andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CI Updated Charts 

Updated:
  dynatrace/dynatrace-operator:
    - 0.9.0
pull/522/head
Samuel Attwood 2022-09-29 04:44:17 -04:00
parent 48c3de0ede
commit 6f6ab8cf35
58 changed files with 6486 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/dynatrace/dynatrace-operator-0.9.0.tgz Normal file
View File

Binary file not shown.

25
charts/dynatrace/dynatrace-operator/0.9.0/.helmignore Normal file
View File

@ -0,0 +1,25 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
tests/

23
charts/dynatrace/dynatrace-operator/0.9.0/Chart.yaml Normal file
View File

@ -0,0 +1,23 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dynatrace Operator
catalog.cattle.io/kube-version: '>=1.21.0-0'
catalog.cattle.io/release-name: dynatrace-operator
apiVersion: v2
appVersion: 0.9.0
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
kubeVersion: '>=1.21.0-0'
maintainers:
- email: marcell.sevcsik@dynatrace.com
name: 0sewa0
- email: christoph.muellner@dynatrace.com
name: chrismuellner
- email: lukas.hinterreiter@dynatrace.com
name: luhi-DT
name: dynatrace-operator
sources:
- https://github.com/Dynatrace/dynatrace-operator
type: application
version: 0.9.0

33
charts/dynatrace/dynatrace-operator/0.9.0/README.md Normal file
View File

@ -0,0 +1,33 @@
# Dynatrace Operator Helm Chart
The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift.
This Helm Chart requires Helm 3.
## Quick Start
Migration instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-dto-helm#migrate).
Install the Dynatrace Operator via Helm by running the following commands.
### Installation
> For instructions on how to install the dynatrace-operator on Openshift, head to the
> [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm)
Add `dynatrace` helm repository:
```
helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable
```
Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace:
```console
helm install dynatrace-operator dynatrace/dynatrace-operator -n dynatrace --create-namespace --atomic
```
## Uninstall chart
> Full instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm#uninstall-dynatrace-operator)
Uninstall the Dynatrace Operator by running the following command:
```console
helm uninstall dynatrace-operator -n dynatrace
```

5
charts/dynatrace/dynatrace-operator/0.9.0/app-readme.md Normal file
View File

@ -0,0 +1,5 @@
# Dynatrace Operator
The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift.
As of launch, the Dynatrace Operator can be used to deploy a containerized ActiveGate for Kubernetes API monitoring. New capabilities will be added to the Dynatrace Operator over time including metric routing, and API monitoring for AWS, Azure, GCP, and vSphere.

3321
charts/dynatrace/dynatrace-operator/0.9.0/generated/dynatrace-operator-crd.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
charts/dynatrace/dynatrace-operator/0.9.0/logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 9.7 KiB

250
charts/dynatrace/dynatrace-operator/0.9.0/questions.yml Normal file
View File

