a055af9df4591ab815bca418c24a2077f5c8
userVolumeMounts:
dind:
name: dind
mountPath: /home/rootless/.local/share/docker
containerSecurityContext:
privileged: true
runAsUser: 1000
podSecurityContext:
fsGroup: 1000
# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#configure-volume-permission-and-ownership-change-policy-for-pods
fsGroupChangePolicy: "OnRootMismatch"
# -- Enable initContainer to run chmod for /home/rootless in DinD pod
# !!! Will slow down dind pod startup
volumePermissions:
enabled: true

914
charts/codefresh/cf-runtime/7.3.5/values.yaml Normal file
View File

@ -0,0 +1,914 @@
# -- String to partially override cf-runtime.fullname template (will maintain the release name)
nameOverride: ""
# -- String to fully override cf-runtime.fullname template
fullnameOverride: ""
# -- Global parameters
# @default -- See below
global:
# -- Global Docker image registry
imageRegistry: ""
# -- Global Docker registry secret names as array
imagePullSecrets: []
# -- URL of Codefresh Platform (required!)
codefreshHost: "https://g.codefresh.io"
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
# Ref: https://g.codefresh.io/user/settings (see API Keys)
# Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write)
codefreshToken: ""
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
codefreshTokenSecretKeyRef: {}
# E.g.
# codefreshTokenSecretKeyRef:
# name: my-codefresh-api-token
# key: codefresh-api-token
# -- Account ID (required!)
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
accountId: ""
# -- K8s context name (required!)
context: ""
# E.g.
# context: prod-ue1-runtime-1
# -- Agent Name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}`
agentName: ""
# E.g.
# agentName: prod-ue1-runtime-1
# -- Runtime name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}`
runtimeName: ""
# E.g.
# runtimeName: prod-ue1-runtime-1/namespace
# -- DEPRECATED Agent token in plain text.
# !!! MUST BE provided if migrating from < 6.x chart version
agentToken: ""
# -- DEPRECATED Agent token that references an existing secret containing API key.
# !!! MUST BE provided if migrating from < 6.x chart version
agentTokenSecretKeyRef: {}
# E.g.
# agentTokenSecretKeyRef:
# name: my-codefresh-agent-secret
# key: codefresh-agent-token
# DEPRECATED -- Use `.Values.global.imageRegistry` instead
dockerRegistry: ""
# DEPRECATED -- Use `.Values.runtime` instead
re: {}
# -- Runner parameters
# @default -- See below
runner:
# -- Enable the runner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/venona
tag: 2.0.0
digest: sha256:bcc6e7495186f1f9c3e885afa891a3bda11b5374a577f069f34ddc75142342ef
# -- Init container
init:
image:
registry: quay.io
repository: codefresh/cli
tag: 0.88.4-rootless
digest: sha256:b256d150ff8a636851ddc1d5fb0490114d5036cc5bff357eac6a9899fea87562
resources:
limits:
memory: 512Mi
cpu: '1'
requests:
memory: 256Mi
cpu: '0.2'
# -- Sidecar container
# Reconciles runtime spec from Codefresh API for drift detection
sidecar:
enabled: false
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.31.2
digest: sha256:a30a8810dde249d0198f67792ed9696363f15c8cecbac955ee9bd267b5454ee7
env:
RECONCILE_INTERVAL: 300
resources: {}
# -- Add additional env vars
env: {}
# E.g.
# env:
# WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Volume Provisioner parameters
# @default -- See below
volumeProvisioner:
# -- Enable volume-provisioner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/dind-volume-provisioner
tag: 1.35.2
digest: sha256:ede6f663c912a08b7d335b5ec5518ccc266b27c431d0854d22971005992adc5d
# -- Add additional env vars
env: {}
# E.g.
# env:
# THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 3000
runAsGroup: 3000
fsGroup: 3000
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- `dind-lv-monitor` DaemonSet parameters
# (local volumes cleaner)
# @default -- See below
dind-lv-monitor:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-utils
tag: 1.30.0
digest: sha256:506915ccb63481cd6b249e9068235100ea2ae39d4c811c3e49851c20cbe5ee6f
podAnnotations: {}
podSecurityContext:
enabled: false
runAsUser: 1000
fsGroup: 1000
containerSecurityContext: {}
env: {}
resources: {}
nodeSelector: {}
tolerations:
- key: 'codefresh/dind'
operator: 'Exists'
effect: 'NoSchedule'
volumePermissions:
enabled: false
image:
registry: docker.io
repository: alpine
tag: 3.18
digest: sha256:dd60c75fba961ecc5e918961c713f3c42dd5665171c58f9b2ef5aafe081ad5a0
resources: {}
securityContext:
runAsUser: 0 # auto
# `dind-volume-cleanup` CronJob parameters
# (external volumes cleaner)
# @default -- See below
dind-volume-cleanup:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-cleanup
tag: 1.2.0
digest: sha256:1af3e3ecc87bf2e26ba07ecef68f54ad100d7e3b5fcf074099f627fd5d917369
env: {}
concurrencyPolicy: Forbid
schedule: "*/10 * * * *"
successfulJobsHistory: 3
failedJobsHistory: 1
suspend: false
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroup: 3000
runAsGroup: 3000
runAsUser: 3000
nodeSelector: {}
affinity: {}
tolerations: []
