andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #143 from PennyScissors/main 

Release partner charts
pull/152/head
Steven Crespo 2021-08-25 12:59:03 -07:00 committed by GitHub
parent 9b8111afb1 b18646d81f
commit 80bf871e33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
152 changed files with 9708 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/aws-event-sources/aws-event-sources-0.1.901.tgz Normal file
View File

Binary file not shown.

BIN
assets/haproxy/haproxy-1.16.100.tgz Normal file
View File

Binary file not shown.

BIN
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.1.0.tgz Normal file
View File

Binary file not shown.

BIN
assets/universal-crossplane/universal-crossplane-1.2.300200.tgz Normal file
View File

Binary file not shown.

23
charts/aws-event-sources/aws-event-sources/0.1.901/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

26
charts/aws-event-sources/aws-event-sources/0.1.901/Chart.yaml Normal file
View File

@ -0,0 +1,26 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Sources for Amazon Web Services
catalog.cattle.io/release-name: aws-event-sources
apiVersion: v2
appVersion: 1.7.0
description: AWS Event Sources controller for Kubernetes
home: https://github.com/triggermesh/aws-event-sources
icon: https://global-uploads.webflow.com/5f683649f57c927210b6707e/5f683649f57c9261bab67097_logo.svg
keywords:
- knative-eventing
- sources
- aws
- triggermesh
- serverless
kubeVersion: '>=1.18.0'
maintainers:
- email: sameer@triggermesh.com
name: sameersbn
- email: antoine@triggermesh.com
name: antoineco
name: aws-event-sources
sources:
- https://github.com/triggermesh/aws-event-sources
type: application
version: 0.1.901

113
charts/aws-event-sources/aws-event-sources/0.1.901/README.md Normal file
View File

@ -0,0 +1,113 @@
# aws-event-sources
Installs TriggerMesh AWS event sources controller. The following event sources are currently supported by the controller
- Amazon CodeCommit (`kind: AWSCodeCommitSource`)
- Amazon Cognito Identity (`kind: AWSCognitoIdentitySource`)
- Amazon Cognito UserPool (`kind: AWSCognitoUserPoolSource`)
- Amazon DynamoDB (`kind: AWSDynamoDBSource`)
- Amazon Kinesis (`kind: AWSKinesisSource`)
- Amazon Simple Notification Service (`kind: AWSSNSSource`)
- Amazon Simple Queue Service (`kind: AWSSQSSource`)
Refer to [aws-event-sources/config/samples](https://github.com/triggermesh/aws-event-sources/tree/master/config/samples) for examples that make use of the controller.
## TL;DR;
```console
$ helm repo add triggermesh https://storage.googleapis.com/triggermesh-charts
$ helm install triggermesh/aws-event-sources
```
To report bugs and for feedback and support please [create a new issue](https://github.com/triggermesh/aws-event-sources/issues/new).
## Introduction
This chart installs the [aws-event-sources](https://github.com/triggermesh/aws-event-sources) controller on a Kubernetes cluster.
## Prerequisites
- Kubernetes 1.16+ with Beta APIs
- Helm 3.0+
- Knative v0.14+
## Installing the Chart
Add the TriggerMesh chart repository to Helm:
```console
$ helm repo add triggermesh https://storage.googleapis.com/triggermesh-charts
```
To install the chart with the release name `my-release`:
```console
$ helm install --name my-release triggermesh/aws-event-sources
```
The command deploys the aws-event-sources controller in the default configuration. Refer to the [configuration](#configuration) section for the complete list of parameters that can be specified to customize the deployment of the controller.
## Uninstalling the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete my-release
```
The Kubernetes resources associated with chart will be removed and the Helm release will be deleted.
However note that the `CustomResourceDefinition` resources created by the chart will not be removed by the delete command and therefore need to be removed manually.
```console
$ kubectl delete crd awscodecommitsources.sources.triggermesh.io
$ kubectl delete crd awscognitoidentitysources.sources.triggermesh.io
$ kubectl delete crd awscognitouserpoolsources.sources.triggermesh.io
$ kubectl delete crd awsdynamodbsources.sources.triggermesh.io
$ kubectl delete crd awsiotsources.sources.triggermesh.io
$ kubectl delete crd awskinesissources.sources.triggermesh.io
$ kubectl delete crd awssnssources.sources.triggermesh.io
$ kubectl delete crd awssqssources.sources.triggermesh.io
```
## Configuration
| Parameter | Description | Default |
|---------------------------------------------|-----------------------------------------------------|--------------------------------------------|
| `nameOverride` | Override the name for controller resources | `""` |
| `fullnameOverride` | Override the fullname for controller resources | `""` |
| `rbac.create` | Create RBAC resources | `true` |
| `serviceAccount.create` | Create service account for the controller | `true` |
| `serviceAccount.annotations` | Annotations to add to controller service account | `{}` |
| `serviceAccount.name` | Override the name for the service account | `nil` |
| `imagePullSecrets` | Specify image pull secrets | `[]` |
| `image.registry` | Image registry name | `gcr.io` |
| `image.repository` | Image repository name | `triggermesh/aws-event-sources-controller` |
| `image.tag` | Image tag | `{TAG_NAME}` |
| `image.pullPolicy` | Image pull policy | `IfNotPresent` |
| `adapter.awscloudwatch.repository` | AWS adapter Cloudwatch image name | `triggermesh/awscloudwatchsource` |
| `adapter.awscloudwatch.tag` | AWS adapter Cloudwatch image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscloudwatchlogs.repository` | AWS adapter Cloudwatch Logs image name | `triggermesh/awscloudwatchlogssource` |
| `adapter.awscloudwatchlogs.tag` | AWS adapter Cloudwatch Logs image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscodecommit.repository` | AWS adapter CodeCommit image name | `triggermesh/awscodecommitsource` |
| `adapter.awscodecommit.tag` | AWS adapter CodeCommit image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscognitoidentity.repository` | AWS adapter Cognito Identity image name | `triggermesh/awscognitoidentitysource` |
| `adapter.awscognitoidentity.tag` | AWS adapter Cognito Identity image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awscognitouserpool.repository` | AWS adapter Cognito Userpool image name | `triggermesh/awscognitouserpoolsource` |
| `adapter.awscognitouserpool.tag` | AWS adapter Cognito Userpool image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awsdynamodb.repository` | AWS adapter DynamoDB image name | `triggermesh/awsdynamodbsource` |
| `adapter.awsdynamodb.tag` | AWS adapter DynamoDB image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awskinesis.repository` | AWS adapter Kinesis image name | `triggermesh/awskinesissource` |
| `adapter.awskinesis.tag` | AWS adapter Kinesis image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awsperformanceinsights.repository` | AWS adapter Performance Insights image name | `triggermesh/awsperformanceinsightssource` |
| `adapter.awsperformanceinsights.tag` | AWS adapter Performance Insights image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awssns.repository` | AWS adapter SNS image name | `triggermesh/awssnssource` |
| `adapter.awssns.tag` | AWS adapter SNS image tag | `_defaults to value of `.image.tag`_` |
| `adapter.awssqs.repository` | AWS adapter SQS image name | `triggermesh/awssqssource` |
| `adapter.awssqs.tag` | AWS adapter SQS image tag | `_defaults to value of `.image.tag`_` |
| `podAnnotations` | Annotations to add to the controller pod | `{}`` |
| `podSecurityContext` | Security context for controller pods | `{}` |
| `securityContext` | Security context for controller containers | `{}` |
| `resources` | Resource requests/limits for the controller | `{requests: {cpu: 20m, memory: 20Mi}}` |
| `nodeSelector` | Controller node selector | `{}` |
| `tolerations` | Tolerations for use with node taints | `[]` |
| `affinity` | Assign custom affinity rules to the controller pods | `{}` |

5
charts/aws-event-sources/aws-event-sources/0.1.901/app-readme.md Normal file
View File

@ -0,0 +1,5 @@
# TriggerMesh AWS Event Sources
[aws-event-sources](https://github.com/triggermesh/aws-event-sources) is a Kubernetes controller that implements Knative event sources for AWS services.
You may be using some Cloud services on AWS but still interested to run workloads within Kubernetes. To trigger those workloads when events happen in your AWS service you need to have an event source that can consume AWS events and send them to your workload.

219
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awscloudwatch.yaml Normal file
View File

@ -0,0 +1,219 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscloudwatchsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.cloudwatch.metrics.message" },
{ "type": "com.amazon.cloudwatch.metrics.metric" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCloudWatchSource
plural: awscloudwatchsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
region:
type: string
pollingInterval:
type: string
metricQueries:
type: array
items:
type: object
properties:
name:
type: string
pattern: ^[a-z]\w{0,254}$
expression:
type: string
metric:
type: object
properties:
period:
type: integer
stat:
type: string
unit:
type: string
metric:
type: object
properties:
metricName:
type: string
namespace:
type: string
dimensions:
type: array
items:
type: object
properties:
name:
type: string
value:
type: string
oneOf:
- required: ['expression']
- required: ['metric']
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- region
- metricQueries
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

180
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awscloudwatchlogs.yaml Normal file
View File

@ -0,0 +1,180 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscloudwatchlogssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.logs.log" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCloudWatchLogsSource
plural: awscloudwatchlogssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:logs:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
pollingInterval:
type: string
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

188
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awscodecommit.yaml Normal file
View File

@ -0,0 +1,188 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscodecommitsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.codecommit.push" },
{ "type": "com.amazon.codecommit.pull_request" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCodeCommitSource
plural: awscodecommitsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:codecommit:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
branch:
type: string
eventTypes:
type: array
items:
type: string
enum: [push, pull_request]
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- branch
- eventTypes
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awscognitoidentity.yaml Normal file
View File

@ -0,0 +1,178 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscognitoidentitysources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.cognito-identity.sync_trigger" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCognitoIdentitySource
plural: awscognitoidentitysources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:cognito-identity:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:identitypool\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awscognitouserpool.yaml Normal file
View File

@ -0,0 +1,178 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awscognitouserpoolsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.cognitouserpool.sync_trigger" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSCognitoUserPoolSource
plural: awscognitouserpoolsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:cognito-idp:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:userpool\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

180
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awsdynamodb.yaml Normal file
View File

@ -0,0 +1,180 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awsdynamodbsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.dynamodb.insert" },
{ "type": "com.amazon.dynamodb.modify" },
{ "type": "com.amazon.dynamodb.remove" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSDynamoDBSource
plural: awsdynamodbsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:dynamodb:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:table\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

157
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awsiot.yaml Normal file
View File

@ -0,0 +1,157 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awsiotsources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.iot.greetings" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSIoTSource
plural: awsiotsources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
endpoint:
type: string
format: hostname
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:iot:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:topic\/.+$'
rootCA:
type: string
rootCAPath:
type: string
certificate:
type: string
certificatePath:
type: string
privateKey:
type: string
privateKeyPath:
type: string
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- endpoint
- arn
- rootCA
- certificate
- privateKey
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awskinesis.yaml Normal file
View File

@ -0,0 +1,178 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awskinesissources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.kinesis.stream_record" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSKinesisSource
plural: awskinesissources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:kinesis:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:stream\/.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

187
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awsperformanceinsights.yaml Normal file
View File

@ -0,0 +1,187 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awsperformanceinsightssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.rds.pi.metric" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSPerformanceInsightsSource
plural: awsperformanceinsightssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: ^arn:aws(-cn|-us-gov)?:rds:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$
pollingInterval:
type: string
metricQueries:
type: array