@ -0,0 +1,250 @@
categories:
- APM
- Monitoring
questions:
#################### Global Configuration ####################
- variable: installCRD
label: "Install Custom Resource Definitions"
description: "Installs the Custom Resource Definitions for the Dynakube. This is recommended if you haven't installed it manually yet. Default: true"
default: true
type: boolean
group: "Global Configuration"
- variable: image
label: "Set a custom image for operator components"
description: "Set a custom image for operator. Defaults to docker.io/dynatrace/dynatrace-operator"
default: ""
type: string
group: "Global Configuration"
- variable: customPullSecret
label: "Set a custom pull secret for operator image"
description: "Set a custom pull secret for the operator image"
default: ""
type: string
group: "Global Configuration"
#################### Operator Deployment Configuration ####################
- variable: operator.nodeSelector
label: "Assign the Dynatrace Operator's pod to certain nodes"
description: "Defines a NodeSelector to customize to which nodes the Dynatrace Operator can be deployed on - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector"
default: ""
type: string
group: "Operator Deployment Configuration"
- variable: operator.tolerations
label: "Custom tolerations for the Dynatrace Operator's pod"
description: "Defines custom tolerations to the Dynatrace Operator - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/"
default: ""
type: string
group: "Operator Deployment Configuration"
- variable: operator.apparmor
label: "Enable AppArmor for the Dynatrace Operator's pod"
description: "Adds AppArmor security annotations to the Dynatrace Operator's pod. Default: false"
default: false
type: boolean
group: "Operator Deployment Configuration"
- variable: operator.requests.cpu
label: "CPU resource requests settings for Dynatrace Operator's pods"
description: "The minimum amount of CPU resources that the Dynatrace Operator's pods should request. Affects scheduling. Default: 50m"
default: "50m"
type: string
group: "Operator Deployment Configuration"
- variable: operator.requests.memory
label: "Memory resource requests settings for Dynatrace Operator's pods"
description: "The minimum amount of memory that the Dynatrace Operator's pods should request. Affects scheduling. Default: 64Mi"
default: "64Mi"
type: string
group: "Operator Deployment Configuration"
- variable: operator.limits.cpu
label: "CPU resource limits settings for Dynatrace Operator's pods"
description: "The maximum amount of CPU resources that the Dynatrace Operator's pods can use. Default: 100m"
default: "100m"
type: string
group: "Operator Deployment Configuration"
- variable: operator.limits.memory
label: "Memory resource limits settings for Dynatrace Operator's pods"
description: "The maximum amount of memory that the Dynatrace Operator's pods can use. Pod restarted if exceeded. Default: 128Mi"
default: "128Mi"
type: string
group: "Operator Deployment Configuration"
#################### Webhook Deployment Configuration ####################
- variable: webhook.apparmor
label: "Enable AppArmor for the Dynatrace Webhook's pod"
description: "Adds AppArmor security annotations to the Dynatrace Webhook's pod. Default: false"
default: false
type: boolean
group: "Webhook Deployment Configuration"
- variable: webhook.highAvailability
label: "Enable high availability for the Dynatrace Webhook's pod"
description: "Adds topologySpreadConstraints and increases the replicas to 2 for the Dynatrace Webhook's pod. Default: false"
default: false
type: boolean
group: "Webhook Deployment Configuration"
- variable: webhook.hostNetwork
label: "Enable hostNetwork for the Dynatrace Webhook's pod"
description: "Enables hostNetwork for the Dynatrace Webhook's pod. Default: false"
default: false
type: boolean
group: "Webhook Deployment Configuration"
- variable: webhook.requests.cpu
label: "CPU resource requests settings for Dynatrace Webhook's pods"
description: "The minimum amount of CPU resources that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 300m"
default: "300m"
type: string
group: "Webhook Deployment Configuration"
- variable: webhook.requests.memory
label: "Memory resource requests settings for Dynatrace Webhook's pods"
description: "The minimum amount of memory that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 128Mi"
default: "128Mi"
type: string
group: "Webhook Deployment Configuration"
- variable: webhook.limits.cpu
label: "CPU resource limits settings for Dynatrace Webhook's pods"
description: "The maximum amount of CPU resources that the Dynatrace Webhook's pods can use. Default: 300m"
default: "300m"
type: string
group: "Webhook Deployment Configuration"
- variable: webhook.limits.memory
label: "Memory resource limits settings for Dynatrace Webhook's pods"
description: "The maximum amount of memory that the Dynatrace Webhook's pods can use. Pod restarted if exceeded. Default: 128Mi"
default: "128Mi"
type: string
group: "Webhook Deployment Configuration"
#################### CSI Driver Deployment Configuration ####################
- variable: csidriver.enabled
label: "Deploy the Dynatrace CSI Driver"
description: "Deploys the Dynatrace CSI Driver via a DaemonSet to enable Cloud Native FullStack. Default: false"
default: false
type: boolean
group: "CSI Driver Deployment Configuration"
- variable: csidriver.server.requests.cpu
label: "CPU resource requests settings for Dynatrace CSI Driver's server container"
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's server container should request. Affects scheduling. Default: 50m"
default: "50m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.server.requests.memory
label: "Memory resource requests settings for Dynatrace CSI Driver's server container"
description: "The minimum amount of memory that the Dynatrace CSI Driver's server container should request. Affects scheduling. Default: 100Mi"
default: "100Mi"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.server.limits.cpu
label: "CPU resource limits settings for Dynatrace CSI Driver's server container"
description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's server container can use. Default: 50m"
default: "50m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.server.limits.memory
label: "Memory resource limits settings for Dynatrace CSI Driver's server container"
description: "The maximum amount of memory that the Dynatrace CSI Driver's server container can use. Pod restarted if exceeded. Default: 100Mi"
default: "100Mi"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.provisioner.requests.cpu
label: "CPU resource requests settings for Dynatrace CSI Driver's provisioner container"
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's provisioner container should request. Affects scheduling. Default: 300m"
default: "300m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.provisioner.requests.memory
label: "Memory resource requests settings for Dynatrace CSI Driver's provisioner container"
description: "The minimum amount of memory that the Dynatrace CSI Driver's provisioner container should request. Affects scheduling. Default: 100Mi"
default: "100Mi"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.provisioner.limits.cpu
label: "CPU resource limits settings for Dynatrace CSI Driver's provisioner container"
description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's provisioner container can use. Default: 300m"
default: "300m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.provisioner.limits.memory
label: "Memory resource limits settings for Dynatrace CSI Driver's provisioner container"
description: "The maximum amount of memory that the Dynatrace CSI Driver's provisioner container can use. Pod restarted if exceeded. Default: 100Mi"
default: "100Mi"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.registrar.requests.cpu
label: "CPU resource requests settings for Dynatrace CSI Driver's registrar container"
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's registrar container should request. Affects scheduling. Default: 20m"
default: "20m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.registrar.requests.memory
label: "Memory resource requests settings for Dynatrace CSI Driver's registrar container"
description: "The minimum amount of memory that the Dynatrace CSI Driver's registrar container should request. Affects scheduling. Default: 30Mi"
default: "30Mi"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.registrar.limits.cpu
label: "CPU resource limits settings for Dynatrace CSI Driver's registrar container"
description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's registrar container can use. Default: 20m"
default: "20m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.registrar.limits.memory
label: "Memory resource limits settings for Dynatrace CSI Driver's registrar container"
description: "The maximum amount of memory that the Dynatrace CSI Driver's registrar container can use. Pod restarted if exceeded. Default: 30Mi"
default: "30Mi"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.livenessprobe.requests.cpu
label: "CPU resource requests settings for Dynatrace CSI Driver's livenessprobe container"
description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's livenessprobe container should request. Affects scheduling. Default: 20m"
default: "20m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.livenessprobe.requests.memory
label: "Memory resource requests settings for Dynatrace CSI Driver's livenessprobe container"
description: "The minimum amount of memory that the Dynatrace CSI Driver's livenessprobe container should request. Affects scheduling. Default: 30Mi"
default: "30Mi"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.livenessprobe.limits.cpu
label: "CPU resource limits settings for Dynatrace CSI Driver's livenessprobe container"
description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's livenessprobe container can use. Default: 20m"
default: "20m"
type: string
group: "CSI Driver Deployment Configuration"
- variable: csidriver.livenessprobe.limits.memory
label: "Memory resource limits settings for Dynatrace CSI Driver's livenessprobe container"
description: "The maximum amount of memory that the Dynatrace CSI Driver's livenessprobe container can use. Pod restarted if exceeded. Default: 30Mi"
default: "30Mi"
type: string
group: "CSI Driver Deployment Configuration"

35
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/activegate/clusterrole-activegate.yaml Normal file
View File

@ -0,0 +1,35 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if eq (default false .Values.olm) true}}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-activegate
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{- end -}}
{{- end -}}

32
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/activegate/clusterrolebinding-activegate.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if eq (default false .Values.olm) true}}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-activegate
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-activegate
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-activegate
apiGroup: rbac.authorization.k8s.io
{{- end -}}
{{- end -}}

23
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/activegate/serviceaccount-activegate.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-activegate
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
{{ end }}

4
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/crd/dynatrace-operator-crd.yaml Normal file
View File

@ -0,0 +1,4 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if and .Values.installCRD (eq (include "dynatrace-operator.partial" .) "false") }}
{{ .Files.Get "generated/dynatrace-operator-crd.yaml" }}
{{- end -}}

65
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/clusterrole-csi.yaml Normal file
View File