# Storage parameters for volume-provisioner
# @default -- See below
storage:
# -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`)
backend: local
# -- Set filesystem type (`ext4`/`xfs`)
fsType: "ext4"
# Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`)
# https://kubernetes.io/docs/concepts/storage/volumes/#local
# @default -- See below
local:
# -- Set volume path on the host filesystem
volumeParentDir: /var/lib/codefresh/dind-volumes
# Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`)
# https://aws.amazon.com/ebs/
# https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration
# @default -- See below
ebs:
# -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required)
volumeType: "gp2"
# -- Set EBS volumes availability zone (required)
availabilityZone: "us-east-1a"
# -- Enable encryption (optional)
encrypted: "false"
# -- Set KMS encryption key ID (optional)
kmsKeyId: ""
# -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
accessKeyId: ""
# -- Existing secret containing AWS_ACCESS_KEY_ID.
accessKeyIdSecretKeyRef: {}
# E.g.
# accessKeyIdSecretKeyRef:
# name:
# key:
# -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
secretAccessKey: ""
# -- Existing secret containing AWS_SECRET_ACCESS_KEY
secretAccessKeySecretKeyRef: {}
# E.g.
# secretAccessKeySecretKeyRef:
# name:
# key:
# E.g.
# ebs:
# volumeType: gp3
# availabilityZone: us-east-1c
# encrypted: false
# iops: "5000"
# # I/O operations per second. Only effetive when gp3 volume type is specified.
# # Default value - 3000.
# # Max - 16,000
# throughput: "500"
# # Throughput in MiB/s. Only effective when gp3 volume type is specified.
# # Default value - 125.
# # Max - 1000.
# ebs:
# volumeType: gp2
# availabilityZone: us-east-1c
# encrypted: true
# kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
# accessKeyId: "MYKEYID"
# secretAccessKey: "MYACCESSKEY"
# Storage parameters example for gce disks
# https://cloud.google.com/compute/docs/disks#pdspecs
# https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration
# @default -- See below
gcedisk:
# -- Set GCP volume backend type (`pd-ssd`/`pd-standard`)
volumeType: "pd-ssd"
# -- Set GCP volume availability zone
availabilityZone: "us-west1-a"
# -- Set Google SA JSON key for volume-provisioner (optional)
serviceAccountJson: ""
# -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional)
serviceAccountJsonSecretKeyRef: {}
# E.g.
# gcedisk:
# volumeType: pd-ssd
# availabilityZone: us-central1-c
# serviceAccountJson: |-
# {
# "type": "service_account",
# "project_id": "...",
# "private_key_id": "...",
# "private_key": "...",
# "client_email": "...",
# "client_id": "...",
# "auth_uri": "...",
# "token_uri": "...",
# "auth_provider_x509_cert_url": "...",
# "client_x509_cert_url": "..."
# }
# Storage parameters example for Azure Disks
# https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks
# @default -- See below
azuredisk:
# -- Set storage type (`Premium_LRS`)
skuName: Premium_LRS
cachingMode: None
# availabilityZone: northeurope-1
# resourceGroup:
# DiskIOPSReadWrite: 500
# DiskMBpsReadWrite: 100
mountAzureJson: false
# -- Set runtime parameters
# @default -- See below
runtime:
# -- Set annotation on engine Service Account
# Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
serviceAccount:
create: true
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- Set parent runtime to inherit.
# Should not be changes. Parent runtime is controlled from Codefresh side.
runtimeExtends:
- system/default/hybrid/k8s_low_limits
# -- Runtime description
description: ""
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the engine role
rules: []
# -- (for On-Premise only) Enable agent
agent: true
# -- (for On-Premise only) Set inCluster runtime
inCluster: true
# -- (for On-Premise only) Assign accounts to runtime (list of account ids)
accounts: []
# -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod).
dind:
# -- Set dind image.
image:
registry: quay.io
repository: codefresh/dind
tag: 26.1.4-1.28.8 # use `latest-rootless/rootless/26.1.4-1.28.8-rootless` tags for rootless-dind
pullPolicy: IfNotPresent
digest: sha256:33c343dd01e8a24f0b4a872bbe62884320719f9d9dc27b7a8fed9f7e9fc7e80e
# -- Set dind resources.
resources:
requests: null
limits:
cpu: 400m
memory: 800Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 30
# -- PV claim spec parametes.
pvcs:
# -- Default dind PVC parameters
dind:
# -- PVC name prefix.
# Keep `dind` as default! Don't change!
name: dind
# -- PVC storage class name.
# Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner
storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}'
# -- PVC size.
volumeSize: 16Gi
# -- PV reuse selector.
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy
reuseVolumeSelector: codefresh-app,io.codefresh.accountName
reuseVolumeSortOrder: pipeline_id
# -- PV annotations.
annotations: {}
# E.g.:
# annotations:
# codefresh.io/volume-retention: 7d
# -- Set additional env vars.
env:
