andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update Vals-Operator to 0.3.0 - make charts

pull/304/head
Sergio Rua 2022-01-21 14:23:48 +00:00
parent 0e1ac6f4b8
commit 82b82b3c75
No known key found for this signature in database
GPG Key ID: AD5C658B2DA15D37
14 changed files with 613 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/vals-operator/vals-operator-0.3.1.tgz Normal file
View File

Binary file not shown.

49
charts/vals-operator/vals-operator/0.3.1/.gitignore vendored Normal file
View File

@ -0,0 +1,49 @@
# These are some examples of commonly ignored file patterns.
# You should customize this list as applicable to your project.
# Learn more about .gitignore:
# https://www.atlassian.com/git/tutorials/saving-changes/gitignore
# Node artifact files
node_modules/
dist/
# Compiled Java class files
*.class
# Compiled Python bytecode
*.py[cod]
# Log files
*.log
# Package files
*.jar
# Maven
target/
dist/
# JetBrains IDE
.idea/
# Unit test reports
TEST*.xml
# Generated by MacOS
.DS_Store
# Generated by Windows
Thumbs.db
# Applications
*.app
*.exe
*.war
# Large media files
*.mp4
*.tiff
*.avi
*.flv
*.mov
*.wmv

16
charts/vals-operator/vals-operator/0.3.1/Chart.yaml Normal file
View File

@ -0,0 +1,16 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Vals-Operator
catalog.cattle.io/release-name: vals-operator
apiVersion: v2
appVersion: v0.4.0
description: This helm chart installs the Digitalis Vals Operator to manage sync secrets
from supported backends into Kubernetes
icon: https://digitalis.io/wp-content/uploads/2020/06/cropped-Digitalis-512x512-Blue_Digitalis-512x512-Blue-32x32.png
kubeVersion: '>= 1.19'
maintainers:
- email: info@digitalis.io
name: Digitalis.IO
name: vals-operator
type: application
version: 0.3.1

35
charts/vals-operator/vals-operator/0.3.1/README.md Normal file
View File

@ -0,0 +1,35 @@
vals-operator
=============
This helm chart installs the Digitalis Vals Operator to manage sync secrets from supported backends into Kubernetes
Current chart version is `0.3.0`
## Chart Values
| Key | Type | Default | Description |
|-----|------|---------|-------------|
| affinity | object | `{}` | |
| args | list | `[]` | |
| env | list | `[]` | |
| fullnameOverride | string | `""` | |
| image.pullPolicy | string | `"IfNotPresent"` | |
| image.repository | string | `"digitalisdocker/vals-operator"` | |
| image.tag | string | `""` | |
| imagePullSecrets | list | `[]` | |
| manageCrds | bool | `true` | |
| nameOverride | string | `""` | |
| nodeSelector | object | `{}` | |
| podSecurityContext | object | `{}` | |
| replicaCount | int | `1` | |
| resources | object | `{}` | |
| secretEnv | list | `[]` | |
| securityContext | object | `{}` | |
| serviceAccount.annotations | object | `{}` | |
| serviceAccount.create | bool | `true` | |
| serviceAccount.name | string | `""` | |
| serviceMonitor.enabled | bool | `false` | |
| serviceMonitor.labels | object | `{}` | |
| tolerations | list | `[]` | |
| volumeMounts | list | `[]` | |
| volumes | list | `[]` | |

9
charts/vals-operator/vals-operator/0.3.1/app-readme.md Normal file
View File

@ -0,0 +1,9 @@
# Vals-Operator
Here at [Digitalis](https://digitalis.io) we love [vals](https://github.com/variantdev/vals), it's a tool we use daily to keep secrets stored securely. We also use [secrets-manager](https://github.com/tuenti/secrets-manager) on the Kubernetes deployment we manage. Inspired by these two wonderful tools we have created this operator.
*vals-operator* syncs secrets from any secrets store supported by [vals](https://github.com/variantdev/vals) into Kubernetes. It works very similarly to [secrets-manager](https://github.com/tuenti/secrets-manager) and the code is actually based on it. Where they differ is that it not just supports HashiCorp Vault but many other secrets stores.
## Mirroring secrets
We have also added the ability to copy secrets between namespaces. It uses the format `ref+k8s://namespace/secret#key`. This way you can keep secrets generated in one namespace in sync with any other namespace in the cluster.