@ -0,0 +1,65 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- watch
- create
- update
- patch
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
{{- end -}}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/clusterrolebinding-csi.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-oneagent-csi-driver
apiGroup: rbac.authorization.k8s.io
{{- end -}}

27
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/csidriver.yaml Normal file
View File

@ -0,0 +1,27 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: storage.k8s.io/v1
kind: CSIDriver
metadata:
name: csi.oneagent.dynatrace.com
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
spec:
attachRequired: false
podInfoOnMount: true
volumeLifecycleModes:
- Ephemeral
{{- end -}}

293
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/daemonset.yaml Normal file
View File

@ -0,0 +1,293 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
{{- if .Values.csidriver.labels }}
{{- toYaml .Values.csidriver.labels | nindent 4 }}
{{- end}}
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
spec:
revisionHistoryLimit: 10
selector:
matchLabels:
{{- include "dynatrace-operator.csiSelectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: provisioner
cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false"
{{- if and (eq (default false .Values.apparmor) true) (ne .Values.platform "openshift") }}
container.apparmor.security.beta.kubernetes.io/driver: runtime/default
container.apparmor.security.beta.kubernetes.io/registrar: runtime/default
container.apparmor.security.beta.kubernetes.io/liveness-probe: runtime/default
{{- end}}
{{- if .Values.csidriver.annotations }}
{{- toYaml .Values.csidriver.annotations | nindent 8 }}
{{- end }}
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 8 }}
{{- include "dynatrace-operator.csiSelectorLabels" . | nindent 8 }}
{{- if .Values.csidriver.labels }}
{{- toYaml .Values.csidriver.labels | nindent 8 }}
{{- end }}
spec:
containers:
# Used to receive/execute gRPC requests (NodePublishVolume/NodeUnpublishVolume) from kubelet to mount/unmount volumes for a pod
# - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
# - Needs access to the filesystem of pods on the node, and mount stuff to it,needs to read/write to it, needs root permissions to do so
# - Needs access to a dedicated folder on the node to persist data, needs to read/write to it.
- name: server
image: {{ include "dynatrace-operator.image" . }}
imagePullPolicy: Always
args:
- csi-server
- --endpoint=unix://csi/csi.sock
- --node-id=$(KUBE_NODE_NAME)
- --health-probe-bind-address=:10080
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: KUBE_NODE_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: spec.nodeName
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: livez
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
ports:
- containerPort: 10080
name: livez
protocol: TCP
resources:
{{- if .Values.csidriver.server.resources }}
{{- toYaml .Values.csidriver.server.resources | nindent 10 }}
{{- end }}
securityContext:
runAsUser: 0
privileged: true # Needed for mountPropagation
allowPrivilegeEscalation: true # Needed for privileged
readOnlyRootFilesystem: true
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
level: s0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /csi
name: plugin-dir
- mountPath: {{ include "dynatrace-operator.CSIMountPointDir" . }}
mountPropagation: Bidirectional
name: mountpoint-dir
- mountPath: /data
name: plugin-dir
subPath: data
mountPropagation: Bidirectional
- name: tmp-dir
mountPath: /tmp
- name: provisioner
image: {{ include "dynatrace-operator.image" . }}
imagePullPolicy: Always
args:
- csi-provisioner
- --health-probe-bind-address=:10090
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: livez
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
ports:
- containerPort: 10090
name: livez
protocol: TCP
resources:
{{- if .Values.csidriver.provisioner.resources }}
{{- toYaml .Values.csidriver.provisioner.resources | nindent 10 }}
{{- end }}
securityContext:
runAsUser: 0
privileged: true # Needed for mountPropagation
allowPrivilegeEscalation: true # Needed for privileged
readOnlyRootFilesystem: true
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
seLinuxOptions:
level: s0
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /data
name: plugin-dir
subPath: data
mountPropagation: Bidirectional
- mountPath: /tmp
name: tmp-dir
# Used to make a gRPC request (GetPluginInfo()) to the driver to get driver name and driver contain
# - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
# Used for registering the driver with kubelet
# - Needs access to the registration socket, needs to read/write to it, needs root permissions to do so.
- name: registrar
image: {{ include "dynatrace-operator.image" . }}
imagePullPolicy: Always
env:
- name: DRIVER_REG_SOCK_PATH
value: {{ include "dynatrace-operator.CSISocketPath" . }}
args:
- --csi-address=/csi/csi.sock
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
command:
- csi-node-driver-registrar
livenessProbe:
exec:
command:
- csi-node-driver-registrar
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
- --mode=kubelet-registration-probe
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 15
resources:
{{- if .Values.csidriver.registrar.resources }}
{{- toYaml .Values.csidriver.registrar.resources | nindent 10 }}
{{- end }}
securityContext:
runAsUser: 0
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /csi
name: plugin-dir
- mountPath: /registration
name: registration-dir
- mountPath: {{ include "dynatrace-operator.CSIPluginDir" . }}
name: lockfile-dir
# Used to make a gRPC request (Probe()) to the driver to check if its running
# - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so.
- name: liveness-probe
image: {{ include "dynatrace-operator.image" . }}
imagePullPolicy: Always
args:
- --csi-address=/csi/csi.sock
- --health-port=9898
command:
- livenessprobe
resources:
{{- if .Values.csidriver.livenessprobe.resources }}
{{- toYaml .Values.csidriver.livenessprobe.resources | nindent 10 }}
{{- end }}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
securityContext:
runAsUser: 0
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: false
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /csi
name: plugin-dir
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccountName: dynatrace-oneagent-csi-driver
terminationGracePeriodSeconds: 30
priorityClassName: dynatrace-high-priority
volumes:
# This volume is where the registrar registers the plugin with kubelet
- name: registration-dir
hostPath:
path: {{ include "dynatrace-operator.CSIRegistrationDir" . }}
type: Directory
# This volume is where the socket for kubelet->driver communication is done
- name: plugin-dir
hostPath:
path: {{ include "dynatrace-operator.CSIPluginDir" . }}
type: DirectoryOrCreate
# This volume is where the driver mounts volumes
- name: mountpoint-dir
hostPath:
path: {{ include "dynatrace-operator.CSIMountPointDir" . }}
type: DirectoryOrCreate
# Used by the registrar to create its lockfile
- name: lockfile-dir
emptyDir: {}
# A volume for the driver to write temporary files to
- name: tmp-dir
emptyDir: {}
{{- if .Values.customPullSecret }}
imagePullSecrets:
- name: {{ .Values.customPullSecret }}
{{- end }}
{{- if .Values.csidriver.nodeSelector }}
nodeSelector: {{- toYaml .Values.csidriver.nodeSelector | nindent 8 }}
{{- end }}
tolerations:
{{- if .Values.csidriver.tolerations }}
{{- toYaml .Values.csidriver.tolerations | nindent 8 }}
{{- end }}
- key: kubernetes.io/arch
value: arm64
effect: NoSchedule
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
- key: ToBeDeletedByClusterAutoscaler
operator: Exists
effect: NoSchedule
updateStrategy:
rollingUpdate:
maxUnavailable: 1
type: RollingUpdate
{{- end -}}