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set security context for the pod.
podSecurityContext: {}
# -- Set container security context.
containerSecurityContext: {}
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Keep `true` as default!
userAccess: true
# -- Add extra volumes
userVolumes: {}
# E.g.:
# userVolumes:
# regctl-docker-registry:
# name: regctl-docker-registry
# secret:
# items:
# - key: .dockerconfigjson
# path: config.json
# secretName: regctl-docker-registry
# optional: true
# -- Add extra volume mounts
userVolumeMounts: {}
# E.g.:
# userVolumeMounts:
# regctl-docker-registry:
# name: regctl-docker-registry
# mountPath: /home/appuser/.docker/
# readOnly: true
volumePermissions:
enabled: false
image:
registry: docker.io
repository: alpine
tag: 3.18
digest: sha256:dd60c75fba961ecc5e918961c713f3c42dd5665171c58f9b2ef5aafe081ad5a0
resources: {}
securityContext:
runAsUser: 0 # auto
# -- Parameters for Engine pod (aka "pipeline" orchestrator).
engine:
# -- Set image.
image:
registry: quay.io
repository: codefresh/engine
tag: 1.176.3
pullPolicy: IfNotPresent
digest: sha256:f814ae79c68405e00819458e050b58f0b4cb6db7635961c239beec2fc1f90785
# -- Set container command.
command:
- npm
- run
- start
# -- Set resources.
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 2048Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 180
# -- Set system(base) runtime images.
# @default -- See below.
runtimeImages:
COMPOSE_IMAGE: quay.io/codefresh/compose:v2.32.1-1.5.1@sha256:c57c66edfdbfec5218b36d587f108501b3d9756893af04a2e8045b4f2d6fae94
CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.8@sha256:db1e1e7f038262cb6051b01c20cde276150ae731479e5d1e0aef39d08fc72ae5
DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.4.1@sha256:d0e4b679ac83d092bc9424d49741ac6153521b4ab72bf6f7603b70de4b7afd12
DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18@sha256:1a15c3ae0952d3986de7866a3def8ac7e3e39f668fe87fd46c63d886ca06c6d7
DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16@sha256:05efc1af8b1196f1b9b3f0781b4dcc1aa2cdd0ffc1347ee5fa81b16d029ec5c2
DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15@sha256:3a3e90cd10801c7ec0d3cf3816d0dcc90894d5d1771448c43f67215d90da5eca
FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.7@sha256:1e98266ba808f059005e94e8ae072522aeaff632730a8425b8b8849fce8eabd4
GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0@sha256:a3ec854823f17d0fd817d978219122e644b1abd6db778fd835688fcb6d88c515
KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11@sha256:b6b3fc6cc5fad3ba9e36055278ce99a74a86876be116574503c6fbb4c1b4aa76
PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.7@sha256:3391822b7ad9835cc2a3a0ce5aaa55774ca110a8682d9512205dea24f438718a
TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1@sha256:fb7173cfed7536f7de68e75996106e2ce3a0a204e6c5609cba0d7eb62c9db9e1
CR_6177_FIXER: alpine:edge@sha256:115729ec5cb049ba6359c3ab005ac742012d92bbaa5b8bc1a878f1e8f62c0cb8
GC_BUILDER_IMAGE: quay.io/codefresh/cf-gc-builder:0.5.3@sha256:33ac914e6b844909f188a208cf90e569358cafa5aaa60f49848f49d99bcaf875
COSIGN_IMAGE_SIGNER_IMAGE: quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2@sha256:5e0993207aa809c25ed70cf89af444d9720892fb4a29deb82db45618b0cae4a9
# -- Set additional env vars.
env:
# -- Interval to check the exec status in the container-logger
CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000
# -- Timeout while doing requests to the Docker daemon
DOCKER_REQUEST_TIMEOUT_MS: 30000
# -- If "true", composition images will be pulled sequentially
FORCE_COMPOSE_SERIAL_PULL: false
# -- Level of logging for engine
LOGGER_LEVEL: debug
# -- Enable debug-level logging of outgoing HTTP/HTTPS requests
LOG_OUTGOING_HTTP_REQUESTS: false
# -- Enable emitting metrics from engine
METRICS_PROMETHEUS_ENABLED: true
# -- Enable legacy metrics
METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false
# -- Enable collecting process metrics
METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false
# -- Host for Prometheus metrics server
METRICS_PROMETHEUS_HOST: '0.0.0.0'
# -- Port for Prometheus metrics server
METRICS_PROMETHEUS_PORT: 9100
# -- Trusted QEMU images used for docker builds - when left blank only 'tonistiigi/binfmt' is trusted.
TRUSTED_QEMU_IMAGES: ''
# -- Set workflow limits.
workflowLimits:
# -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds.
MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600
# -- Maximum time for workflow execution; seconds.
MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400
# -- Maximum time allowed to workflow to spend in "elected" state; seconds.
MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900
# -- Maximum retry attempts allowed for workflow.
MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20
# -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900
# -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300
# -- Time since the last health check report after which workflow is terminated; seconds.
TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300