130
charts/vals-operator/vals-operator/0.3.1/crds/valssecrets.yaml Normal file
View File

@ -0,0 +1,130 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.4.1
"helm.sh/hook": crd-install
"helm.sh/hook-delete-policy": "before-hook-creation"
creationTimestamp: null
name: valssecrets.digitalis.io
spec:
group: digitalis.io
names:
kind: ValsSecret
listKind: ValsSecretList
plural: valssecrets
singular: valssecret
scope: Namespaced
versions:
- name: v1
schema:
openAPIV3Schema:
description: ValsSecret is the Schema for the valssecrets API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ValsSecretSpec defines the desired state of ValsSecret
properties:
data:
additionalProperties:
properties:
encoding:
description: Encoding type for the secret. Only base64 supported.
Optional
type: string
ref:
description: Ref value to the secret in the format ref+backend://path
https://github.com/variantdev/vals
type: string
required:
- ref
type: object
type: object
databases:
items:
properties:
driver:
description: Defines the database type
type: string
hosts:
description: List of hosts to connect to, they'll be tried in
sequence until one succeeds
items:
type: string
type: array
loginCredentials:
description: Credentials to access the database
properties:
namespace:
description: Optional namespace of the secret, default current
namespace
type: string
passwordKey:
description: Key in the secret containing the database username
type: string
secretName:
description: Name of the secret containing the credentials
to be able to log in to the database
type: string
usernameKey:
description: Key in the secret containing the database username
type: string
required:
- passwordKey
- secretName
type: object
passwordKey:
description: Key in the secret containing the database username
type: string
port:
description: Database port number
type: integer
userHost:
description: Used for MySQL only, the host part for the username
type: string
usernameKey:
description: Key in the secret containing the database username
type: string
required:
- driver
- hosts
- passwordKey
type: object
type: array
name:
type: string
ttl:
format: int64
type: integer
type:
type: string
required:
- data
type: object
status:
description: ValsSecretStatus defines the observed state of ValsSecret
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

26
charts/vals-operator/vals-operator/0.3.1/questions.yaml Normal file
View File

@ -0,0 +1,26 @@
questions:
#image configurations
- variable: image.repository
default: "digitalisdocker/vals-operator"
description: image registry
type: string
label: Image Registry
group: "Container Images"
- variable: image.tag
default: "v0.3.0"
description: Image tag
type: string
label: Image Tag
group: "Container Images"
- variable: imagePullSecrets
default: ""
description: secret name to pull image
type: string
label: Image Pull Secrets
group: "Container Images"
- variable: environmentSecret
default: ""
description: "The secret containing env variables to access the backend secrets store."
label: Config Secret
type: string
group: "Settings"

0
charts/vals-operator/vals-operator/0.3.1/templates/NOTES.txt Normal file
View File

62
charts/vals-operator/vals-operator/0.3.1/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "vals-operator.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "vals-operator.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "vals-operator.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "vals-operator.labels" -}}
helm.sh/chart: {{ include "vals-operator.chart" . }}
{{ include "vals-operator.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "vals-operator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "vals-operator.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "vals-operator.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "vals-operator.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

6
charts/vals-operator/vals-operator/0.3.1/templates/crds.yaml Normal file
View File

@ -0,0 +1,6 @@
{{- if .Values.manageCrds -}}
{{- range $path, $bytes := .Files.Glob "crds/*.yaml" }}
{{ $.Files.Get $path }}
---
{{- end }}
{{- end }}

73
charts/vals-operator/vals-operator/0.3.1/templates/deployment.yaml Normal file
View File

@ -0,0 +1,73 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "vals-operator.fullname" . }}
labels:
{{- include "vals-operator.labels" . | nindent 4 }}
spec:
replicas: 1
selector:
matchLabels:
{{- include "vals-operator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "vals-operator.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "vals-operator.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.args }}
args:
{{- toYaml .Values.args | nindent 12 }}
{{- end }}
{{- if .Values.environmentSecret }}
envFrom:
- secretRef:
name: "{{ .Values.environmentSecret }}"
{{- else }}
envFrom:
{{- toYaml .Values.secretEnv | nindent 12 }}
{{- end }}
{{- if .Values.env }}
env:
{{- toYaml .Values.env | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
{{- if .Values.volumeMounts }}
volumeMounts:
{{- toYaml .Values.volumeMounts | nindent 12 }}
{{- end }}
ports:
- containerPort: {{ .Values.metricsPort | default 8080 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.volumes }}
volumes:
{{- toYaml .Values.volumes | nindent 8 }}
{{- end }}

64
charts/vals-operator/vals-operator/0.3.1/templates/serviceaccount.yaml Normal file
View File