24
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/priority-class.yaml Normal file
View File

@ -0,0 +1,24 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: PriorityClass
apiVersion: scheduling.k8s.io/v1
metadata:
name: dynatrace-high-priority
value: {{ default 1000000 (int (.Values.csidriver).priorityClassValue) }}
globalDefault: false
description: "This priority class is used for Dynatrace Components in order to make sure they are not evicted in favor of other pods"
{{- end -}}

70
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/role-csi.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- watch
- list
- delete
- update
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- watch
- list
- delete
- update
- create
- apiGroups:
- dynatrace.com
resources:
- dynakubes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
{{- end -}}

31
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/rolebinding-csi.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-oneagent-csi-driver
apiGroup: rbac.authorization.k8s.io
{{- end -}}

23
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/csi/serviceaccount-csi.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.needCSI" .) "true" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-oneagent-csi-driver
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
{{- end -}}

94
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml Normal file
View File

@ -0,0 +1,94 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-kubernetes-monitoring
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
- pods
- namespaces
- replicationcontrollers
- events
- resourcequotas
- pods/proxy
- nodes/proxy
- nodes/metrics
- services
verbs:
- list
- watch
- get
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- list
- watch
- get
- apiGroups:
- apps
resources:
- deployments
- replicasets
- statefulsets
- daemonsets
verbs:
- list
- watch
- get
- apiGroups:
- apps.openshift.io
resources:
- deploymentconfigs
verbs:
- list
- watch
- get
- apiGroups:
- config.openshift.io
resources:
- clusterversions
verbs:
- list
- watch
- get
- nonResourceURLs:
- /metrics
- /version
- /readyz
- /livez
verbs:
- get
{{- if eq (default false .Values.olm) true}}
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
{{ end }}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-kubernetes-monitoring
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dynatrace-kubernetes-monitoring
subjects:
- kind: ServiceAccount
name: dynatrace-kubernetes-monitoring
namespace: {{ .Release.Namespace }}
{{ end }}

23
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-kubernetes-monitoring
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.activegateLabels" . | nindent 4 }}
{{ end }}

32
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-dynakube-oneagent-privileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}

32
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-dynakube-oneagent-unprivileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-dynakube-oneagent-privileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: "dynatrace-dynakube-oneagent-privileged"
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: "dynatrace-dynakube-oneagent-privileged"
{{ end }}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-dynakube-oneagent-unprivileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-dynakube-oneagent-unprivileged
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: dynatrace-dynakube-oneagent-unprivileged
{{ end }}

29
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-dynakube-oneagent-privileged
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
automountServiceAccountToken: false
{{- if eq .Values.platform "openshift"}}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{- end }}
{{ end }}

29
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-dynakube-oneagent-unprivileged
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
automountServiceAccountToken: false
{{- if eq .Values.platform "openshift"}}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{- end }}
{{ end }}

103
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/operator/clusterrole-operator.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- nodes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- dynatrace-dynakube-config
- dynatrace-data-ingest-endpoint
- dynatrace-activegate-internal-proxy
verbs:
- get
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- mutatingwebhookconfigurations
resourceNames:
- dynatrace-webhook
verbs:
- get
- update
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
resourceNames:
- dynatrace-webhook
verbs:
- get
- update
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
resourceNames:
- dynakubes.dynatrace.com
verbs:
- get
- update
{{- if eq (default false .Values.olm) true}}
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
{{ end }}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/operator/clusterrolebinding-operator.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ .Release.Name }}
apiGroup: rbac.authorization.k8s.io
{{ end }}

142
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/operator/deployment-operator.yaml Normal file
View File

@ -0,0 +1,142 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
{{- if .Values.operator.labels }}
{{- toYaml .Values.operator.labels | nindent 4 }}
{{- end }}
spec:
replicas: 1
revisionHistoryLimit: 1
selector:
matchLabels:
{{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 6 }}
strategy:
type: RollingUpdate
template:
metadata:
{{- if or (.Values.operator).apparmor .Values.operator.annotations }}
annotations:
{{- if (.Values.operator).apparmor}}
container.apparmor.security.beta.kubernetes.io/{{ .Release.Name }}: runtime/default
{{- end }}
{{- if .Values.operator.annotations }}
{{- toYaml .Values.operator.annotations | nindent 8 }}
{{- end }}
{{- end }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 8 }}
{{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 8 }}
{{- if .Values.operator.labels }}
{{- toYaml .Values.operator.labels | nindent 8 }}
{{- end }}
spec:
containers:
- name: {{ .Release.Name }}
args:
- operator
# Replace this with the built image name
image: {{ include "dynatrace-operator.image" . }}
imagePullPolicy: Always
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
ports:
- containerPort: 10080
name: server-port
resources:
requests:
{{- toYaml (.Values.operator).requests | nindent 14 }}
limits:
{{- toYaml (.Values.operator).limits | nindent 14 }}
volumeMounts:
- name: tmp-cert-dir
mountPath: /tmp/dynatrace-operator
readinessProbe:
httpGet:
path: /livez
port: server-port
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
livenessProbe:
httpGet:
path: /livez
port: server-port
scheme: HTTP
initialDelaySeconds: 15
periodSeconds: 10
securityContext:
seccompProfile:
type: RuntimeDefault
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
capabilities:
drop:
- ALL
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
{{- if ne .Values.platform "gke-autopilot"}}
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
{{- end }}
- key: kubernetes.io/os
operator: In
values:
- linux
volumes:
- emptyDir: { }
name: tmp-cert-dir
serviceAccountName: {{ .Release.Name }}
{{- if .Values.customPullSecret }}
imagePullSecrets:
- name: {{ .Values.customPullSecret }}
{{- end }}
{{- if .Values.operator.nodeSelector }}
nodeSelector: {{- toYaml .Values.operator.nodeSelector | nindent 8 }}
{{- end }}
tolerations:
{{- if .Values.operator.tolerations }}
{{- toYaml .Values.operator.tolerations | nindent 8 }}
{{- end }}
- key: kubernetes.io/arch
value: arm64
effect: NoSchedule
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
{{ end }}