items:
type: string
minLength: 1
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
- pollingInterval
- metricQueries
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

219
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awss3.yaml Normal file
View File

@ -0,0 +1,219 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awss3sources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.s3.objectcreated" },
{ "type": "com.amazon.s3.objectremoved" },
{ "type": "com.amazon.s3.objectrestore" },
{ "type": "com.amazon.s3.reducedredundancylostobject" },
{ "type": "com.amazon.s3.replication" },
{ "type": "com.amazon.s3.testevent" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSS3Source
plural: awss3sources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
# Bucket naming rules
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/bucketnamingrules.html
pattern: ^arn:aws(-cn|-us-gov)?:s3:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:[0-9a-z][0-9a-z.-]{2,62}$
eventTypes:
type: array
items:
type: string
# Accepted values
# https://docs.aws.amazon.com/AmazonS3/latest/API/API_QueueConfiguration.html
# https://docs.aws.amazon.com/AmazonS3/latest/userguide/notification-how-to-event-types-and-destinations.html
enum:
- s3:ObjectCreated:*
- s3:ObjectCreated:Put
- s3:ObjectCreated:Post
- s3:ObjectCreated:Copy
- s3:ObjectCreated:CompleteMultipartUpload
- s3:ObjectRemoved:*
- s3:ObjectRemoved:Delete
- s3:ObjectRemoved:DeleteMarkerCreated
- s3:ObjectRestore:*
- s3:ObjectRestore:Post
- s3:ObjectRestore:Completed
- s3:ReducedRedundancyLostObject
- s3:Replication:*
- s3:Replication:OperationFailedReplication
- s3:Replication:OperationNotTracked
- s3:Replication:OperationMissedThreshold
- s3:Replication:OperationReplicatedAfterThreshold
queueARN:
type: string
pattern: ^arn:aws(-cn|-us-gov)?:sqs:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: [value]
- required: [valueFromSecret]
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: [value]
- required: [valueFromSecret]
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: [ref]
- required: [uri]
required:
- arn
- eventTypes
- sink
status:
type: object
properties:
queueARN:
type: string
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Queue
type: string
jsonPath: .status.queueARN
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

207
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awssns.yaml Normal file
View File

@ -0,0 +1,207 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awssnssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.sns.notification" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSSNSSource
plural: awssnssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:sns:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
subscriptionAttributes:
type: object
properties:
DeliveryPolicy:
type: string
format: json
nullable: true
FilterPolicy:
type: string
format: json
nullable: true
RawMessageDelivery:
type: string
format: json
nullable: true
RedrivePolicy:
type: string
format: json
nullable: true
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
subscriptionARN:
type: string
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
address:
type: object
properties:
url:
type: string
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: URL
type: string
jsonPath: .status.address.url
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

178
charts/aws-event-sources/aws-event-sources/0.1.901/crds/crd-awssqs.yaml Normal file
View File

@ -0,0 +1,178 @@
# Copyright 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: awssqssources.sources.triggermesh.io
labels:
eventing.knative.dev/source: 'true'
duck.knative.dev/source: 'true'
knative.dev/crd-install: 'true'
annotations:
registry.knative.dev/eventTypes: |
[
{ "type": "com.amazon.sqs.message" }
]
spec:
group: sources.triggermesh.io
scope: Namespaced
names:
kind: AWSSQSSource
plural: awssqssources
categories:
- all
- knative
- eventing
- sources
versions:
- name: v1alpha1
served: true
storage: true
subresources:
status: {}
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
arn:
type: string
pattern: '^arn:aws(-cn|-us-gov)?:sqs:[a-z]{2}(-gov)?-[a-z]+-\d:\d{12}:.+$'
credentials:
type: object
properties:
accessKeyID:
type: object
properties:
value:
type: string
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
secretAccessKey:
type: object
properties:
value:
type: string
format: password
valueFromSecret:
type: object
properties:
name:
type: string
key:
type: string
required:
- name
- key
oneOf:
- required: ['value']
- required: ['valueFromSecret']
sink:
type: object
properties:
ref:
type: object
properties:
apiVersion:
type: string
kind:
type: string
namespace:
type: string
name:
type: string
required:
- apiVersion
- kind
- name
uri:
type: string
format: uri
oneOf:
- required: ['ref']
- required: ['uri']
required:
- arn
- sink
status:
type: object
properties:
sinkUri:
type: string
format: uri
ceAttributes:
type: array
items:
type: object
properties:
type:
type: string
source:
type: string
required:
- type
- source
observedGeneration:
type: integer
format: int64
conditions:
type: array
items:
type: object
properties:
type:
type: string
status:
type: string
enum: ['True', 'False', Unknown]
severity:
type: string
enum: [Error, Warning, Info]
reason:
type: string
message:
type: string
lastTransitionTime:
type: string
format: date-time
required:
- type
- status
additionalPrinterColumns:
- name: Ready
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].status
- name: Reason
type: string
jsonPath: .status.conditions[?(@.type=='Ready')].reason
- name: Sink
type: string
jsonPath: .status.sinkUri
- name: Age
type: date
jsonPath: .metadata.creationTimestamp

24
charts/aws-event-sources/aws-event-sources/0.1.901/questions.yml Normal file
View File

@ -0,0 +1,24 @@
questions:
- variable: defaultImage
default: true
description: "Use default Docker images"
label: Use Default Images
type: boolean
show_subquestion_if: false
group: "Container Images"
subquestions:
- variable: image.registry
default: "gcr.io"
description: "Docker image registry"
type: string
label: Image Registry
- variable: image.repository
default: "triggermesh/aws-event-sources-controller"
description: "Docker image repository"
type: string
label: Image Repository
- variable: image.tag
default: "v1.7.0"
description: "Docker image tag"
type: string
label: Image Tag

9
charts/aws-event-sources/aws-event-sources/0.1.901/templates/NOTES.txt Normal file
View File

@ -0,0 +1,9 @@
TriggerMesh AWS event sources controller for Knative has been installed.
To view the controller logs:
kubectl logs -f deploy/{{ include "aws-event-sources.fullname" . }}-controller --namespace {{ .Release.Namespace }}
Refer to https://github.com/triggermesh/aws-event-sources/tree/master/config/samples for examples that make use of the controller.
For support and feedback contact us as https://github.com/triggermesh/aws-event-sources/issues/new.

63
charts/aws-event-sources/aws-event-sources/0.1.901/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,63 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "aws-event-sources.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "aws-event-sources.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "aws-event-sources.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "aws-event-sources.labels" -}}
helm.sh/chart: {{ include "aws-event-sources.chart" . }}
{{ include "aws-event-sources.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "aws-event-sources.selectorLabels" -}}
app.kubernetes.io/name: {{ include "aws-event-sources.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "aws-event-sources.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "aws-event-sources.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

213
charts/aws-event-sources/aws-event-sources/0.1.901/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,213 @@
# Copyright (c) 2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.serviceAccount.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app {{ template "aws-event-sources.fullname" . }}-controller
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
# Permissions not required by controllers directly, but granted to
# receive-adapters via RoleBindings.
#
# Without them, the following error is thrown:
# "attempting to grant RBAC permissions not currently held"
#
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscloudwatchlogssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscloudwatchsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscodecommitsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscognitoidentitysource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awscognitouserpoolsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awsdynamodbsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awsiotsource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awskinesissource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awsperformanceinsightssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awss3source-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awssnssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: &app awssqssource-adapter
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: *app
---
# Resolve sink URIs
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "aws-event-sources.fullname" . }}-controller-addressable-resolver
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ template "aws-event-sources.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: addressable-resolver
{{- end }}

378
charts/aws-event-sources/aws-event-sources/0.1.901/templates/clusterroles.yaml Normal file
View File

@ -0,0 +1,378 @@
# Copyright (c) 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.rbac.create }}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "aws-event-sources.fullname" . }}-controller
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
rules:
# Record Kubernetes events
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- update
# Manage receive-adapters
- apiGroups:
- apps
resources:
- deployments
verbs: &all
- get
- list
- watch
- create
- update
- delete
- patch
- apiGroups:
- serving.knative.dev
resources:
- services
verbs: *all
# Read Source resources and update their statuses
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources
- awscloudwatchsources
- awscodecommitsources
- awscognitoidentitysources
- awscognitouserpoolsources
- awsdynamodbsources
- awsiotsources
- awskinesissources
- awsperformanceinsightssources
- awss3sources
- awssnssources
- awssqssources
verbs:
- list
- watch
- get
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources/status
- awscloudwatchsources/status
- awscodecommitsources/status
- awscognitoidentitysources/status
- awscognitouserpoolsources/status
- awsdynamodbsources/status
- awsiotsources/status
- awskinesissources/status
- awsperformanceinsightssources/status
- awss3sources/status
- awssnssources/status
- awssqssources/status
verbs:
- update
# Ensure compatibility with the OwnerReferencesPermissionEnforcement Admission Controller
# https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#ownerreferencespermissionenforcement
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources/finalizers
- awscloudwatchsources/finalizers
- awscodecommitsources/finalizers
- awscognitoidentitysources/finalizers
- awscognitouserpoolsources/finalizers
- awsdynamodbsources/finalizers
- awsiotsources/finalizers
- awskinesissources/finalizers
- awsperformanceinsightssources/finalizers
- awss3sources/finalizers
- awssnssources/finalizers
- awssqssources/finalizers
verbs:
- update
# Set finalizers
- apiGroups:
- sources.triggermesh.io
resources:
- awss3sources
- awssnssources
verbs:
- patch
# Manage resource-specific ServiceAccounts and RoleBindings
- apiGroups:
- ''
resources:
- serviceaccounts
verbs:
- list
- watch
- create
- apiGroups:
- ''
resources:
- serviceaccounts
resourceNames: &rbac-objects
- awscloudwatchlogssource-adapter
- awscloudwatchsource-adapter
- awscodecommitsource-adapter
- awscognitoidentitysource-adapter
- awscognitouserpoolsource-adapter
- awsdynamodbsource-adapter
- awsiotsource-adapter
- awskinesissource-adapter
- awsperformanceinsightssource-adapter
- awss3source-adapter
- awssnssource-adapter
- awssqssource-adapter
verbs:
- update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
verbs:
- list
- watch
- create
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
resourceNames: *rbac-objects
verbs:
- update
# Read credentials
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
# Read controller configurations
- apiGroups:
- ''
resources:
- configmaps
verbs:
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
resourceNames:
- config-logging
- config-observability
- config-leader-election
verbs:
- get
# Acquire leases for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
# Determine the exact reason why Deployments fail
- apiGroups:
- ''
resources:
- pods
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscloudwatchlogssource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscloudwatchsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscodecommitsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscognitoidentitysource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awscognitouserpoolsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awsdynamodbsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awsiotsource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awskinesissource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awsperformanceinsightssource-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awss3source-adapter
rules: []
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awssnssource-adapter
rules:
# Record Kubernetes events
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- update
# Read Source resources and update their statuses
- apiGroups:
- sources.triggermesh.io
resources:
- awssnssources
verbs:
- list
- watch
- apiGroups:
- sources.triggermesh.io
resources:
- awssnssources/status
verbs:
- patch
# Read credentials
- apiGroups:
- ''
resources:
- secrets
verbs:
- get
# Acquire leases for leader election
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- create
- update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: awssqssource-adapter
rules: []
---
# The role is needed for the aggregated role source-observer in knative-eventing to provide readonly access to "Sources".