# -- Time since the last health check report after which the engine is considered unhealthy; seconds.
TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60
# -- Time since the last workflow logs activity after which workflow is terminated; seconds.
TIME_INACTIVE_UNTIL_TERMINATION: 2700
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Set extra env vars
userEnvVars: []
# E.g.
# userEnvVars:
# - name: GITHUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: github-token
# key: token
# -- Parameters for `runtime-patch` post-upgrade/install hook
# @default -- See below
patch:
enabled: true
image:
registry: quay.io
repository: codefresh/cli
tag: 0.88.4-rootless
digest: sha256:b256d150ff8a636851ddc1d5fb0490114d5036cc5bff357eac6a9899fea87562
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
env:
HOME: /tmp
# -- Parameters for `gencerts-dind` post-upgrade/install hook
# @default -- See below
gencerts:
enabled: true
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.31.2
digest: sha256:a30a8810dde249d0198f67792ed9696363f15c8cecbac955ee9bd267b5454ee7
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
# -- DinD pod daemon config
# @default -- See below
dindDaemon:
hosts:
- unix:///var/run/docker.sock
- tcp://0.0.0.0:1300
tlsverify: true
tls: true
tlscacert: /etc/ssl/cf-client/ca.pem
tlscert: /etc/ssl/cf/server-cert.pem
tlskey: /etc/ssl/cf/server-key.pem
insecure-registries:
- 192.168.99.100:5000
metrics-addr: 0.0.0.0:9323
experimental: true
# App-Proxy parameters
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation
# @default -- See below
appProxy:
# -- Enable app-proxy
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-app-proxy
tag: 0.0.47
digest: sha256:324a9b89924152cce195c7239ddd8501c8aa5f901d19bc4d9f3936cbe5dac14f
# -- Add additional env vars
env: {}
# Set app-proxy ingress parameters
# @default -- See below
ingress:
# -- Set path prefix for ingress (keep empty for default `/` path)
pathPrefix: ""
# -- Set ingress class
class: ""
# -- Set DNS hostname the ingress will use
host: ""
# -- Set k8s tls secret for the ingress object
tlsSecret: ""
# -- Set extra annotations for ingress object
annotations: {}
# E.g.
# ingress:
# pathPrefix: "/cf-app-proxy"
# class: "nginx"
# host: "mydomain.com"
# tlsSecret: "tls-cert-app-proxy"
# annotations:
# nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
podSecurityContext: {}
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# Monitor parameters
# @default -- See below
monitor:
# -- Enable monitor
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-k8s-agent
tag: 1.3.19
digest: sha256:5be2b798d583abdae68271f57724dd7f2b0251a238845c466fa7b67f078f59ad
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
podSecurityContext: {}
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Add serviceMonitor
# @default -- See below
serviceMonitor:
main:
# -- Enable service monitor for dind pods
enabled: false
nameOverride: dind
selector:
matchLabels:
app: dind
endpoints:
- path: /metrics
targetPort: 9100
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
# -- Add podMonitor (for engine pods)
# @default -- See below
podMonitor:
main:
# -- Enable pod monitor for engine pods
enabled: false
nameOverride: engine
selector:
matchLabels:
app: runtime
podMetricsEndpoints:
- path: /metrics
targetPort: 9100
runner:
# -- Enable pod monitor for runner pod
enabled: false
nameOverride: runner
selector:
matchLabels:
codefresh.io/application: runner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
volume-provisioner:
# -- Enable pod monitor for volumeProvisioner pod
enabled: false
nameOverride: volume-provisioner
selector:
matchLabels:
codefresh.io/application: volume-provisioner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
# -- Event exporter parameters
# @default -- See below
event-exporter:
# -- Enable event-exporter
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: docker.io
repository: codefresh/k8s-event-exporter
tag: latest
digest: sha256:cf52048f1378fb6659dffd1394d68fdf23a7ea709585dc14b5007f3e5a1b7584
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: false
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Array of extra objects to deploy with the release
extraResources: []
# E.g.
# extraResources:
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
# metadata:
# name: codefresh-role
# rules:
# - apiGroups: [ "*"]
# resources: ["*"]
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# - apiVersion: v1
# kind: ServiceAccount
# metadata:
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRoleBinding
# metadata:
# name: codefresh-user
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: codefresh-role
# subjects:
# - kind: ServiceAccount
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: v1
# kind: Secret
# type: kubernetes.io/service-account-token
# metadata:
# name: codefresh-user-token
# namespace: "{{ .Release.Namespace }}"
# annotations:
# kubernetes.io/service-account.name: "codefresh-user"