@ -0,0 +1,64 @@
{{- if .Values.serviceAccount.create -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: vals-operator
labels:
{{- include "vals-operator.labels" . | nindent 4 }}
rules:
- apiGroups:
- ""
resources:
- "secrets"
verbs:
- "get"
- "list"
- "watch"
- "update"
- "delete"
- "create"
- apiGroups:
- ""
resources:
- "events"
verbs:
- "create"
- "patch"
- apiGroups:
- "digitalis.io"
resources:
- "valssecrets"
verbs:
- "get"
- "list"
- "watch"
- "update"
- "delete"
- "create"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: vals-operator
labels:
{{- include "vals-operator.labels" . | nindent 4 }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: vals-operator
subjects:
- kind: ServiceAccount
name: {{ include "vals-operator.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "vals-operator.serviceAccountName" . }}
labels:
{{- include "vals-operator.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}

37
charts/vals-operator/vals-operator/0.3.1/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "vals-operator.fullname" . }}
labels:
{{- if .Values.serviceMonitor.labels }}
{{ toYaml .Values.serviceMonitor.labels | nindent 4 }}
{{- else }}
app: {{ template "vals-operator.name" . }}
chart: {{ template "vals-operator.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- end }}
{{- if .Values.serviceMonitor.namespace }}
namespace: {{ .Values.serviceMonitor.namespace }}
{{- end }}
spec:
endpoints:
- targetPort: "metrics"
{{- if .Values.serviceMonitor.interval }}
interval: {{ .Values.serviceMonitor.interval }}
{{- end }}
{{- if .Values.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
{{- end }}
path: /metrics
port: {{ .Values.metricsPort | default 8080 }}
tlsConfig:
insecureSkipVerify: true
namespaceSelector:
matchNames:
- {{ .Release.Namespace }}
selector:
matchLabels:
{{- include "vals-operator.selectorLabels" . | nindent 6 }}
{{- end }}

106
charts/vals-operator/vals-operator/0.3.1/values.yaml Normal file
View File

@ -0,0 +1,106 @@
replicaCount: 1
image:
repository: digitalisdocker/vals-operator
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion.
tag: ""
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations: {}
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
manageCrds: true
# additional arguments to operator
args: []
# -exclude-namespaces string
# Comma separated list of namespaces to ignore.
# -health-probe-bind-address string
# The address the probe endpoint binds to. (default ":8081")
# -kubeconfig string
# Paths to a kubeconfig. Only required if out-of-cluster.
# -leader-elect
# Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager.
# -metrics-bind-address string
# The address the metric endpoint binds to. (default ":8080")
# -reconcile-period duration
# How often the controller will re-queue vals-operator events. (default 5s)
# -record-changes
# Records every time a secret has been updated. You can view them with kubectl describe. It may also be disabled globally and enabled per secret via the annotation 'vals-operator.digitalis.io/record: "true"' (default true)
# -ttl duration
# How often to check backend for updates. (default 5m0s)
# -watch-namespaces string
# Comma separated list of namespaces that vals-operator will watch.
# -zap-devel
# Development Mode defaults(encoder=consoleEncoder,logLevel=Debug,stackTraceLevel=Warn). Production Mode defaults(encoder=jsonEncoder,logLevel=Info,stackTraceLevel=Error) (default true)
# -zap-encoder value
# Zap log encoding (one of 'json' or 'console')
# -zap-log-level value
# Zap Level to configure the verbosity of logging. Can be one of 'debug', 'info', 'error', or any integer value > 0 which corresponds to custom debug levels of increasing verbosity
# -zap-stacktrace-level value
# Zap Level at and above which stacktraces are captured (one of 'info', 'error', 'panic').
environmentSecret: ""
# See https://github.com/variantdev/vals
# for information on setting up your backend environment.
env: []
# - name: VAULT_SKIP_VERIFY
# value: "true"
secretEnv: []
# - secretRef:
# name: aws-creds
volumes: []
# - name: creds
# secret:
# secretName: gcs-credentials
volumeMounts: []
# - name: creds
# mountPath: /secret
# readOnly: true
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
metricsPort: 8080
serviceMonitor:
# When set to true then use a ServiceMonitor to collect metrics
enabled: false
# Custom labels to use in the ServiceMonitor to be matched with a specific Prometheus
labels: {}
# Set the namespace the ServiceMonitor should be deployed to
# namespace: default
# Set how frequently Prometheus should scrape
# interval: 30s
# Set timeout for scrape
# scrapeTimeout: 10s
resources: {}
nodeSelector: {}
tolerations: []
affinity: {}