# see https://github.com/knative/eventing/blob/release-0.14/docs/spec/sources.md#source-rbac
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "aws-event-sources.fullname" . }}-observer
labels:
duck.knative.dev/source: 'true'
{{- include "aws-event-sources.labels" . | nindent 4 }}
rules:
- apiGroups:
- sources.triggermesh.io
resources:
- awscloudwatchlogssources
- awscloudwatchsources
- awscodecommitsources
- awscognitoidentitysources
- awscognitouserpoolsources
- awsdynamodbsources
- awsiotsources
- awskinesissources
- awsperformanceinsightssources
- awssnssources
- awssqssources
verbs:
- get
- list
- watch
{{- end }}

109
charts/aws-event-sources/aws-event-sources/0.1.901/templates/deployment.yaml Normal file
View File

@ -0,0 +1,109 @@
# Copyright (c) 2020 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "aws-event-sources.fullname" . }}-controller
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "aws-event-sources.selectorLabels" . | nindent 6}}
template:
metadata:
labels:
{{- include "aws-event-sources.labels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "aws-event-sources.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: controller
terminationMessagePolicy: FallbackToLogsOnError
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy}}
resources:
{{- toYaml .Values.resources | nindent 12 }}
env:
- name: SYSTEM_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
# Logging/observability configuration
- name: CONFIG_LOGGING_NAME
value: config-logging
- name: CONFIG_OBSERVABILITY_NAME
value: config-observability
- name: METRICS_DOMAIN
value: triggermesh.io/sources
# Source adapters
- name: AWSCLOUDWATCHSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscloudwatch.repository }}:{{ default .Values.image.tag .Values.adapters.awscloudwatch.tag }}"
- name: AWSCLOUDWATCHLOGSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscloudwatchlogs.repository }}:{{ default .Values.image.tag .Values.adapters.awscloudwatchlogs.tag }}"
- name: AWSCODECOMMITSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscodecommit.repository }}:{{ default .Values.image.tag .Values.adapters.awscodecommit.tag }}"
- name: AWSCOGNITOIDENTITYSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscognitoidentity.repository }}:{{ default .Values.image.tag .Values.adapters.awscognitoidentity.tag }}"
- name: AWSCOGNITOUSERPOOLSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awscognitouserpool.repository }}:{{ default .Values.image.tag .Values.adapters.awscognitouserpool.tag }}"
- name: AWSDYNAMODBSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awsdynamodb.repository }}:{{ default .Values.image.tag .Values.adapters.awsdynamodb.tag }}"
- name: AWSKINESISSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awskinesis.repository }}:{{ default .Values.image.tag .Values.adapters.awskinesis.tag }}"
- name: AWSPERFORMANCEINSIGHTSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awsperformanceinsights.repository }}:{{ default .Values.image.tag .Values.adapters.awsperformanceinsights.tag }}"
- name: AWSSNSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awssns.repository }}:{{ default .Values.image.tag .Values.adapters.awssns.tag }}"
- name: AWSSQSSOURCE_IMAGE
value: "{{ .Values.image.registry }}/{{ .Values.adapters.awssqs.repository }}:{{ default .Values.image.tag .Values.adapters.awssqs.tag }}"
securityContext:
allowPrivilegeEscalation: false
{{- with .Values.securityContext }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- name: metrics
containerPort: 9090
- name: profiling
containerPort: 8008
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

26
charts/aws-event-sources/aws-event-sources/0.1.901/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,26 @@
# Copyright (c) 2020-2021 TriggerMesh Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "aws-event-sources.serviceAccountName" . }}
labels:
{{- include "aws-event-sources.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

68
charts/aws-event-sources/aws-event-sources/0.1.901/values.yaml Normal file
View File

@ -0,0 +1,68 @@
nameOverride: ""
fullnameOverride: ""
rbac:
create: true
serviceAccount:
create: true
annotations: {}
name: ""
imagePullSecrets: []
image:
registry: gcr.io
repository: triggermesh/aws-event-sources-controller
tag: v1.7.0
pullPolicy: IfNotPresent
adapters:
awscloudwatch:
repository: triggermesh/awscloudwatchsource
tag: ""
awscloudwatchlogs:
repository: triggermesh/awscloudwatchlogssource
tag: ""
awscodecommit:
repository: triggermesh/awscodecommitsource
tag: ""
awscognitoidentity:
repository: triggermesh/awscognitoidentitysource
tag: ""
awscognitouserpool:
repository: triggermesh/awscognitouserpoolsource
tag: ""
awsdynamodb:
repository: triggermesh/awsdynamodbsource
tag: ""
awskinesis:
repository: triggermesh/awskinesissource
tag: ""
awsperformanceinsights:
repository: triggermesh/awsperformanceinsightssource
tag: ""
awssns:
repository: triggermesh/awssnssource
tag: ""
awssqs:
repository: triggermesh/awssqssource
tag: ""
podAnnotations: {}
podSecurityContext: {}
securityContext: {}
resources:
requests:
cpu: 20m
memory: 20Mi
nodeSelector: {}
tolerations: []
affinity: {}

21
charts/haproxy/haproxy/1.16.100/.helmignore Normal file
View File

@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

24
charts/haproxy/haproxy/1.16.100/Chart.yaml Normal file
View File

@ -0,0 +1,24 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: HAProxy Kubernetes Ingress Controller
catalog.cattle.io/release-name: haproxy
apiVersion: v1
appVersion: 1.6.5
description: A Helm chart for HAProxy Kubernetes Ingress Controller
home: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
icon: http://www.haproxy.org/img/HAProxyCommunityEdition_60px.png
keywords:
- ingress
- haproxy
kubeVersion: '>=1.12.0-0'
maintainers:
- email: mmhedhbi@haproxy.com
name: Moemen Mhedhbi
- email: bassmann@haproxy.com
name: Baptiste Assmann
- email: dkorunic@haproxy.com
name: Dinko Korunic
name: haproxy
sources:
- https://github.com/haproxytech/kubernetes-ingress
version: 1.16.100

264
charts/haproxy/haproxy/1.16.100/README.md Normal file
View File

@ -0,0 +1,264 @@
# ![HAProxy](https://github.com/haproxytech/kubernetes-ingress/raw/master/assets/images/haproxy-weblogo-210x49.png "HAProxy")
## HAProxy Kubernetes Ingress Controller
An ingress controller is a Kubernetes resource that routes traffic from outside your cluster to services within the cluster. HAProxy Kubernetes Ingress Controller uses ConfigMap to store the haproxy configuration.
Detailed documentation can be found within the [Official Documentation](https://www.haproxy.com/documentation/kubernetes/latest/).
Additional configuration details can be found in [annotation reference](https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation) and in image [arguments reference](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md).
## Introduction
This chart bootstraps an HAProxy kubernetes-ingress deployment/daemonset on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
### Prerequisites
- Kubernetes 1.12+
- Helm 2.9+
## Before you begin
### Setup a Kubernetes Cluster
The quickest way to setup a Kubernetes cluster is with [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/), [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/) using their respective quick-start guides.
For setting up Kubernetes on other cloud platforms or bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/).
### Install Helm
Get the latest [Helm release](https://github.com/helm/helm#install).
### Add Helm chart repo
Once you have Helm installed, add the repo as follows:
```console
helm repo add haproxytech https://haproxytech.github.io/helm-charts
helm repo update
```
## Install the chart
To install the chart with Helm v3 as _my-release_ deployment:
```console
helm install my-release haproxytech/kubernetes-ingress
```
**_NOTE_**: To install the chart with Helm v2 (legacy Helm) the syntax requires adding deployment name to `--name` parameter:
```console
helm install haproxytech/kubernetes-ingress \
--name my-release
```
### Installing with unique name
To auto-generate controller and its resources names when installing, use the following:
```console
helm install haproxytech/kubernetes-ingress \
--generate-name
```
### Installing from a private registry
To install the chart using a private registry for controller into a separate namespace _prod_.
**_NOTE_**: Helm v3 requires namespace to be precreated (eg. with `kubectl create namespace prod`)
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--namespace prod \
--set controller.image.tag=SOMETAG \
--set controller.imageCredentials.registry=myregistry.domain.com \
--set controller.imageCredentials.username=MYUSERNAME \
--set controller.imageCredentials.password=MYPASSWORD
```
Alternatively, use a pre-configured (existing) imagePullSecret in the same namespace:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--namespace prod \
--set controller.image.tag=SOMETAG \
--set controller.existingImagePullSecret name-of-existing-image-pull-secret
```
### Using values from YAML file
As opposed to using many `--set` invocations, much simpler approach is to define value overrides in a separate YAML file and specify them when invoking Helm:
_mylb.yaml_:
```yaml
controller:
kind: DaemonSet
ingressClass: haproxy
service:
type: LoadBalancer
annotations:
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0
```
And invoking Helm becomes (compare to the previous example):
```console
helm install my-ingress -f mylb.yml haproxytech/kubernetes-ingress
```
A typical YAML file for TCP services looks like (provided that configmap "[default/tcp](https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md)" was created) :
```yaml
controller:
service:
tcpPorts:
- name: mysql
port: 3306
targetPort: 3306
extraArgs:
- --configmap-tcp-services=default/tcp
```
### Installing as DaemonSet
Default controller mode is [Deployment](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/), but it is possible to use [DaemonSet](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) as well:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet
```
### Installing in multi-ingress environment
It is also possible to set controller ingress class to be used in [multi-ingress environments](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers):
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet \
--set controller.ingressClass=haproxy
```
**_NOTE_**: make sure your Ingress routes have corresponding `ingress.class: haproxy` annotation.
### Installing with service annotations
On some environments like EKS and GKE there might be a need to pass service annotations. Syntax can become a little tedious however:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.kind=DaemonSet \
--set controller.ingressClass=haproxy \
--set controller.service.type=LoadBalancer \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"="0.0.0.0/0" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-cross-zone-load-balancing-enabled"="true"
```
**_NOTE_**: With helm `--set` it is needed to put quotes and escape dots in the annotation key and commas in the value string.
### Installing with Horizontal Pod Autoscaler (HPA)
[HPA](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) automatically scales number of replicas in Deployment or Replication Controller and adjusts replica count for the controller:
```console
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.autoscaling.enabled=true
```
### Installing the ServiceMonitor
If you're using the [Prometheus Operator](https://github.com/prometheus-operator/prometheus-operator), you can automatically install the `ServiceMonitor` definition in order to automate the scraping options according to your needs.
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
helm install my-ingress haproxytech/kubernetes-ingress \
--set controller.serviceMonitor.enabled=true
```
### Installing with Kubernetes Event-driven Autoscaling (KEDA)
[KEDA](https://keda.sh/docs/2.3/concepts/scaling-deployments/) is an improved scaling solution built on top of HPA which allows autoscaling criteria based on information from any event source including Prometheus metrics collected from HAProxy native Prometheus Exporter.
To enable KEDA, you will also need to install Prometheus Operator and ServiceMonitor enabled (serverAddress has to match `prometheus-kube-prometheus-prometheus` service IP):
_mykeda.yaml_:
```yaml
controller:
kind: Deployment
serviceMonitor:
enabled: true
keda:
enabled: true
minReplicas: 1
maxReplicas: 5
triggers:
- type: prometheus
metadata:
serverAddress: http://10.96.206.247:9090
metricName: haproxy_frontend_current_sessions
threshold: "100"
query: sum(rate(haproxy_frontend_current_sessions{proxy="http"}[2m]))
```
Note: Other options to trigger scaling can be found in Prometheus [native exporter documentation](https://github.com/haproxy/haproxy/blob/master/addons/promex/README), but some ideas are:
- `haproxy_process_idle_time_percent`
- `haproxy_frontend_current_sessions`
- `haproxy_backend_current_queue`
And to install:
```console
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm repo add kedacore https://kedacore.github.io/charts
helm repo update
helm install prometheus prometheus-community/kube-prometheus-stack \
--set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
--set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
kubectl create namespace keda
helm install keda kedacore/keda --namespace keda
helm install mytest haproxytech/kubernetes-ingress -f mykeda.yaml
```
## Upgrading the chart
To upgrade the _my-release_ deployment:
```console
helm upgrade my-release haproxytech/kubernetes-ingress
```
## Uninstalling the chart
To uninstall/delete the _my-release_ deployment:
```console
helm delete my-release
```
## Debugging
It is possible to generate a set of YAML files for testing/debugging:
```console
helm install my-release haproxytech/kubernetes-ingress \
--debug \
--dry-run
```
## Contributing
We welcome all contributions. Please refer to [guidelines](../CONTRIBUTING.md) on how to make a contribution.

8
charts/haproxy/haproxy/1.16.100/app-readme.md Normal file
View File

@ -0,0 +1,8 @@
# HAProxy
[HAProxy](https://www.haproxy.org/) is the world's fastest and most widely used software load balancer. HAProxy allows organizations to deliver websites and applications with the utmost performance, observability, and security at any scale and in any environment.
# HAProxy Enterprise
[HAProxy Enterprise](https://www.haproxy.com/products/haproxy-enterprise-edition/) is an enterprise-class version of HAProxy providing a robust and reliable code base with cutting edge features, an enterprise suite of add-ons, expert support, and professional services. At its core, it incorporates feature backports from the HAProxy development branch for customers who require immediate access to the latest functionality in a hardened version of code.
## Introduction
This chart bootstraps the [HAProxy Ingress Controller](https://github.com/haproxytech/kubernetes-ingress) or the [HAProxy Enterprise Ingress Controller](https://www.haproxy.com/products/haproxy-enterprise-kubernetes-ingress-controller/) using the [Helm](https://helm.sh) package manager.