21
charts/haproxy/haproxy/1.44.0/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

29
charts/haproxy/haproxy/1.44.0/Chart.yaml Normal file
View File

@ -0,0 +1,29 @@
annotations:
artifacthub.io/changes: |
- Support PodMonitor as alternative to ServiceMonitor (#271)
- Use correct values for PodMonitor test (#272)
- Support to specify HPA behavior (#274)
- Make controller.podAnnotations templatable (#276)
- Fix controller.podAnnotations not being templatable in every location (#277)
- Make controller.config templatable (#279)
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/kube-version: '>=1.23.0-0'
catalog.cattle.io/release-name: kubernetes-ingress
apiVersion: v2
appVersion: 3.1.0-rc1
description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
icon: file://assets/icons/haproxy.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.23.0-0'
maintainers:
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
type: application
version: 1.44.0

312
charts/haproxy/haproxy/1.44.0/README.md Normal file
View File

@ -0,0 +1,312 @@
# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy")
## HAProxy Kubernetes Ingress Controller
An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration.
Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/kubernetes/latest/).
Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md).
## Introduction
This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
### Prerequisites
- Kubernetes 1.22+ (recommended 1.24+)
- Helm 3.6+ (recommended 3.7+)
## Before you begin
### Setting up a Kubernetes Cluster
The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides.
For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/).
### Install Helm
Get the latest [Helm release](https://github.com/helm/helm#install).
### Adding Helm chart repo
Once you have Helm installed, add the repo as follows:
```console
helm repo add haproxytech https://haproxytech.github.io/helm-charts
helm repo update
```
## Installing the chart
To install the chart with Helm v3 as _my-release_ deployment:
```console
helm install my-release haproxytech/kubernetes-ingress
```
**_NOTE_**: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter:
```console
helm install haproxytech/kubernetes-ingress \
--name my-release
```
### Installing with unique name
To auto-generate controller and its resources names when installing, use the following:
```console
helm install haproxytech/kubernetes-ingress \
--generate-name
```
### Installing from a private registry
To install the chart using a private registry for controller into a separate namespace _prod_.
**_NOTE_**: Helm v3 requires namespace to be precreated (eg. with `kubectl create namespace prod`)
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--namespace prod \
--set controller.image.tag=SOMETAG \
--set controller.imageCredentials.registry=myregistry.domain.com \
--set controller.imageCredentials.username=MYUSERNAME \
--set controller.imageCredentials.password=MYPASSWORD
```
Alternatively, use a pre-configured (existing) imagePullSecret in the same namespace:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--namespace prod \
--set controller.image.tag=SOMETAG \
--set controller.existingImagePullSecret name-of-existing-image-pull-secret
```
### Using values from YAML file
As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm:
_mylb.yaml_:
```yaml
controller:
kind: DaemonSet
ingressClass: haproxy
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
```
And invoking Helm becomes (compare to the previous example):
```console
helm install my-ingress -f mylb.yml haproxytech/kubernetes-ingress
```
A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) :
```yaml
controller:
service:
tcpPorts:
- name: mysql
port: 3306
targetPort: 3306
extraArgs:
- --configmap-tcp-services=default/tcp
```
### Installing as DaemonSet
Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet
```
### Installing in multi-ingress environment
It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers):
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet \
--set controller.ingressClass=haproxy
```
**_NOTE_**: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation.
### Installing Gateway API support
[Gateway API support](https://gateway-api.sigs.k8s.io/) can be installed and used wth controller. Supported features can seen in [Ingress Controller documentation](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/gateway-api.md)
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.gatewayControllerName=haproxy.org/gateway-controller
```