159
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/operator/role-operator.yaml Normal file
View File

@ -0,0 +1,159 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
rules:
- apiGroups:
- dynatrace.com
resources:
- dynakubes
verbs:
- get
- list
- watch
- update
- create
- apiGroups:
- dynatrace.com
resources:
- dynakubes/finalizers
- dynakubes/status
verbs:
- update
- apiGroups:
- apps
resources:
- statefulsets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- apps
resources:
- replicasets
- deployments
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- deployments/finalizers
verbs:
- update
- apiGroups:
- "" # "" indicates the core API group
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- "" # "" indicates the core API group
resources:
- pods
verbs:
- get
- list
- watch
- delete
- create
- apiGroups:
- "" # "" indicates the core API group
resources:
- secrets
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- ""
resources:
- services
verbs:
- create
- update
- delete
- get
- list
- watch
- apiGroups:
- monitoring.coreos.com
resources:
- servicemonitors
verbs:
- get
- create
- apiGroups:
- networking.istio.io
resources:
- serviceentries
- virtualservices
verbs:
- get
- list
- create
- update
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
{{ end }}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/operator/rolebinding-operator.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Release.Name }}
roleRef:
kind: Role
name: {{ .Release.Name }}
apiGroup: rbac.authorization.k8s.io
{{ end }}

29
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/operator/serviceaccount-operator.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
{{ if eq .Values.platform "openshift" }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{ end }}
{{ end }}

97
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/clusterrole-webhook.yaml Normal file
View File

@ -0,0 +1,97 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- create
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- dynatrace-dynakube-config
- dynatrace-data-ingest-endpoint
verbs:
- get
- list
- watch
- update
# data-ingest workload owner lookup
- apiGroups:
- ""
resources:
- replicationcontrollers
verbs:
- get
- apiGroups:
- apps
resources:
- replicasets
- statefulsets
- daemonsets
- deployments
verbs:
- get
- apiGroups:
- batch
resources:
- jobs
- cronjobs
verbs:
- get
- apiGroups:
- apps.openshift.io
resources:
- deploymentconfigs
verbs:
- get
{{- if eq (default false .Values.olm) true}}
- apiGroups:
- security.openshift.io
resourceNames:
- host
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{ end }}
{{ end }}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/clusterrolebinding-webhook.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: dynatrace-webhook
apiGroup: rbac.authorization.k8s.io
{{ end }}

153
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/deployment-webhook.yaml Normal file
View File

@ -0,0 +1,153 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
{{- if .Values.webhook.labels }}
{{- toYaml .Values.webhook.labels | nindent 4 }}
{{- end }}
spec:
replicas: {{ (default false (.Values.webhook).highAvailability) | ternary 2 1 }}
revisionHistoryLimit: 1
selector:
matchLabels:
{{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 6 }}
strategy:
type: RollingUpdate
template:
metadata:
annotations:
kubectl.kubernetes.io/default-container: webhook
{{- if (.Values.webhook).apparmor}}
container.apparmor.security.beta.kubernetes.io/webhook: runtime/default
{{- end }}
{{- if .Values.webhook.annotations}}
{{- toYaml .Values.webhook.annotations | nindent 8 }}
{{- end }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 8 }}
{{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 8 }}
{{- if .Values.webhook.labels }}
{{- toYaml .Values.webhook.labels | nindent 8 }}
{{- end }}
spec:
{{- if (.Values.webhook).highAvailability }}
topologySpreadConstraints:
- maxSkew: 1
topologyKey: "topology.kubernetes.io/zone"
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: dynatrace-operator
- maxSkew: 1
topologyKey: "kubernetes.io/hostname"
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/component: webhook
app.kubernetes.io/name: dynatrace-operator
{{- end }}
volumes:
- emptyDir: {}
name: certs-dir
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
{{- if ne .Values.platform "gke-autopilot"}}
- key: kubernetes.io/arch
operator: In
values:
- amd64
- arm64
{{- end }}
- key: kubernetes.io/os
operator: In
values:
- linux
containers:
- name: webhook
args:
- webhook-server
# OLM mounts the certificates here, so we reuse it for simplicity
- --certs-dir=/tmp/k8s-webhook-server/serving-certs/
image: {{ include "dynatrace-operator.image" . }}
imagePullPolicy: Always
env:
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
readinessProbe:
httpGet:
path: /livez
port: server-port
scheme: HTTPS
ports:
- name: server-port
containerPort: 8443
resources:
requests:
{{- toYaml (.Values.webhook).requests | nindent 14 }}
limits:
{{- toYaml (.Values.webhook).limits | nindent 14 }}
volumeMounts:
- name: certs-dir
mountPath: /tmp/k8s-webhook-server/serving-certs/
securityContext:
seccompProfile:
type: RuntimeDefault
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
capabilities:
drop:
- ALL
serviceAccountName: dynatrace-webhook
{{- if (.Values.webhook).hostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.customPullSecret }}
imagePullSecrets:
- name: {{ .Values.customPullSecret }}
{{- end }}
{{- if .Values.webhook.nodeSelector }}
nodeSelector: {{- toYaml .Values.webhook.nodeSelector | nindent 8 }}
{{- end }}
tolerations:
{{- if .Values.webhook.tolerations }}
{{- toYaml .Values.webhook.tolerations | nindent 8 }}
{{- end }}
- key: kubernetes.io/arch
value: arm64
effect: NoSchedule
- key: kubernetes.io/arch
value: amd64
effect: NoSchedule
{{ end }}