4
charts/haproxy/haproxy/1.16.100/ci/daemonset-customconfig-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
config:
rate-limit: "ON"

7
charts/haproxy/haproxy/1.16.100/ci/daemonset-customnodeport-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
service:
type: NodePort
ports:
8000: 10000
8001: 10001

2
charts/haproxy/haproxy/1.16.100/ci/daemonset-default-values.yaml Normal file
View File

@ -0,0 +1,2 @@
controller:
kind: DaemonSet

4
charts/haproxy/haproxy/1.16.100/ci/daemonset-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultBackend:
enabled: false

4
charts/haproxy/haproxy/1.16.100/ci/daemonset-disabledsecretconfig-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
defaultTLSSecret:
enabled: false

7
charts/haproxy/haproxy/1.16.100/ci/daemonset-enableports-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
service:
enablePorts:
http: false
https: true
stat: false

4
charts/haproxy/haproxy/1.16.100/ci/daemonset-extraargs-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
extraArgs:
- --namespace-whitelist=default

7
charts/haproxy/haproxy/1.16.100/ci/daemonset-extraenvs-values.yaml Normal file
View File

@ -0,0 +1,7 @@
controller:
kind: DaemonSet
extraEnvs:
- name: TEST_STR1
value: foo
- name: TEST_STR2
value: baz

8
charts/haproxy/haproxy/1.16.100/ci/daemonset-hostport-values.yaml Normal file
View File

@ -0,0 +1,8 @@
controller:
kind: DaemonSet
daemonset:
useHostPort: true
hostPorts:
http: 80
https: 443
stat: 1024

6
charts/haproxy/haproxy/1.16.100/ci/daemonset-ingressclass-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
kind: DaemonSet
ingressClass: haproxy
ingressClassResource:
enabled: true
default: true

4
charts/haproxy/haproxy/1.16.100/ci/daemonset-nodeport-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
service:
type: NodePort

5
charts/haproxy/haproxy/1.16.100/ci/daemonset-publishservice-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

5
charts/haproxy/haproxy/1.16.100/ci/daemonset-serviceannotation-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
kind: DaemonSet
service:
annotations:
service.beta.kubernetes.io/aws-load-balancer-internal: 0.0.0.0/0

3
charts/haproxy/haproxy/1.16.100/ci/deployment-customconfig-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
config:
rate-limit: "ON"

6
charts/haproxy/haproxy/1.16.100/ci/deployment-customnodeport-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
service:
type: NodePort
ports:
8000: 10000
8001: 10001

1
charts/haproxy/haproxy/1.16.100/ci/deployment-default-values.yaml Normal file
View File

@ -0,0 +1 @@
#

2
charts/haproxy/haproxy/1.16.100/ci/deployment-disableddefaultbackend-values.yaml Normal file
View File

@ -0,0 +1,2 @@
defaultBackend:
enabled: false

3
charts/haproxy/haproxy/1.16.100/ci/deployment-disabledsecretconfig-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
defaultTLSSecret:
enabled: false

6
charts/haproxy/haproxy/1.16.100/ci/deployment-enableports-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
service:
enablePorts:
http: false
https: true
stat: false

3
charts/haproxy/haproxy/1.16.100/ci/deployment-extraargs-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
extraArgs:
- --namespace-whitelist=default

6
charts/haproxy/haproxy/1.16.100/ci/deployment-extraenvs-values.yaml Normal file
View File

@ -0,0 +1,6 @@
controller:
extraEnvs:
- name: TEST_STR1
value: foo
- name: TEST_STR2
value: baz

14
charts/haproxy/haproxy/1.16.100/ci/deployment-hpa-values.yaml Normal file
View File

@ -0,0 +1,14 @@
controller:
kind: Deployment
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 80
defaultBackend:
autoscaling:
enabled: true
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 50

5
charts/haproxy/haproxy/1.16.100/ci/deployment-ingressclass-values.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
ingressClass: haproxy
ingressClassResource:
enabled: true
default: true

3
charts/haproxy/haproxy/1.16.100/ci/deployment-nodeport-values.yaml Normal file
View File

@ -0,0 +1,3 @@
controller:
service:
type: NodePort

2
charts/haproxy/haproxy/1.16.100/ci/deployment-psp-values.yaml Normal file
View File

@ -0,0 +1,2 @@
podSecurityPolicy:
enabled: true

4
charts/haproxy/haproxy/1.16.100/ci/deployment-publishservice-values.yaml Normal file
View File

@ -0,0 +1,4 @@
controller:
kind: DaemonSet
publishService:
enabled: true

5
charts/haproxy/haproxy/1.16.100/ci/deployment-replicacount-unset.yaml Normal file
View File

@ -0,0 +1,5 @@
controller:
replicaCount: null
defaultBackend:
replicaCount: null

72
charts/haproxy/haproxy/1.16.100/questions.yml Normal file
View File

@ -0,0 +1,72 @@
questions:
- variable: imageDefault
default: true
description: "Use default Docker image"
label: Use Default Image
type: boolean
group: "Settings"
show_subquestion_if: false
subquestions:
- variable: controller.image.tag
default: "1.6.5"
description: "HAProxy Ingress Controller Tag"
type: string
label: HAProxy Ingress Controller Tag
- variable: controller.kind
type: enum
options:
- "DaemonSet"
- "Deployment"
default: "Deployment"
description: "Deployment Type"
label: Deployment Type
group: "Settings"
- variable: controller.service.type
type: enum
options:
- "LoadBalancer"
- "NodePort"
default: "NodePort"
description: "Service Type for HAProxy Ingress Controller"
label: Service Type
group: "Settings"
- variable: controller.ingressClass
default: ""
description: "Ingress Class for targeting this controller"
label: Ingress Class
type: string
group: "Settings"
- variable: controller.defaultTLSSecret.secret
default: ""
description: "Default TLS certificate secret"
label: TLS Certificate Secret
type: string
group: "Settings"
- variable: enableEnterprise
default: false
description: "Use HAProxy Enterprise"
label: Enable
type: boolean
group: "HAProxy Enterprise"
show_subquestion_if: true
subquestions:
- variable: controller.imageCredentials.registry
type: string
default: "kubernetes-registry.haproxy.com"
description: "HAProxy Enterprise Registtry"
label: Registry
- variable: controller.image.repository
type: string
default: "kubernetes-registry.haproxy.com/hapee-ingress"
description: "HAProxy Enterprise Registry"
label: Repository
- variable: controller.imageCredentials.username
type: string
default: "MYUSERNAME"
description: "HAProxy Enterprise Username"
label: Username
- variable: controller.imageCredentials.password
type: string
default: "MYPASSWORD"
description: "HAProxy Enterprise Password"
label: Password

67
charts/haproxy/haproxy/1.16.100/templates/NOTES.txt Normal file
View File

@ -0,0 +1,67 @@
HAProxy Kubernetes Ingress Controller has been successfully installed.
Controller image deployed is: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}".
Your controller is of a "{{ .Values.controller.kind }}" kind. Your controller service is running as a "{{ .Values.controller.service.type }}" type.
{{- if .Values.rbac.create}}
RBAC authorization is enabled.
{{- else}}
RBAC authorization is disabled.
{{- end}}
{{- if .Values.controller.ingressClass}}
Controller ingress.class is set to "{{ .Values.controller.ingressClass }}" so make sure to use same annotation for
Ingress resource.
{{- end}}
Service ports mapped are:
{{- if eq .Values.controller.kind "Deployment" }}
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- end }}
{{- end }}
{{- if eq .Values.controller.kind "DaemonSet" }}
{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
hostPort: {{ index $hostPorts $key | default $value }}
{{- end }}
{{- end }}
Node IP can be found with:
$ kubectl --namespace {{ .Release.Namespace }} get nodes -o jsonpath="{.items[0].status.addresses[1].address}"
The following ingress resource routes traffic to pods that match the following:
* service name: web
* client's Host header: webdemo.com
* path begins with /
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: web-ingress
namespace: default
spec:
rules:
- host: webdemo.com
http:
paths:
- path: /
backend:
serviceName: web
servicePort: 80
In case that you are using multi-ingress controller environment, make sure to use ingress.class annotation and match it
with helm chart option controller.ingressClass.
For more examples and up to date documentation, please visit:
* Helm chart documentation: https://github.com/haproxytech/helm-charts/tree/main/kubernetes-ingress
* Controller documentation: https://www.haproxy.com/documentation/hapee/2-0r1/traffic-management/kubernetes-ingress-controller/
* Annotation reference: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
* Image parameters reference: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md

130
charts/haproxy/haproxy/1.16.100/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,130 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
Expand the name of the chart.
*/}}
{{- define "kubernetes-ingress.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "kubernetes-ingress.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "kubernetes-ingress.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Encode an imagePullSecret string.
*/}}
{{- define "kubernetes-ingress.imagePullSecret" }}
{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.controller.imageCredentials.registry (printf "%s:%s" .Values.controller.imageCredentials.username .Values.controller.imageCredentials.password | b64enc) | b64enc }}
{{- end }}
{{/*
Generate default certificate for HAProxy.
*/}}
{{- define "kubernetes-ingress.gen-certs" -}}
{{- $ca := genCA "kubernetes-ingress-ca" 365 -}}
{{- $cn := printf "%s.%s" .Release.Name .Release.Namespace -}}
{{- $cert := genSignedCert $cn nil nil 365 $ca -}}
tls.crt: {{ $cert.Cert | b64enc }}
tls.key: {{ $cert.Key | b64enc }}
{{- end -}}
{{/*
Create the name of the controller service account to use.
*/}}
{{- define "kubernetes-ingress.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "kubernetes-ingress.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create the name of the backend service account to use - only used when podsecuritypolicy is also enabled
*/}}
{{- define "kubernetes-ingress.defaultBackend.serviceAccountName" -}}
{{- if or .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create -}}
{{ default (printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name) .Values.defaultBackend.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.defaultBackend.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified default backend name.
*/}}
{{- define "kubernetes-ingress.defaultBackend.fullname" -}}
{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified default cert secret name.
*/}}
{{- define "kubernetes-ingress.defaultTLSSecret.fullname" -}}
{{- printf "%s-%s" (include "kubernetes-ingress.fullname" .) "default-cert" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct the path for the publish-service.
By default this will use the <namespace>/<service-name> matching the controller's service name.
Users can provide an override for an explicit service they want to use via `.Values.controller.publishService.pathOverride`
*/}}
{{- define "kubernetes-ingress.publishServicePath" -}}
{{- $defServicePath := printf "%s/%s" .Release.Namespace (include "kubernetes-ingress.fullname" .) -}}
{{- $servicePath := default $defServicePath .Values.controller.publishService.pathOverride }}
{{- print $servicePath | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Construct the syslog-server annotation
*/}}
{{- define "kubernetes-ingress.syslogServer" -}}
{{- range $key, $val := .Values.controller.logging.traffic -}}
{{- printf "%s:%s, " $key $val }}
{{- end -}}
{{- end -}}
{{/*
Create a default fully qualified ServiceMonitor name.