**_NOTE_**: Gateway API is not part of the default k8s API so it needs to be installed.
### Installing with service annotations
On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet \
--set controller.ingressClass=haproxy \
--set controller.service.type=LoadBalancer \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true"
```
**_NOTE_**: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string.
### Installing with Horizontal Pod Autoscaler (HPA)
[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count for the controller:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.autoscaling.enabled=true
```
### Installing the ServiceMonitor
If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs.
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.serviceMonitor.enabled=true
```
### Installing the PodMonitor
As an alternative to a `ServiceMonitor` you can use a `PodMonitor`, which targets the pods directly instead of using a service.
If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `PodMonitor` definition in order to automate the scraping options according to your needs.
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.podMonitor.enabled=true
```
### Installing with Kubernetes Event-driven Autoscaling (KEDA)
[KEDA](https://keda.sh/docs/2.3/concepts/scaling-deployments/) is an improved scaling solution built on top of HPA which allows autoscaling criteria based on information from any event source including Prometheus metrics collected from HAProxy native Prometheus Exporter.
To enable KEDA, you will also need to install Prometheus Operator and ServiceMonitor enabled (serverAddress has to match `prometheus-kube-prometheus-prometheus` service IP):
_mykeda.yaml_:
```yaml
controller:
kind: Deployment
serviceMonitor:
enabled: true
keda:
enabled: true
minReplicas: 1
maxReplicas: 5
triggers:
- type: prometheus
metadata:
serverAddress: http://10.96.206.247:9090
metricName: haproxy_frontend_current_sessions
threshold: "100"
query: sum(rate(haproxy_frontend_current_sessions{proxy="http"}[2m]))
```
Note: Other options to trigger scaling can be found in Prometheus [native exporter documentation](https://github.com/haproxy/haproxy/blob/master/addons/promex/README), but some ideas are:
- `haproxy_process_idle_time_percent`
- `haproxy_frontend_current_sessions`
- `haproxy_backend_current_queue`
And to install:
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add kedacore https://kedacore.github.io/charts
helm repo update
helm install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
kubectl create namespace keda
helm install keda kedacore/keda --namespace keda
helm install mytest haproxytech/kubernetes-ingress -f mykeda.yaml
```
## Installing on Azure Managed Kubernetes Service (AKS)
By default Azure LB sends probe to `/` and expects HTTP status codes of 200-399 to consider Pod healthy, which means probes end up on default HTTP backend returning HTTP 404 status code. Since v1.20 AKS service annotation `service.beta.kubernetes.io/azure-load-balancer-health-probe-request-path` can be used to override health probe behaviour and we recommend using the following annotation on AKS to target `/healthz` endpoint for health probes:
```console
helm install ...
--set controller.service.type=LoadBalancer \
--set controller.service.annotations."service\.beta\.kubernetes\.io/azure-load-balancer-health-probe-request-path"=/healthz
```
## Upgrading the chart
To upgrade the _my-release_ deployment:
```console
helm upgrade my-release haproxytech/kubernetes-ingress
```
By default Helm [does not upgrade](https://helm.sh/docs/chart_best_practices/custom_resource_definitions/) CRDs during an upgrade, so before doing an upgrade it is mandatory to upgrade CRDs to the latest version by hand **before** doing a Helm chart upgrade.
```console
kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/crds/core.haproxy.org_defaults.yaml
kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/crds/core.haproxy.org_globals.yaml
kubectl apply -f https://raw.githubusercontent.com/haproxytech/helm-charts/main/kubernetes-ingress/crds/core.haproxy.org_backends.yaml
```
Note: from Helm Chart 1.35.0, Helm Chart contains CRD install/upgrade job that will take care of both installing and
upgrading CRDs accordingly.
## Uninstalling the chart
To uninstall/delete the _my-release_ deployment:
```console
helm delete my-release
```
## Debugging
It is possible to generate a set of YAML files for testing/debugging:
```console
helm install my-release haproxytech/kubernetes-ingress \
--debug \
--dry-run
```
## Contributing
We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution.