61
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/mutatingwebhookconfiguration.yaml Normal file
View File

@ -0,0 +1,61 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
webhooks:
- name: webhook.pod.dynatrace.com
reinvocationPolicy: IfNeeded
failurePolicy: Ignore
timeoutSeconds: 2
rules:
- apiGroups: [ "" ]
apiVersions: [ "v1" ]
operations: [ "CREATE" ]
resources: [ "pods" ]
scope: Namespaced
namespaceSelector:
matchExpressions:
- key: dynakube.internal.dynatrace.com/instance
operator: Exists
clientConfig:
service:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
path: /inject
admissionReviewVersions: [ "v1beta1", "v1" ]
sideEffects: None
- name: webhook.ns.dynatrace.com
reinvocationPolicy: IfNeeded
failurePolicy: Ignore
timeoutSeconds: 2
rules:
- apiGroups: [ "" ]
apiVersions: [ "v1" ]
operations: [ "CREATE", "UPDATE"]
resources: [ "namespaces" ]
scope: Cluster
clientConfig:
service:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
path: /label-ns
admissionReviewVersions: [ "v1beta1", "v1" ]
sideEffects: None
{{ end }}

13
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/poddisruptionbudget-webhook.yaml Normal file
View File

@ -0,0 +1,13 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if and (.Values.webhook).highAvailability (eq (include "dynatrace-operator.partial" .) "false") }}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
spec:
minAvailable: 1
selector:
matchLabels:
app.kubernetes.io/component: webhook
{{ end }}

74
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/role-webhook.yaml Normal file
View File

@ -0,0 +1,74 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- services
- configmaps
- secrets
verbs:
- get
- list
- watch
- create
- update
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- dynatrace.com
resources:
- dynakubes
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- events
verbs:
- list
- create
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- update
- create
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- list
- watch
{{ end }}

31
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/rolebinding-webhook.yaml Normal file
View File

@ -0,0 +1,31 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: dynatrace-webhook
apiGroup: rbac.authorization.k8s.io
{{ end }}

30
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/service.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: Service
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
spec:
selector:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
ports:
- port: 443
protocol: TCP
targetPort: server-port
{{ end }}

29
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/serviceaccount-webhook.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
kind: ServiceAccount
metadata:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
{{- if eq .Values.platform "openshift" }}
imagePullSecrets:
- name: redhat-connect
- name: redhat-connect-sso
{{- end }}
{{ end }}

45
charts/dynatrace/dynatrace-operator/0.9.0/templates/Common/webhook/validatingwebhookconfiguration.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{ if eq (include "dynatrace-operator.partial" .) "false" }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.webhookLabels" . | nindent 4 }}
webhooks:
- admissionReviewVersions:
- v1
- v1beta1
- v1alpha1
clientConfig:
service:
name: dynatrace-webhook
namespace: {{ .Release.Namespace }}
path: /validate
rules:
- operations:
- CREATE
- UPDATE
apiGroups:
- dynatrace.com
apiVersions:
- v1beta1
resources:
- dynakubes
name: webhook.dynatrace.com
timeoutSeconds: 2
sideEffects: None
{{ end }}

10
charts/dynatrace/dynatrace-operator/0.9.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1,10 @@
Thank you for installing {{ .Chart.Name }}.
Your release is named {{ .Release.Name }}.
To find more information about the Dynatrace Operator, try:
https://github.com/Dynatrace/dynatrace-operator
To verify the current state of the deployments, try:
$ kubectl get pods -n {{ .Release.Namespace }}
$ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }}

52
charts/dynatrace/dynatrace-operator/0.9.0/templates/Openshift/activegate/securitycontextconstraints.yaml Normal file
View File

@ -0,0 +1,52 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: dynatrace-activegate
allowPrivilegedContainer: false
fsGroup:
type: RunAsAny
priority: 1
{{- if (.Values.activeGate).readOnlyFs }}
readOnlyRootFilesystem: true
{{ else }}
readOnlyRootFilesystem: false
{{ end }}
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAsNonRoot
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring
volumes:
- "*"
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowedFlexVolumes: null
defaultAddCapabilities: []
{{ end }}

49
charts/dynatrace/dynatrace-operator/0.9.0/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml Normal file
View File

@ -0,0 +1,49 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: dynatrace-oneagent-csi-driver
labels:
{{- include "dynatrace-operator.csiLabels" . | nindent 4 }}
allowHostDirVolumePlugin: true
allowHostIPC: true
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- "*"
allowedFlexVolumes: null
defaultAddCapabilities: null
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities: null
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:dynatrace:dynatrace-oneagent-csi-driver
volumes:
- "*"
{{ end }}

66
charts/dynatrace/dynatrace-operator/0.9.0/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml Normal file
View File

@ -0,0 +1,66 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context."
name: dynatrace-dynakube-oneagent-privileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: true
allowedCapabilities:
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- KILL
- NET_ADMIN
- NET_RAW
- SETFCAP
- SETGID
- SETUID
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
- SYS_RESOURCE
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-privileged
volumes:
- "*"
{{ end }}

66
charts/dynatrace/dynatrace-operator/0.9.0/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml Normal file
View File

@ -0,0 +1,66 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
annotations:
kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc."
name: dynatrace-dynakube-oneagent-unprivileged
labels:
{{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }}
allowHostDirVolumePlugin: true
allowHostIPC: false
allowHostNetwork: true
allowHostPID: true
allowHostPorts: true
allowPrivilegedContainer: false
allowedCapabilities:
- CHOWN
- DAC_OVERRIDE
- DAC_READ_SEARCH
- FOWNER
- FSETID
- KILL
- NET_ADMIN
- NET_RAW
- SETFCAP
- SETGID
- SETUID
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
- SYS_RESOURCE
allowedFlexVolumes: null
defaultAddCapabilities: []
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: false
requiredDropCapabilities:
- ALL
runAsUser:
type: RunAsAny
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-unprivileged
volumes:
- "*"
{{ end }}

49
charts/dynatrace/dynatrace-operator/0.9.0/templates/Openshift/operator/securitycontextconstraints.yaml Normal file
View File