*/}}
{{- define "kubernetes-ingress.serviceMonitorName" -}}
{{- default (include "kubernetes-ingress.fullname" .) .Values.controller.serviceMonitor.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/* vim: set filetype=mustache: */}}

60
charts/haproxy/haproxy/1.16.100/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,60 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups:
- ""
resources:
- configmaps
- endpoints
- services
- namespaces
- events
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses
- ingresses/status
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- "extensions"
- "networking.k8s.io"
resources:
- ingresses/status
verbs:
- update
{{- end -}}

37
charts/haproxy/haproxy/1.16.100/templates/clusterrolebinding.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.rbac.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "kubernetes-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

34
charts/haproxy/haproxy/1.16.100/templates/controller-configmap.yaml Normal file
View File

@ -0,0 +1,34 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
data:
{{- if .Values.controller.logging.traffic }}
syslog-server: {{ template "kubernetes-ingress.syslogServer" . }}
{{- end }}
{{- if .Values.controller.config }}
{{ toYaml .Values.controller.config | indent 2 }}
{{- end }}

242
charts/haproxy/haproxy/1.16.100/templates/controller-daemonset.yaml Normal file
View File

@ -0,0 +1,242 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if eq .Values.controller.kind "DaemonSet" }}
{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork -}}
{{- $useHostPort := .Values.controller.daemonset.useHostPort -}}
{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec:
minReadySeconds: 0
updateStrategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
{{- end }}
{{- if .Values.controller.podAnnotations }}
annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }}
{{- else if .Values.controller.existingImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.controller.existingImagePullSecret }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args:
{{- if .Values.controller.defaultTLSSecret.enabled -}}
{{- if and .Values.controller.defaultTLSSecret.secret .Values.controller.defaultTLSSecret.secretNamespace }}
- --default-ssl-certificate={{ tpl .Values.controller.defaultTLSSecret.secretNamespace . }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }}
{{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
{{- end }}
{{- if .Values.controller.logging.level }}
- --log={{ .Values.controller.logging.level }}
{{- end }}
{{- range .Values.controller.extraArgs }}
- {{ . }}
{{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- if $useHostPort }}
hostPort: {{ index $hostPorts $key | default $value }}
{{- end }}
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp
containerPort: {{ .port }}
protocol: TCP
{{- if $useHostPort }}
hostPort: {{ .port }}
{{- end }}
{{- end }}
{{- if .Values.controller.livenessProbe.enabled }}
livenessProbe:
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.livenessProbe.path }}
port: {{ .Values.controller.livenessProbe.port }}
scheme: {{ .Values.controller.livenessProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.readinessProbe.enabled }}
readinessProbe:
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.readinessProbe.path }}
port: {{ .Values.controller.readinessProbe.port }}
scheme: {{ .Values.controller.readinessProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.startupProbe.enabled }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.extraEnvs -}}
{{- toYaml .Values.controller.extraEnvs | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers:
{{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

35
charts/haproxy/haproxy/1.16.100/templates/controller-defaultcertsecret.yaml Normal file
View File

@ -0,0 +1,35 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.defaultTLSSecret.enabled }}
apiVersion: v1
kind: Secret
type: kubernetes.io/tls
metadata:
name: {{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
annotations:
"helm.sh/hook": "pre-install"
"helm.sh/hook-delete-policy": "before-hook-creation"
data:
{{ ( include "kubernetes-ingress.gen-certs" . ) | indent 2 }}
{{- end }}

245
charts/haproxy/haproxy/1.16.100/templates/controller-deployment.yaml Normal file
View File

@ -0,0 +1,245 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if eq .Values.controller.kind "Deployment" }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.extraLabels }}
{{ toYaml .Values.controller.extraLabels | indent 4 }}
{{- end }}
spec:
{{- if and (not .Values.controller.autoscaling.enabled) (not .Values.controller.keda.enabled) }}
replicas: {{ .Values.controller.replicaCount }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.controller.strategy }}
strategy:
{{- toYaml . | nindent 4 }}
{{- end }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.controller.podLabels }}
{{ toYaml .Values.controller.podLabels | indent 8 }}
{{- end }}
{{- if .Values.controller.podAnnotations }}
annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8 }}
{{- end }}
spec:
serviceAccountName: {{ template "kubernetes-ingress.serviceAccountName" . }}
terminationGracePeriodSeconds: {{ .Values.controller.terminationGracePeriodSeconds }}
{{- with .Values.controller.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.dnsConfig }}
dnsConfig:
{{ toYaml .Values.controller.dnsConfig | indent 8 }}
{{- end }}
dnsPolicy: {{ .Values.controller.dnsPolicy }}
{{- if .Values.controller.imageCredentials.registry }}
imagePullSecrets:
- name: {{ template "kubernetes-ingress.fullname" . }}
{{- else if .Values.controller.existingImagePullSecret }}
imagePullSecrets:
- name: {{ .Values.controller.existingImagePullSecret }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.controller.name }}
image: "{{ .Values.controller.image.repository }}:{{ tpl .Values.controller.image.tag . }}"
imagePullPolicy: {{ .Values.controller.image.pullPolicy }}
args:
{{- if .Values.controller.defaultTLSSecret.enabled -}}
{{- if and .Values.controller.defaultTLSSecret.secret .Values.controller.defaultTLSSecret.secretNamespace }}
- --default-ssl-certificate={{ tpl .Values.controller.defaultTLSSecret.secretNamespace . }}/{{ .Values.controller.defaultTLSSecret.secret }}
{{- else }}
- --default-ssl-certificate={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultTLSSecret.fullname" . }}
{{- end }}
{{- end }}
- --configmap={{ .Release.Namespace }}/{{ template "kubernetes-ingress.fullname" . }}
{{- if .Values.defaultBackend.enabled }}
- --default-backend-service={{ .Release.Namespace }}/{{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end }}
{{- if .Values.controller.ingressClass }}
- --ingress.class={{ .Values.controller.ingressClass }}
{{- end }}
{{- if .Values.controller.publishService.enabled }}
- --publish-service={{ template "kubernetes-ingress.publishServicePath" . }}
{{- end }}
{{- if .Values.controller.logging.level }}
- --log={{ .Values.controller.logging.level }}
{{- end }}
{{- range .Values.controller.extraArgs }}
- {{ . }}
{{- end }}
{{- if .Values.controller.unprivileged }}
securityContext:
runAsUser: 1000
runAsGroup: 1000
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
{{- end }}
ports:
{{- range $key, $value := .Values.controller.containerPort }}
- name: {{ $key }}
containerPort: {{ $value }}
protocol: TCP
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp
containerPort: {{ .targetPort }}
protocol: TCP
{{- end }}
{{- if .Values.controller.livenessProbe.enabled }}
livenessProbe:
failureThreshold: {{ .Values.controller.livenessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.livenessProbe.path }}
port: {{ .Values.controller.livenessProbe.port }}
scheme: {{ .Values.controller.livenessProbe.scheme }}
{{- if .Values.controller.livenessProbe.httpHeaders }}
httpHeaders: {{ toYaml .Values.controller.livenessProbe.httpHeaders | nindent 16 }}
{{- end }}
initialDelaySeconds: {{ .Values.controller.livenessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.livenessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.livenessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.readinessProbe.enabled }}
readinessProbe:
failureThreshold: {{ .Values.controller.readinessProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.readinessProbe.path }}
port: {{ .Values.controller.readinessProbe.port }}
scheme: {{ .Values.controller.readinessProbe.scheme }}
{{- if .Values.controller.readinessProbe.httpHeaders }}
httpHeaders: {{ toYaml .Values.controller.readinessProbe.httpHeaders | nindent 16 }}
{{- end }}
initialDelaySeconds: {{ .Values.controller.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.controller.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.readinessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.controller.startupProbe.enabled }}
startupProbe:
failureThreshold: {{ .Values.controller.startupProbe.failureThreshold }}
httpGet:
path: {{ .Values.controller.startupProbe.path }}
port: {{ .Values.controller.startupProbe.port }}
scheme: {{ .Values.controller.startupProbe.scheme }}
{{- if .Values.controller.startupProbe.httpHeaders }}
httpHeaders: {{ toYaml .Values.controller.startupProbe.httpHeaders | nindent 16 }}
{{- end }}
initialDelaySeconds: {{ .Values.controller.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.controller.startupProbe.periodSeconds }}
successThreshold: {{ .Values.controller.startupProbe.successThreshold }}
timeoutSeconds: {{ .Values.controller.startupProbe.timeoutSeconds }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
{{- if .Values.controller.extraEnvs -}}
{{- toYaml .Values.controller.extraEnvs | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.controller.resources | nindent 12 }}
{{- if .Values.controller.lifecycle }}
lifecycle:
{{- if eq "string" (printf "%T" .Values.controller.lifecycle) }}
{{ tpl .Values.controller.lifecycle . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.lifecycle | indent 12 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumeMounts }}
volumeMounts:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumeMounts) }}
{{ tpl .Values.controller.extraVolumeMounts . | indent 12 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumeMounts | indent 12 }}
{{- end }}
{{- end}}
{{- if .Values.controller.extraContainers }}
{{- if eq "string" (printf "%T" .Values.controller.extraContainers) }}
{{ tpl .Values.controller.extraContainers . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraContainers | indent 8 }}
{{- end }}
{{- end }}
{{- if .Values.controller.extraVolumes }}
volumes:
{{- if eq "string" (printf "%T" .Values.controller.extraVolumes) }}
{{ tpl .Values.controller.extraVolumes . | indent 8 }}
{{- else }}
{{ toYaml .Values.controller.extraVolumes | indent 8 }}
{{- end }}
{{- end }}
{{- if or .Values.controller.unprivileged .Values.controller.initContainers }}
initContainers:
{{- if .Values.controller.unprivileged }}
- name: sysctl
image: busybox:musl
command:
- /bin/sh
- -c
- sysctl -w net.ipv4.ip_unprivileged_port_start=0
securityContext:
privileged: true
{{- end }}
{{- with.Values.controller.initContainers }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- with .Values.controller.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.controller.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

58
charts/haproxy/haproxy/1.16.100/templates/controller-hpa.yaml Normal file
View File

@ -0,0 +1,58 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.autoscaling.enabled }}
{{- if not .Values.controller.keda.enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.fullname" . }}
minReplicas: {{ .Values.controller.autoscaling.minReplicas }}
maxReplicas: {{ .Values.controller.autoscaling.maxReplicas }}
metrics:
{{- if .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.controller.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.controller.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.controller.autoscaling.custom }}
{{- toYaml .Values.controller.autoscaling.custom | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

42
charts/haproxy/haproxy/1.16.100/templates/controller-ingressclass.yaml Normal file
View File

@ -0,0 +1,42 @@
{{/*
Copyright 2021 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) (.Values.controller.ingressClassResource.enabled) -}}
{{- if and (semverCompare "=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
apiVersion: networking.k8s.io/v1beta1
{{- else }}
apiVersion: networking.k8s.io/v1
{{- end }}
kind: IngressClass
metadata:
name: {{ .Values.controller.ingressClass }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.ingressClassResource.default }}
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
{{- end }}
spec:
controller: haproxy.org/ingress-controller
{{- if .Values.controller.ingressClassResource.parameters }}
parameters:
{{ toYaml .Values.controller.ingressClassResource.parameters | indent 4 }}
{{- end }}
{{- end }}

52
charts/haproxy/haproxy/1.16.100/templates/controller-keda.yaml Normal file
View File

@ -0,0 +1,52 @@
{{/*
Copyright 2021 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and (eq .Values.controller.kind "Deployment") .Values.controller.keda.enabled }}
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.keda.scaledObject.annotations }}
annotations: {{ toYaml .Values.controller.keda.scaledObject.annotations | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
name: {{ template "kubernetes-ingress.fullname" . }}
pollingInterval: {{ .Values.controller.keda.pollingInterval }}
cooldownPeriod: {{ .Values.controller.keda.cooldownPeriod }}
minReplicaCount: {{ .Values.controller.keda.minReplicas }}
maxReplicaCount: {{ .Values.controller.keda.maxReplicas }}
triggers:
{{- with .Values.controller.keda.triggers }}
{{ toYaml . | indent 2 }}
{{ end }}
advanced:
restoreToOriginalReplicaCount: {{ .Values.controller.keda.restoreToOriginalReplicaCount }}
{{- if .Values.controller.keda.behavior }}
horizontalPodAutoscalerConfig:
behavior:
{{ with .Values.controller.keda.behavior -}}
{{ toYaml . | indent 8 }}
{{ end }}
{{- end }}
{{- end }}

40
charts/haproxy/haproxy/1.16.100/templates/controller-poddisruptionbudget.yaml Normal file
View File

@ -0,0 +1,40 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.PodDisruptionBudget.enable }}
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
{{- if .Values.controller.PodDisruptionBudget.maxUnavailable }}
maxUnavailable: {{ .Values.controller.PodDisruptionBudget.maxUnavailable }}
{{- end }}
{{- if .Values.controller.PodDisruptionBudget.minAvailable }}
minAvailable: {{ .Values.controller.PodDisruptionBudget.minAvailable }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

80
charts/haproxy/haproxy/1.16.100/templates/controller-podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,80 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled }}
{{- $useHostNetwork := .Values.controller.daemonset.useHostNetwork }}
{{- $useHostPort := .Values.controller.daemonset.useHostPort }}
{{- $hostPorts := .Values.controller.daemonset.hostPorts -}}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.podSecurityPolicy.annotations }}
annotations:
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false
fsGroup:
rule: MustRunAs
ranges:
- max: 65535
min: 1
{{- if $useHostNetwork }}
hostNetwork: true
{{- end }}
{{- if or $useHostPort $useHostNetwork }}
hostPorts:
{{- range $key, $value := .Values.controller.containerPort }}
- min: {{ $value }}
max: {{ $value }}
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- min: {{ .port }}
max: {{ .port }}
{{- end }}
{{- end }}
hostIPC: false
hostPID: false
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes:
- configMap
- downwardAPI
- secret
{{- end }}

32
charts/haproxy/haproxy/1.16.100/templates/controller-pullsecret.yaml Normal file
View File

@ -0,0 +1,32 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.imageCredentials.registry }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ template "kubernetes-ingress.imagePullSecret" . }}
{{- end }}

38
charts/haproxy/haproxy/1.16.100/templates/controller-role.yaml Normal file
View File