8
charts/haproxy/haproxy/1.44.0/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
# HAProxy
[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment.
# HAProxy Enterprise
[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code.
## Introduction
This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager.

BIN
charts/haproxy/haproxy/1.44.0/chart-icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 15 KiB

6
charts/haproxy/haproxy/1.44.0/ci/daemonset-customconfig-templated-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
kind: DaemonSet
config: |
rate-limit: "{{ .Values.controller.configVars.rateLimit | required "controller.configVars.rateLimit is required" }}"
configVars:
rateLimit: "ON"

4
charts/haproxy/haproxy/1.44.0/ci/daemonset-customconfig-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
config:
rate-limit: "ON"

7
charts/haproxy/haproxy/1.44.0/ci/daemonset-customnodeport-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
service:
type: NodePort
ports:
8000: 10000
8001: 10001

2
charts/haproxy/haproxy/1.44.0/ci/daemonset-default-values.yaml Normal file
View File

@ -0,0 +1,2 @@
controller:
kind: DaemonSet

4
charts/haproxy/haproxy/1.44.0/ci/daemonset-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultBackend:
enabled: false

4
charts/haproxy/haproxy/1.44.0/ci/daemonset-disabledsecretconfig-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultTLSSecret:
enabled: false

7
charts/haproxy/haproxy/1.44.0/ci/daemonset-enableports-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
service:
enablePorts:
http: false
https: true
stat: false

4
charts/haproxy/haproxy/1.44.0/ci/daemonset-extraargs-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
extraArgs:
- --namespace-whitelist=default

7
charts/haproxy/haproxy/1.44.0/ci/daemonset-extraenvs-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
extraEnvs:
- name: TEST_STR1
value: foo
- name: TEST_STR2
value: baz

8
charts/haproxy/haproxy/1.44.0/ci/daemonset-hostport-values.yaml Normal file
View File

@ -0,0 +1,8 @@
controller:
kind: DaemonSet
daemonset:
useHostPort: true
hostPorts:
http: 80
https: 443
stat: 1024

6
charts/haproxy/haproxy/1.44.0/ci/daemonset-ingressclass-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
kind: DaemonSet
ingressClass: haproxy
ingressClassResource:
enabled: true
default: true

5
charts/haproxy/haproxy/1.44.0/ci/daemonset-ipfamily-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
service:
ipFamilies: [IPv4]
ipFamilyPolicy: SingleStack

5
charts/haproxy/haproxy/1.44.0/ci/daemonset-kubernetesgateway-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
kubernetesGateway:
enabled: true
gatewayControllerName: haproxy.org/gateway-controller

4
charts/haproxy/haproxy/1.44.0/ci/daemonset-nodeport-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
service:
type: NodePort

6
charts/haproxy/haproxy/1.44.0/ci/daemonset-privileged-ports.values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
kind: DaemonSet
containerPort:
http: 80
https: 443
stat: 1024

5
charts/haproxy/haproxy/1.44.0/ci/daemonset-publishservice-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

Some files were not shown because too many files have changed in this diff Show More