@ -0,0 +1,49 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: {{ .Release.Name }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
allowPrivilegedContainer: false
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAsNonRoot
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }}
volumes:
- "*"
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: false
allowHostPID: false
allowHostPorts: false
allowedFlexVolumes: null
defaultAddCapabilities: []
{{ end }}

49
charts/dynatrace/dynatrace-operator/0.9.0/templates/Openshift/webhook/securitycontextconstraints.yaml Normal file
View File

@ -0,0 +1,49 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}}
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: security.openshift.io/v1
kind: SecurityContextConstraints
metadata:
name: dynatrace-webhook
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
allowPrivilegedContainer: false
fsGroup:
type: RunAsAny
priority: 1
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
type: MustRunAsNonRoot
seLinuxContext:
type: RunAsAny
seccompProfiles:
- "*"
supplementalGroups:
type: RunAsAny
users:
- system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook
volumes:
- "*"
allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: true
allowHostPID: false
allowHostPorts: false
allowedFlexVolumes: null
defaultAddCapabilities: []
{{ end }}

50
charts/dynatrace/dynatrace-operator/0.9.0/templates/_csidriver.tpl Normal file
View File

@ -0,0 +1,50 @@
// Copyright 2020 Dynatrace LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
{{/*
Check if we need the csi driver.
*/}}
{{- define "dynatrace-operator.needCSI" -}}
{{- if or (.Values.csidriver.enabled) (eq (include "dynatrace-operator.partial" .) "csi") -}}
{{- printf "true" -}}
{{- end -}}
{{- end -}}
{{/*
CSI plugin-dir path
*/}}
{{- define "dynatrace-operator.CSIPluginDir" -}}
{{ printf "%s/plugins/csi.oneagent.dynatrace.com/" (trimSuffix "/" (default "/var/lib/kubelet" .Values.csidriver.kubeletPath)) }}
{{- end -}}
{{/*
CSI socket path
*/}}
{{- define "dynatrace-operator.CSISocketPath" -}}
{{ printf "%s/csi.sock" (trimSuffix "/" (include "dynatrace-operator.CSIPluginDir" .)) }}
{{- end -}}
{{/*
CSI mountpoint-dir path
*/}}
{{- define "dynatrace-operator.CSIMountPointDir" -}}
{{ printf "%s/pods/" (trimSuffix "/" (default "/var/lib/kubelet" .Values.csidriver.kubeletPath)) }}
{{- end -}}
{{/*
CSI registration-dir path
*/}}
{{- define "dynatrace-operator.CSIRegistrationDir" -}}
{{ printf "%s/plugins_registry/" (trimSuffix "/" (default "/var/lib/kubelet" .Values.csidriver.kubeletPath)) }}
{{- end -}}

73
charts/dynatrace/dynatrace-operator/0.9.0/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,73 @@
// Copyright 2020 Dynatrace LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "dynatrace-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Check if default image is used
*/}}
{{- define "dynatrace-operator.image" -}}
{{- if .Values.image -}}
{{- printf "%s" .Values.image -}}
{{- else -}}
{{- if eq .Values.platform "google-marketplace" -}}
{{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" "{{ .Chart.AppVersion }}" }}
{{- else -}}
{{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-operator" .Chart.AppVersion }}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Check if we are generating only a part of the yamls
*/}}
{{- define "dynatrace-operator.partial" -}}
{{- if (default false .Values.partial) -}}
{{- printf "%s" .Values.partial -}}
{{- else -}}
{{- printf "false" -}}
{{- end -}}
{{- end -}}
{{/*
Check if platform is set
*/}}
{{- define "dynatrace-operator.platformSet" -}}
{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") (eq .Values.platform "google-marketplace") (eq .Values.platform "gke-autopilot") -}}
{{ default "set" }}
{{- end -}}
{{- end -}}
{{/*
Exclude Kubernetes manifest not running on OLM
*/}}
{{- define "dynatrace-operator.openshiftOrOlm" -}}
{{- if and (or (eq .Values.platform "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}}
{{ default "true" }}
{{- end -}}
{{- end -}}
{{/*
Check if the platform is set
*/}}
{{- define "dynatrace-operator.platformRequired" -}}
{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformSet" .))}}
{{- end -}}

99
charts/dynatrace/dynatrace-operator/0.9.0/templates/_labels.tpl Normal file
View File

@ -0,0 +1,99 @@
// Copyright 2020 Dynatrace LLC
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
{{/*
Selector labels
*/}}
{{- define "dynatrace-operator.futureSelectorLabels" -}}
app.kubernetes.io/name: {{ .Release.Name }}
{{- if not (.Values).manifests }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end -}}
{{- end -}}
{{/*
Common labels
*/}}
{{- define "dynatrace-operator.commonLabels" -}}
{{ include "dynatrace-operator.futureSelectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
{{- if not (.Values).manifests }}
helm.sh/chart: {{ include "dynatrace-operator.chart" . }}
{{- end -}}
{{- end -}}
{{/*
Operator labels
*/}}
{{- define "dynatrace-operator.operatorLabels" -}}
{{ include "dynatrace-operator.commonLabels" . }}
app.kubernetes.io/component: operator
{{- end -}}
{{/*
Operator selector labels
*/}}
{{- define "dynatrace-operator.operatorSelectorLabels" -}}
name: {{ .Release.Name }}
{{- end -}}
{{/*
Webhook labels
*/}}
{{- define "dynatrace-operator.webhookLabels" -}}
{{ include "dynatrace-operator.commonLabels" . }}
app.kubernetes.io/component: webhook
{{- end -}}
{{/*
Webhook selector labels
*/}}
{{- define "dynatrace-operator.webhookSelectorLabels" -}}
internal.dynatrace.com/component: webhook
internal.dynatrace.com/app: webhook
{{- end -}}
{{/*
CSI labels
*/}}
{{- define "dynatrace-operator.csiLabels" -}}
{{ include "dynatrace-operator.commonLabels" . }}
app.kubernetes.io/component: csi-driver
{{- end -}}
{{/*
CSI selector labels
*/}}
{{- define "dynatrace-operator.csiSelectorLabels" -}}
internal.oneagent.dynatrace.com/app: csi-driver
internal.oneagent.dynatrace.com/component: csi-driver
{{- end -}}
{{/*
ActiveGate labels
*/}}
{{- define "dynatrace-operator.activegateLabels" -}}
{{ include "dynatrace-operator.commonLabels" . }}
app.kubernetes.io/component: activegate
{{- end -}}
{{/*
OneAgent labels
*/}}
{{- define "dynatrace-operator.oneagentLabels" -}}
{{ include "dynatrace-operator.commonLabels" . }}
app.kubernetes.io/component: oneagent
{{- end -}}