@ -0,0 +1,38 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups:
- "policy"
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "kubernetes-ingress.fullname" . }}
{{- end -}}

37
charts/haproxy/haproxy/1.16.100/templates/controller-rolebinding.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubernetes-ingress.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

101
charts/haproxy/haproxy/1.16.100/templates/controller-service.yaml Normal file
View File

@ -0,0 +1,101 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.service.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubernetes-ingress.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.service.labels }}
{{ toYaml .Values.controller.service.labels | indent 4 }}
{{- end }}
annotations:
{{- range $key, $value := .Values.controller.service.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
spec:
{{ with .Values.controller.service.clusterIP }}clusterIP: {{ . }}{{ end }}
type: {{ .Values.controller.service.type }}
{{- if .Values.controller.service.externalTrafficPolicy }}
externalTrafficPolicy: {{ .Values.controller.service.externalTrafficPolicy }}
{{- end }}
{{- if .Values.controller.service.healthCheckNodePort }}
healthCheckNodePort: {{ .Values.controller.service.healthCheckNodePort }}
{{- end }}
ports:
{{- if .Values.controller.service.enablePorts.http }}
- name: http
port: {{ .Values.controller.service.ports.http }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.http }}
{{- if .Values.controller.service.nodePorts.http }}
nodePort: {{ .Values.controller.service.nodePorts.http }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enablePorts.https }}
- name: https
port: {{ .Values.controller.service.ports.https }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.https }}
{{- if .Values.controller.service.nodePorts.https }}
nodePort: {{ .Values.controller.service.nodePorts.https }}
{{- end }}
{{- end }}
{{- if .Values.controller.service.enablePorts.stat }}
- name: stat
port: {{ .Values.controller.service.ports.stat }}
protocol: TCP
targetPort: {{ .Values.controller.service.targetPorts.stat }}
{{- if .Values.controller.service.nodePorts.stat }}
nodePort: {{ .Values.controller.service.nodePorts.stat }}
{{- end }}
{{- end }}
{{- range .Values.controller.service.tcpPorts }}
- name: {{ .name }}-tcp
port: {{ .port }}
protocol: TCP
targetPort: {{ .targetPort }}
{{- if .nodePort }}
nodePort: {{ .nodePort }}
{{- end }}
{{- end }}
selector:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.controller.service.sessionAffinity }}
sessionAffinity: {{ .Values.controller.service.sessionAffinity }}
{{- end }}
externalIPs:
{{- if .Values.controller.service.externalIPs }}
{{ toYaml .Values.controller.service.externalIPs | indent 4 }}
{{- end -}}
{{- if (eq .Values.controller.service.type "LoadBalancer") }}
{{- if .Values.controller.service.loadBalancerIP }}
loadBalancerIP: "{{ .Values.controller.service.loadBalancerIP }}"
{{- end }}
{{- if .Values.controller.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.controller.service.loadBalancerSourceRanges | indent 4 }}
{{- end }}
{{- end }}
{{- end }}

29
charts/haproxy/haproxy/1.16.100/templates/controller-serviceaccount.yaml Normal file
View File

@ -0,0 +1,29 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if or .Values.serviceAccount.create -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubernetes-ingress.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- end -}}

41
charts/haproxy/haproxy/1.16.100/templates/controller-servicemonitor.yaml Normal file
View File

@ -0,0 +1,41 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.controller.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "kubernetes-ingress.serviceMonitorName" . }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.controller.serviceMonitor.extraLabels }}
{{ toYaml .Values.controller.serviceMonitor.extraLabels | nindent 4 }}
{{- end }}
spec:
endpoints:
{{ .Values.controller.serviceMonitor.endpoints | toYaml | nindent 4 }}
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

85
charts/haproxy/haproxy/1.16.100/templates/default-backend-deployment.yaml Normal file
View File

@ -0,0 +1,85 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
{{- if not .Values.defaultBackend.autoscaling.enabled }}
replicas: {{ .Values.defaultBackend.replicaCount }}
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- if .Values.defaultBackend.podLabels }}
{{ toYaml .Values.defaultBackend.podLabels | indent 8 }}
{{- end }}
{{- if .Values.defaultBackend.podAnnotations }}
annotations:
{{ toYaml .Values.defaultBackend.podAnnotations | indent 8 }}
{{- end }}
spec:
{{- with .Values.defaultBackend.topologySpreadConstraints }}
topologySpreadConstraints:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.controller.priorityClassName }}
priorityClassName: {{ .Values.controller.priorityClassName }}
{{- end }}
containers:
- name: {{ template "kubernetes-ingress.name" . }}-{{ .Values.defaultBackend.name }}
image: "{{ .Values.defaultBackend.image.repository }}:{{ .Values.defaultBackend.image.tag }}"
imagePullPolicy: {{ .Values.defaultBackend.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.defaultBackend.containerPort }}
protocol: TCP
{{- if .Values.defaultBackend.extraEnvs }}
env:
{{- toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.defaultBackend.resources | nindent 12 }}
{{- with .Values.defaultBackend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.defaultBackend.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
terminationGracePeriodSeconds: 60
{{- with .Values.defaultBackend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

56
charts/haproxy/haproxy/1.16.100/templates/default-backend-hpa.yaml Normal file
View File

@ -0,0 +1,56 @@
{{/*
Copyright 2020 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.defaultBackend.autoscaling.enabled .Values.defaultBackend.enabled }}
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
minReplicas: {{ .Values.defaultBackend.autoscaling.minReplicas }}
maxReplicas: {{ .Values.defaultBackend.autoscaling.maxReplicas }}
metrics:
{{- if .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.defaultBackend.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.defaultBackend.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- if .Values.defaultBackend.autoscaling.custom }}
{{- toYaml .Values.defaultBackend.autoscaling.custom | nindent 4 }}
{{- end }}
{{- end }}

64
charts/haproxy/haproxy/1.16.100/templates/default-backend-podsecuritypolicy.yaml Normal file
View File

@ -0,0 +1,64 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled }}
apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
{{- if .Values.podSecurityPolicy.annotations }}
annotations:
{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }}
{{- end }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec:
allowPrivilegeEscalation: false
allowedCapabilities:
- NET_BIND_SERVICE
defaultAllowPrivilegeEscalation: false
fsGroup:
rule: MustRunAs
ranges:
- max: 65535
min: 1
hostNetwork: false
hostIPC: false
hostPID: false
privileged: false
runAsUser:
rule: RunAsAny
seLinux:
rule: RunAsAny
supplementalGroups:
rule: MustRunAs
ranges:
- max: 65535
min: 1
volumes:
- configMap
- downwardAPI
- secret
{{- end }}

38
charts/haproxy/haproxy/1.16.100/templates/default-backend-role.yaml Normal file
View File

@ -0,0 +1,38 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
rules:
- apiGroups:
- "policy"
resources:
- podsecuritypolicies
verbs:
- use
resourceNames:
- {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
{{- end -}}

37
charts/haproxy/haproxy/1.16.100/templates/default-backend-rolebinding.yaml Normal file
View File

@ -0,0 +1,37 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.rbac.create .Values.podSecurityPolicy.enabled .Values.defaultBackend.enabled -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
subjects:
- kind: ServiceAccount
name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
{{- end -}}

44
charts/haproxy/haproxy/1.16.100/templates/default-backend-service.yaml Normal file
View File

@ -0,0 +1,44 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.defaultBackend.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- if .Values.defaultBackend.service.annotations }}
annotations:
{{ toYaml .Values.defaultBackend.service.annotations | indent 8 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: {{ .Values.defaultBackend.service.port }}
protocol: TCP
targetPort: http
selector:
app.kubernetes.io/name: {{ template "kubernetes-ingress.defaultBackend.fullname" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

29
charts/haproxy/haproxy/1.16.100/templates/default-backend-serviceaccount.yaml Normal file
View File

@ -0,0 +1,29 @@
{{/*
Copyright 2019 HAProxy Technologies LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if and .Values.serviceAccount.create .Values.defaultBackend.serviceAccount.create .Values.defaultBackend.enabled -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "kubernetes-ingress.defaultBackend.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/name: {{ template "kubernetes-ingress.name" . }}
helm.sh/chart: {{ template "kubernetes-ingress.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion }}
{{- end -}}

576
charts/haproxy/haproxy/1.16.100/values.yaml Normal file
View File

@ -0,0 +1,576 @@
# Copyright 2019 HAProxy Technologies LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
## Default values for kubernetes-ingress Chart for HAProxy Ingress Controller
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
podSecurityPolicy:
annotations: {}
## Specify pod annotations
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp
## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl
##
# apparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default
# apparmor.security.beta.kubernetes.io/defaultProfileName: runtime/default
# seccomp.security.alpha.kubernetes.io/allowedProfileNames: runtime/default
# seccomp.security.alpha.kubernetes.io/defaultProfileName: runtime/default
enabled: false
## Enable RBAC Authorization
## ref: https://kubernetes.io/docs/reference/access-authn-authz/rbac/
rbac:
create: true
## Configure Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
create: true
name:
## Controller default values
controller:
name: controller
image:
repository: haproxytech/kubernetes-ingress # can be changed to use CE or EE Controller images
tag: "{{ .Chart.AppVersion }}"
pullPolicy: IfNotPresent
## Deployment or DaemonSet pod mode
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
kind: Deployment # can be 'Deployment' or 'DaemonSet'
replicaCount: 2
## Running container without root privileges
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
unprivileged: false
## Init Containers
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
initContainers: []
# - name: sysctl
# image: "busybox:musl"
# command:
# - /bin/sh
# - -c
# - sysctl -w net.core.somaxconn=65536
# securityContext:
# privileged: true
## Pod termination grace period
## ref: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/
terminationGracePeriodSeconds: 60
## Private Registry configuration
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
imageCredentials:
registry: null
username: null
password: null
existingImagePullSecret: null
## Controller Container listener port configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
containerPort:
http: 80
https: 443
stat: 1024
## Controller Container liveness/readiness probe configuration
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/
livenessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
path: /healthz
periodSeconds: 10
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
enabled: true
failureThreshold: 3
initialDelaySeconds: 0
path: /healthz
periodSeconds: 10
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
startupProbe:
enabled: true
failureThreshold: 20
initialDelaySeconds: 0
path: /healthz
periodSeconds: 1
port: 1042
scheme: HTTP
successThreshold: 1
timeoutSeconds: 1
## Ingress Class used for ingress.class annotation in multi-ingress environments
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/#using-multiple-ingress-controllers
ingressClass: haproxy # typically "haproxy" or null to receive all events
## Ingress Class resource with additional configuration and name of the controller
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#default-ingress-class
## Note: Uses ingressClass as name for the Ingress Class object if enabled
ingressClassResource:
enabled: false
default: false
parameters: {}
## Additional labels to add to the deployment or daemonset metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
extraLabels: {}
# key: value
## Additional labels to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# key: value
## Additional annotations to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# key: value
## Ingress TLS secret, if it is enabled and secret is null then controller will use auto-generated secret, otherwise
## secret needs to contain name of the Secret object which has been created manually
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## ref: https://kubernetes.io/docs/concepts/configuration/secret/
defaultTLSSecret:
enabled: true
secretNamespace: "{{ .Release.Namespace }}"
secret: null
## Compute Resources for controller container
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
resources:
# limits:
# cpu: 100m
# memory: 64Mi
requests:
cpu: 100m
memory: 64Mi
## Horizontal Pod Scaler
## Only to be used with Deployment kind
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
autoscaling:
enabled: false
minReplicas: 2
maxReplicas: 20
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## Custom metrics (example)
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
# custom:
# - type: Pods
# pods:
# metricName: haproxy_backend_current_sessions
# targetAverageValue: 2000
## Kubernetes Event-driven Autoscaling: KEDA 2.x
## ref: https://keda.sh/docs/2.3/concepts/scaling-deployments/
## Note: mutually exclusive with HPA, enabling KEDA disables HPA
## Node: requires serviceMonitor enabled
keda:
enabled: false
minReplicas: 2
maxReplicas: 20
pollingInterval: 30
cooldownPeriod: 300
restoreToOriginalReplicaCount: false
scaledObject:
annotations: {}
behaviour: {}
# scaleDown:
# stabilizationWindowSeconds: 300
# policies:
# - type: Percent
# value: 100
# periodSeconds: 15
triggers: []
# - type: prometheus
# metadata:
# serverAddress: http://<prometheus-host>:9090
# metricName: haproxy_process_idle_time_percent
# threshold: '50'
# query: avg(100-avg_over_time(haproxy_process_idle_time_percent{container="kubernetes-ingress-controller",service="mytest-kubernetes-ingress"}[2m]))
## Pod Disruption Budget
## Only to be used with Deployment kind
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
PodDisruptionBudget:
enable: false
# maxUnavailable: 1
# minAvailable: 1
## Pod Node assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: {}
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node Affinity for pod-node scheduling constraints
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Topology spread constraints (only used in kind: Deployment)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: kubernetes-ingress
# app.kubernetes.io/instance: kubernetes-ingress
## Pod DNS Config
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
dnsConfig: {}
## Pod DNS Policy
## Change this to ClusterFirstWithHostNet in case you have useHostNetwork set to true
## ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
dnsPolicy: ClusterFirst
## Additional command line arguments to pass to Controller
## ref: https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
extraArgs: []
# - --namespace-whitelist=default
# - --namespace-whitelist=namespace1
# - --namespace-blacklist=namespace2
## Custom configuration for Controller
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation
config: {}
# timeout-connect: "250ms"
# servers-increment: "10"
# servers-increment-max-disabled: "10"
# rate-limit: "ON"
# rate-limit-expire: "1m"
# rate-limit-interval: "10s"
# rate-limit-size: "100k"
## Controller Logging configuration
logging:
## Controller logging level
## This only relevant to Controller logs
level: info
## HAProxy traffic logs
## ref: https://github.com/haproxytech/kubernetes-ingress/tree/master/documentation#logging
traffic: {}
# address: "stdout"
# format: "raw"
# facility: "daemon"
## Mirrors the address of the service's endpoints to the
## load-balancer status of all Ingress objects it satisfies.
publishService:
enabled: true
##
## Override of the publish service
## Must be <namespace>/<service_name>
pathOverride: ""
## Controller Service configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
service:
enabled: true # set to false when controller.kind is 'DaemonSet' and controller.daemonset.useHostPorts is true
type: NodePort # can be 'NodePort' or 'LoadBalancer'
## Service annotations
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
annotations: {}
## Service labels
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
labels: {}
## Health check node port
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
healthCheckNodePort: 0
## Service nodePorts to use for http, https and stat
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
## If empty, random ports will be used
nodePorts: {}
# http: 31080
# https: 31443
# stat: 31024
## Service ports to use for http, https and stat
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
ports:
http: 80
https: 443
stat: 1024
## The controller service ports for http, https and stat can be disabled by
## setting below to false - this could be useful when only deploying haproxy
## as a TCP loadbalancer
## Note: At least one port (http, https, stat or from tcpPorts) has to be enabled
enablePorts:
http: true
https: true
stat: true
## Target port mappings for http, https and stat
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
targetPorts:
http: http
https: https
stat: stat
## Additional tcp ports to expose
## This is especially useful for TCP services:
## https://github.com/haproxytech/kubernetes-ingress/blob/master/documentation/controller.md
tcpPorts: []
# - name: http-alt
# port: 8080
# targetPort: http-alt
# nodePort: 32080
## Set external traffic policy
## Default is "Cluster", setting it to "Local" preserves source IP
## Ref: https://kubernetes.io/docs/tutorials/services/source-ip/#source-ip-for-services-with-typeloadbalancer
# externalTrafficPolicy: "Local"
## Expose service via external IPs that route to one or more cluster nodes
externalIPs: []
## LoadBalancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
loadBalancerIP: ""
## Source IP ranges permitted to access Network Load Balancer
# ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/
loadBalancerSourceRanges: []
## Service ClusterIP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
# clusterIP: ""
## Service session affinity
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
# sessionAffinity: ""
## Controller DaemonSet configuration
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
daemonset:
useHostNetwork: false # also modify dnsPolicy accordingly
useHostPort: false
hostPorts:
http: 80
https: 443
stat: 1024
## Controller deployment strategy definition
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy
strategy: {}
# rollingUpdate:
# maxSurge: 25%
# maxUnavailable: 25%
# type: RollingUpdate
## Controller Pod PriorityClass
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
## Controller container lifecycle handlers
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/attach-handler-lifecycle-event/
lifecycle: {}
## Example preStop for graceful shutdown
# preStop:
# exec:
# command: ["/bin/sh", "-c", "kill -USR1 $(pidof haproxy); while killall -0 haproxy; do sleep 1; done"]
## Set additional environment variables
extraEnvs: []
## Set TZ env to configure timezone on controller containers
# - name: TZ
# value: "Etc/UTC"
## Add additional containers
extraContainers: []
## Example sidecar
# - name: sidecar
# image: alpine # alpine is a simple Linux OS image
# command: ["/bin/sh"]
# args: ["-c", "while true; do date; sleep 5;done"]
## Additional volumeMounts to the controller main container
extraVolumeMounts: []
## Example empty volume mounts when using securityContext->readOnlyRootFilesystem
# - name: etc-haproxy
# mountPath: /etc/haproxy
# - name: tmp
# mountPath: /tmp
# - name: var-state-haproxy
# mountPath: /var/state/haproxy
## Additional volumes to the controller pod
extraVolumes: []
## Example empty volumes when using securityContext->readOnlyRootFilesystem
# - name: etc-haproxy
# emptyDir: {}
# - name: tmp
# emptyDir: {}
# - name: var-state-haproxy
# emptyDir: {}
## ServiceMonitor
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/user-guides/getting-started.md
## Note: requires Prometheus Operator to be able to work, for example:
## helm install prometheus prometheus-community/kube-prometheus-stack \
## --set prometheus.prometheusSpec.podMonitorSelectorNilUsesHelmValues=false \
## --set prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues=false
serviceMonitor:
## Toggle the ServiceMonitor true if you have Prometheus Operator installed and configured
enabled: false
## Specify the labels to add to the ServiceMonitors to be selected for target discovery
extraLabels: {}
## Specify the endpoints
## ref: https://github.com/prometheus-operator/prometheus-operator/blob/master/Documentation/design.md#servicemonitor
endpoints:
- port: stat
path: /metrics
scheme: http
## Default 404 backend
defaultBackend:
enabled: true
name: default-backend
replicaCount: 2
image:
repository: k8s.gcr.io/defaultbackend-amd64
tag: 1.5
pullPolicy: IfNotPresent
runAsUser: 65534
## Compute Resources
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
resources:
# limits:
# cpu: 10m
# memory: 16Mi
requests:
cpu: 10m
memory: 16Mi
## Horizontal Pod Scaler
## Only to be used with Deployment kind
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 2
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
## Custom metrics (example)
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/#autoscaling-on-multiple-metrics-and-custom-metrics
# custom:
# - type: Pods
# pods:
# metricName: haproxy_backend_current_sessions
# targetAverageValue: 2000
## Listener port configuration
## ref: https://kubernetes.io/docs/concepts/services-networking/connect-applications-service/
containerPort: 8080
## Pod Node assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: {}
## Node Taints and Tolerations for pod-node cheduling through attraction/repelling
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
tolerations: []
# - key: "key"
# operator: "Equal|Exists"
# value: "value"
# effect: "NoSchedule|PreferNoSchedule|NoExecute(1.6 only)"
## Node Affinity for pod-node scheduling constraints
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
affinity: {}
## Topology spread constraints
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
topologySpreadConstraints: []
# - maxSkew: 1
# topologyKey: kubernetes.io/zone
# whenUnsatisfiable: DoNotSchedule
# labelSelector:
# matchLabels:
# app.kubernetes.io/name: kubernetes-ingress-kubernetes-ingress-default-backend
# app.kubernetes.io/instance: haproxy-ingress
## Additional labels to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podLabels: {}
# key: value
## Additional annotations to add to the pod container metadata
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podAnnotations: {}
# key: value
service:
## Annotations for the default backend service object
annotations: {}
# Use the controller as default backend
# haproxy.org/backend-config-snippet: http-request return status 404
## Service ports
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
port: 8080
## Configure Service Account
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
serviceAccount:
create: true
## Pod PriorityClass
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass
priorityClassName: ""
## Set additional environment variables
extraEnvs: []
## Set TZ env to configure timezone on controller containers
# - name: TZ
# value: "Etc/UTC"

23
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# Helm files
OWNERS

18
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v1
appVersion: v2.1.0
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>= 1.18'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
version: 2.1.0

1
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/LICENSE Normal file
View File

@ -0,0 +1 @@
# Placeholder for the License if we decide to provide one

41
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/README.md Normal file
View File

@ -0,0 +1,41 @@
# K8s-TrilioVault-Operator
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
## Introduction
## Prerequisites
- Kubernetes 1.13+
- Alpha feature gates should be enabled
- PV provisioner support
- CSI driver should be installed
## Installation
To install the chart with the operator name `trilio`:
```bash
# For helm version 2
helm install --name trilio k8s-triliovault-operator
# For helm version 3
helm install --name-template trilio k8s-triliovault-operator
```
The command deploys the K8s-triliovault-operator with the default configuration.
## Uninstall
To uninstall/delete the chart `trilio` :
```bash
# For helm version 2
helm delete trilio --purge
# For helm version 3
helm uninstall trilio
```
## Configuration
TODO: Add possible configuration in helm chart.

37
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/app-readme.md Normal file
View File

@ -0,0 +1,37 @@
# TrilioVault for Kubernetes
[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage
the K8s-TrilioVault Application Lifecycle.
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
Introduction:
Prerequisites:
Kubernetes 1.17+
Alpha feature gates should be enabled
PV provisioner support
CSI driver should be installed
Installation:
To install the chart with the operator name trilio:
helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator
# For helm version 3
helm install triliovault-operator triliovault-operator/k8s-triliovault-operator
The command deploys the Triliovault for Kubernetes Operator with the default configuration.
Uninstall:
To uninstall/delete the chart trilio :
# For helm version 3
helm uninstall k8s-triliovault-operator
For more information around TVM manager installation, please follow below link:
https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault

826
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/crds/triliovault.trilio.io_triliovaultmanagers.yaml Normal file
View File

@ -0,0 +1,826 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: triliovaultmanagers.triliovault.trilio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.trilioVaultAppVersion
name: TrilioVault-Version
type: string
- JSONPath: .spec.applicationScope
name: Scope
type: string
- JSONPath: .status.conditions.type
name: Status
type: string
- JSONPath: .spec.restoreNamespaces
name: Restore-Namespaces
type: string
group: triliovault.trilio.io
names:
kind: TrilioVaultManager
listKind: TrilioVaultManagerList
plural: triliovaultmanagers
shortNames:
- tvm
singular: triliovaultmanager
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
description: TrilioVaultManager is the Schema for the triliovaultmanagers API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: TrilioVaultManagerSpec defines the desired state of TrilioVaultManager
properties:
affinity:
description: The scheduling constraints on application pods.
properties:
nodeAffinity:
description: Describes node affinity scheduling rules for the pod.