99
charts/dynatrace/dynatrace-operator/0.9.0/templates/application.yaml Normal file
View File

@ -0,0 +1,99 @@
{{- include "dynatrace-operator.platformRequired" . }}
{{- if eq .Values.platform "google-marketplace" }}
# Copyright 2020 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: app.k8s.io/v1beta1
kind: Application
metadata:
name: {{ .Release.Name }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "dynatrace-operator.operatorLabels" . | nindent 4 }}
annotations:
kubernetes-engine.cloud.google.com/icon: data:image/png;base64,{{ .Files.Get "logo.png" | b64enc }}
marketplace.cloud.google.com/deploy-info: '{"partner_id": "dynatrace-marketplace-prod", "product_id": "dynatrace-operator", "partner_name": "Dynatrace LLC"}'
spec:
descriptor:
type: "Dynatrace Operator"
version: "0.6.0"
maintainers:
- name: Dynatrace LLC
url: https://www.dynatrace.com/
keywords:
- "dynatrace"
- "operator"
- "activegate"
- "k8s"
- "monitoring"
- "apm"
description: |
# Dynatrace Operator
The Dynatrace Operator supports rollout and lifecycle management of various Dynatrace components in Kubernetes and OpenShift.
* OneAgent
* `classicFullStack` rolls out a OneAgent pod per node to monitor pods on it and the node itself
* `applicationMonitoring` is a webhook based injection mechanism for automatic app-only injection
* CSI Driver can be enabled to cache OneAgent downloads per node
* `hostMonitoring` is only monitoring the hosts (i.e. nodes) in the cluster without app-only injection
* `cloudNativeFullStack` is a combination of `applicationMonitoring` with CSI driver and `hostMonitoring`
* ActiveGate
* `routing` routes OneAgent traffic through the ActiveGate
* `kubernetes-monitoring` allows monitoring of the Kubernetes API
* `metrics-ingest` routes enriched metrics through ActiveGate
For more information please have a look at [our DynaKube Custom Resource examples](config/samples) and
our [official help page](https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/).
links:
- description: Dynatrace Website
url: https://www.dynatrace.com/
- description: Operator Deploy Guide
url: ToDo
- description: Kubernetes Monitoring Info
url: https://www.dynatrace.com/technologies/kubernetes-monitoring
selector:
matchLabels:
app.kubernetes.io/name: "{{ .Release.Name }}"
componentKinds:
- group: apps/v1
kind: DaemonSet
- group: v1
kind: Pod
- group: v1
kind: ConfigMap
- group: apps/v1
kind: Deployment
- group: v1
kind: Secret
- group: batch/v1
kind: Job
- group: v1
kind: Service
- group: v1
kind: ServiceAccount
- group: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
- group: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
- group: apps/v1
kind: StatefulSet
- group: storage.k8s.io/v1
kind: CSIDriver
- group: rbac.authorization.k8s.io/v1
kind: ClusterRole
- group: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
- group: rbac.authorization.k8s.io/v1
kind: Role
- group: rbac.authorization.k8s.io/v1
kind: RoleBinding
{{ end }}

98
charts/dynatrace/dynatrace-operator/0.9.0/values.yaml Normal file
View File

@ -0,0 +1,98 @@
# Copyright 2021 Dynatrace LLC
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# http://www.apache.org/licenses/LICENSE-2.0
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# may be set to "kubernetes", "openshift", or "gke-autopilot"
platform: "kubernetes"
image: ""
customPullSecret: ""
installCRD: false
operator:
nodeSelector: {}
tolerations: []
labels: []
annotations: []
apparmor: false
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 100m
memory: 128Mi
webhook:
hostNetwork: false
nodeSelector: {}
tolerations: []
labels: []
annotations: []
apparmor: false
requests:
cpu: 300m
memory: 128Mi
limits:
cpu: 300m
memory: 128Mi
highAvailability: true
csidriver:
enabled: false
nodeSelector: {}
kubeletPath: "/var/lib/kubelet"
priorityClassValue: "1000000"
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
operator: Exists
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
operator: Exists
labels: []
annotations: []
server:
resources:
requests:
cpu: 50m
memory: 100Mi
limits:
cpu: 50m
memory: 100Mi
provisioner:
resources:
requests:
cpu: 300m
memory: 100Mi
limits:
cpu: 300m
memory: 100Mi
registrar:
resources:
requests:
cpu: 20m
memory: 30Mi
limits:
cpu: 20m
memory: 30Mi
livenessprobe:
resources:
requests:
cpu: 20m
memory: 30Mi
limits:
cpu: 20m
memory: 30Mi
securityContextConstraints:
enabled: true # Only applicable for Openshift

27
index.yaml Executable file → Normal file
View File

@ -1135,6 +1135,33 @@ entries:
- assets/dynatrace/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000
dynatrace-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dynatrace Operator
catalog.cattle.io/kube-version: '>=1.21.0-0'
catalog.cattle.io/release-name: dynatrace-operator
apiVersion: v2
appVersion: 0.9.0
created: "2022-09-29T04:44:13.922729-04:00"
description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift
digest: 828bae97d0fdf06441c4a1762810ad60ebe77b4c93216444da75351d699ffa9f
home: https://www.dynatrace.com/
icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png
kubeVersion: '>=1.21.0-0'
maintainers:
- email: marcell.sevcsik@dynatrace.com
name: 0sewa0
- email: christoph.muellner@dynatrace.com
name: chrismuellner
- email: lukas.hinterreiter@dynatrace.com
name: luhi-DT
name: dynatrace-operator
sources:
- https://github.com/Dynatrace/dynatrace-operator
type: application
urls:
- assets/dynatrace/dynatrace-operator-0.9.0.tgz
version: 0.9.0
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Dynatrace Operator