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to nodes
that satisfy the affinity expressions specified by this field,
but it may choose a node that violates one or more of the
expressions. The node that is most preferred is the one with
the greatest sum of weights, i.e. for each node that meets
all of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through
the elements of this field and adding "weight" to the sum
if the node matches the corresponding matchExpressions; the
node(s) with the highest sum are the most preferred.
items:
description: An empty preferred scheduling term matches all
objects with implicit weight 0 (i.e. it's a no-op). A null
preferred scheduling term matches no objects (i.e. is also
a no-op).
properties:
preference:
description: A node selector term, associated with the
corresponding weight.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
weight:
description: Weight associated with matching the corresponding
nodeSelectorTerm, in the range 1-100.
format: int32
type: integer
required:
- preference
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to an update), the system may or may not try to
eventually evict the pod from its node.
properties:
nodeSelectorTerms:
description: Required. A list of node selector terms. The
terms are ORed.
items:
description: A null or empty node selector term matches
no objects. The requirements of them are ANDed. The
TopologySelectorTerm type implements a subset of the
NodeSelectorTerm.
properties:
matchExpressions:
description: A list of node selector requirements
by node's labels.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchFields:
description: A list of node selector requirements
by node's fields.
items:
description: A node selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: The label key that the selector
applies to.
type: string
operator:
description: Represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists, DoesNotExist. Gt, and Lt.
type: string
values:
description: An array of string values. If the
operator is In or NotIn, the values array
must be non-empty. If the operator is Exists
or DoesNotExist, the values array must be
empty. If the operator is Gt or Lt, the values
array must have a single element, which will
be interpreted as an integer. This array is
replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
type: object
type: array
required:
- nodeSelectorTerms
type: object
type: object
podAffinity:
description: Describes pod affinity scheduling rules (e.g. co-locate
this pod in the same node, zone, etc. as some other pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to nodes
that satisfy the affinity expressions specified by this field,
but it may choose a node that violates one or more of the
expressions. The node that is most preferred is the one with
the greatest sum of weights, i.e. for each node that meets
all of the scheduling requirements (resource request, requiredDuringScheduling
affinity expressions, etc.), compute a sum by iterating through
the elements of this field and adding "weight" to the sum
if the node has pods which matches the corresponding podAffinityTerm;
the node(s) with the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement is
a selector that contains values, a key, and
an operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If
the operator is Exists or DoesNotExist,
the values array must be empty. This array
is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey matches
that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the affinity requirements specified by this
field are not met at scheduling time, the pod will not be
scheduled onto the node. If the affinity requirements specified
by this field cease to be met at some point during pod execution
(e.g. due to a pod label update), the system may or may not
try to eventually evict the pod from its node. When there
are multiple elements, the lists of nodes corresponding to
each podAffinityTerm are intersected, i.e. all terms must
be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s)) that
this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of pods
is running
properties:
labelSelector:
description: A label query over a set of resources, in
this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of any
node on which any of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
podAntiAffinity:
description: Describes pod anti-affinity scheduling rules (e.g.
avoid putting this pod in the same node, zone, etc. as some other
pod(s)).
properties:
preferredDuringSchedulingIgnoredDuringExecution:
description: The scheduler will prefer to schedule pods to nodes
that satisfy the anti-affinity expressions specified by this
field, but it may choose a node that violates one or more
of the expressions. The node that is most preferred is the
one with the greatest sum of weights, i.e. for each node that
meets all of the scheduling requirements (resource request,
requiredDuringScheduling anti-affinity expressions, etc.),
compute a sum by iterating through the elements of this field
and adding "weight" to the sum if the node has pods which
matches the corresponding podAffinityTerm; the node(s) with
the highest sum are the most preferred.
items:
description: The weights of all of the matched WeightedPodAffinityTerm
fields are added per-node to find the most preferred node(s)
properties:
podAffinityTerm:
description: Required. A pod affinity term, associated
with the corresponding weight.
properties:
labelSelector:
description: A label query over a set of resources,
in this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label
selector requirements. The requirements are
ANDed.
items:
description: A label selector requirement is
a selector that contains values, a key, and
an operator that relates the key and values.
properties:
key:
description: key is the label key that the
selector applies to.
type: string
operator:
description: operator represents a key's
relationship to a set of values. Valid
operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string
values. If the operator is In or NotIn,
the values array must be non-empty. If
the operator is Exists or DoesNotExist,
the values array must be empty. This array
is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value}
pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions,
whose key field is "key", the operator is "In",
and the values array contains only "value".
The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces
the labelSelector applies to (matches against);
null or empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods
matching the labelSelector in the specified namespaces,
where co-located is defined as running on a node
whose value of the label with key topologyKey matches
that of any node on which any of the selected pods
is running. Empty topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
weight:
description: weight associated with matching the corresponding
podAffinityTerm, in the range 1-100.
format: int32
type: integer
required:
- podAffinityTerm
- weight
type: object
type: array
requiredDuringSchedulingIgnoredDuringExecution:
description: If the anti-affinity requirements specified by
this field are not met at scheduling time, the pod will not
be scheduled onto the node. If the anti-affinity requirements
specified by this field cease to be met at some point during
pod execution (e.g. due to a pod label update), the system
may or may not try to eventually evict the pod from its node.
When there are multiple elements, the lists of nodes corresponding
to each podAffinityTerm are intersected, i.e. all terms must
be satisfied.
items:
description: Defines a set of pods (namely those matching
the labelSelector relative to the given namespace(s)) that
this pod should be co-located (affinity) or not co-located
(anti-affinity) with, where co-located is defined as running
on a node whose value of the label with key <topologyKey>
matches that of any node on which a pod of the set of pods
is running
properties:
labelSelector:
description: A label query over a set of resources, in
this case pods.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: A label selector requirement is a selector
that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: operator represents a key's relationship
to a set of values. Valid operators are In,
NotIn, Exists and DoesNotExist.
type: string
values:
description: values is an array of string values.
If the operator is In or NotIn, the values
array must be non-empty. If the operator is
Exists or DoesNotExist, the values array must
be empty. This array is replaced during a
strategic merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs.
A single {key,value} in the matchLabels map is equivalent
to an element of matchExpressions, whose key field
is "key", the operator is "In", and the values array
contains only "value". The requirements are ANDed.
type: object
type: object
namespaces:
description: namespaces specifies which namespaces the
labelSelector applies to (matches against); null or
empty list means "this pod's namespace"
items:
type: string
type: array
topologyKey:
description: This pod should be co-located (affinity)
or not co-located (anti-affinity) with the pods matching
the labelSelector in the specified namespaces, where
co-located is defined as running on a node whose value
of the label with key topologyKey matches that of any
node on which any of the selected pods is running. Empty
topologyKey is not allowed.
type: string
required:
- topologyKey
type: object
type: array
type: object
type: object
applicationScope:
description: Scope for the application which will be installed in the
cluster NamespaceScope or ClusterScope
enum:
- Cluster
- Namespaced
type: string
dataJobLimits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: DataJobLimits are the resource limits for all the data
processing jobs.
type: object
deploymentLimits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: DeploymentLimits are the resource limits for all the deployments.
type: object
helmValues:
description: HelmValues holds all the additional fields in the values.yaml
of TVK helm chart.
type: object
helmVersion:
description: 'Deprecated: Helm Version'
properties:
tillerNamespace:
type: string
version:
enum:
- v3
type: string
required:
- version
type: object
metadataJobLimits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: MetadataJobLimits are the resource limits for all the meta
processing jobs.
type: object
nodeSelector:
additionalProperties:
type: string
description: NodeSelector specifies a map of key-value pairs. For the
pod to be eligible to run on a node, the node must have each of the
indicated key-value pairs as labels.
type: object
resources:
description: 'Deprecated: Resources are the resource requirements for
the containers.'
properties:
limits:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Limits describes the maximum amount of compute resources
allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
requests:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: 'Requests describes the minimum amount of compute resources
required. If Requests is omitted for a container, it defaults
to Limits if that is explicitly specified, otherwise to an implementation-defined
value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/'
type: object
type: object
restoreNamespaces:
description: 'Deprecated: RestoreNamespaces are the namespace where
you want to restore your applications. Restore Namespaces depends
on your k8s RBAC'
items:
type: string
type: array
tolerations:
description: The toleration of application against the specific taints
on the nodes
items:
description: The pod this Toleration is attached to tolerates any
taint that matches the triple <key,value,effect> using the matching
operator <operator>.
properties:
effect:
description: Effect indicates the taint effect to match. Empty
means match all taint effects. When specified, allowed values
are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: Key is the taint key that the toleration applies
to. Empty means match all taint keys. If the key is empty, operator
must be Exists; this combination means to match all values and
all keys.
type: string
operator:
description: Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal. Exists
is equivalent to wildcard for value, so that a pod can tolerate
all taints of a particular category.
type: string
tolerationSeconds:
description: TolerationSeconds represents the period of time the
toleration (which must be of effect NoExecute, otherwise this
field is ignored) tolerates the taint. By default, it is not
set, which means tolerate the taint forever (do not evict).
Zero and negative values will be treated as 0 (evict immediately)
by the system.
format: int64
type: integer
value:
description: Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise
just a regular string.
type: string
type: object
type: array
trilioVaultAppVersion:
description: Helm Chart version
type: string
required:
- applicationScope
type: object
status:
description: TrilioVaultManagerStatus defines the observed state of TrilioVaultManager
properties:
conditions:
properties:
lastTransitionTime:
format: date-time
nullable: true
type: string
message:
minLength: 0
type: string
reason:
enum:
- InstallSuccessful
- UpdateSuccessful
- UninstallSuccessful
- InstallError
- UpdateError
- ReconcileError
- UninstallError
type: string
status:
enum:
- "True"
- "False"
- Unknown
type: string
type:
enum:
- Initialized
- Deployed
- Updated
- ReleaseFailed
- Irreconcilable
type: string
type: object
deployedRelease:
properties:
manifest:
type: string
name:
type: string
type: object
releaseVersion:
type: string
required:
- conditions
type: object
type: object
version: v1
versions:
- name: v1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

3
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/templates/NOTES.txt Normal file
View File

@ -0,0 +1,3 @@
To verify that TrilioVault Operator has started, run:
kubectl --namespace={{ .Release.Namespace }} get deployments -l "release={{ .Release.Name }}"

33
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,33 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "k8s-triliovault-operator.name" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "k8s-triliovault-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper TrilioVault Operator image name
*/}}
{{- define "k8s-triliovault-operator.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}

106
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,106 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
- services
- services/finalizers
- secrets
- events
- pods
- endpoints
- configmaps
verbs:
- create
- update
- delete
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- update
- delete
- patch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- update
- delete
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- create
- update
- delete
- patch
- bind
- escalate
- apiGroups:
- triliovault.trilio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- update
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- delete
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- update
- patch
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- delete

12
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/templates/clusterrole_binding.yaml Normal file
View File

@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role
subjects:
- kind: ServiceAccount
name: k8s-triliovault-operator
namespace: {{ .Release.Namespace }}

110
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/templates/deployment.yaml Normal file
View File

@ -0,0 +1,110 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: k8s-triliovault-operator
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
selector:
matchLabels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
containers:
- name: k8s-triliovault-operator
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
- name: REGISTRY
value: {{ .Values.registry }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
volumeMounts:
{{- if .Values.tls.enable }}
- name: helm-tls-certs
mountPath: /root/.helm
readOnly: true
{{- if .Values.tls.verify }}
- name: helm-tls-ca
mountPath: /root/.helm/ca.crt
readOnly: true
{{- end }}
{{- end }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-certs
readOnly: true
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 10m
memory: 10Mi
initContainers:
- name: webhook-init
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
- name: RELEASE_VERSION
value: {{ .Chart.Version }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
- name: WEBHOOK_SERVICE
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
- name: WEBHOOK_NAMESPACE
value: {{ .Release.Namespace }}
- name: SECRET_NAME
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
serviceAccountName: k8s-triliovault-operator
{{- if .Values.nodeSelector }}
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
{{- if .Values.tls.enable }}
- name: helm-tls-certs
secret:
secretName: {{ .Values.tls.secretName }}
defaultMode: 0400
{{- if .Values.tls.verify }}
- name: helm-tls-ca
configMap:
name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config
defaultMode: 0600
{{- end }}
{{- end }}
- name: webhook-certs
secret:
defaultMode: 420
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs

24
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/templates/mutating-webhook.yaml Normal file
View File

@ -0,0 +1,24 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /mutate-triliovault-trilio-io-v1-triliovaultmanager
failurePolicy: Fail
name: v1-tvm-mutation.trilio.io
rules:
- apiGroups:
- triliovault.trilio.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- triliovaultmanagers
sideEffects: None

30
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.1.0/templates/ns-validating-webhook.yaml Normal file
View File

@ -0,0 +1,30 @@
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-core-v1-namespace
failurePolicy: Fail
name: v1-tvm-ns-validation.trilio.io
namespaceSelector:
matchExpressions:
- key: trilio-operator-label
operator: In
values:
- {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- namespaces
scope: '*'
sideEffects: None

Some files were not shown because too many files have changed in this diff Show More