Migrated to automated workflow:

- cloudcasa/cloudcasa
  - codefresh/cf-runtime
  - confluent/confluent-for-kubernetes
  - datawiza/access-broker
  - digitalis/vals-operator
  - inaccel/fpga-operator
  - haproxy/kubernetes-ingress
  - hpe/hpe-csi-driver
  - loft/loft
  - minio/operator
  - netfoundry/ziti-host
  - new-relic/nri-bundle
  - ondat/ondat-operator
  - openebs/openebs
  - pixie/pixie-operator-chart
  - prophetstor/federatorai
  - shipa/shipa
  - speedscale/speedscale-operator
  - sysdig/sysdig
  - traefik/traefik
  - triggermesh/triggermesh
  - weka/csi-wekafsplugin

Hiding portshift-operator due to > 2 years of no releases

charts/codefresh/cf-runtime/1.7.8/Chart.yaml

@@ -0,0 +1,12 @@
+annotations:
+  catalog.cattle.io/certified: partner
+  catalog.cattle.io/display-name: Codefresh
+  catalog.cattle.io/kube-version: '>=1.18-0'
+  catalog.cattle.io/release-name: cf-runtime
+apiVersion: v2
+appVersion: 1.7.8
+description: A Helm chart for Codefresh Runner
+icon: https://partner-charts.rancher.io/assets/logos/codefresh.jpg
+name: cf-runtime
+type: application
+version: 1.7.8

charts/codefresh/cf-runtime/1.7.8/README.md

@@ -0,0 +1,23 @@
+# cf-runtime helm chart
+To install the [Codefresh Runner](https://codefresh.io/docs/docs/administration/codefresh-runner/) using helm you need to follow these steps:
+
+1. Download the Codefresh CLI and authenticate it with your Codefresh account. Click [here](https://codefresh-io.github.io/cli/getting-started/) for more detailed instructions.
+2. Run the following command to create all of the necessary enitites in Codefresh:
+   
+    ```
+    codefresh runner init --generate-helm-values-file
+    ```
+
+   * This will not install anything on your cluster, except for running cluster acceptance tests, which may be skipped using the `--skip-cluster-test` option).
+   * This command will also generate a `generated_values.yaml` file in your current directory, which you will need to provide to the `helm install` command later.
+3. Now run the following to complete the installation: 
+
+    ```
+    helm repo add cf-runtime https://chartmuseum.codefresh.io/cf-runtime
+    
+    helm install cf-runtime cf-runtime/cf-runtime -f ./generated_values.yaml --create-namespace --namespace codefresh
+    ```
+4. At this point you should have a working Codefresh Runner. You can verify the installation by running: 
+    ```
+    codefresh runner execute-test-pipeline --runtime-name <runtime-name>
+    ```

charts/codefresh/cf-runtime/1.7.8/templates/_helpers.tpl

@@ -0,0 +1,51 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-runtime.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-runtime.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "cf-runtime.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-runtime.labels" -}}
+helm.sh/chart: {{ include "cf-runtime.chart" . }}
+{{ include "cf-runtime.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-runtime.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/app-proxy/_helpers.tpl

@@ -0,0 +1,39 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-app-proxy.name" -}}
+    {{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-app-proxy.fullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-app-proxy.labels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: app-proxy
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-app-proxy.selectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: app-proxy
+{{- end }}
+
+{{- define "cf-app-proxy.docker-image" -}}
+{{- if ne .Values.dockerRegistry ""}}
+{{- .Values.dockerRegistry }}/{{ .Values.appProxy.image }}
+{{- else }}
+{{- .Values.appProxy.image }}
+{{- end }}
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/app-proxy/deployment.app-proxy.yaml

@@ -0,0 +1,58 @@
+{{ if .Values.appProxy.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cf-app-proxy.fullname" . }}
+  labels: {{- include "cf-app-proxy.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels:  {{- include "cf-app-proxy.selectorLabels" . | nindent 6 }}
+  replicas: 1
+  revisionHistoryLimit: 5
+  strategy:
+    rollingUpdate:
+      maxSurge: 50%
+      maxUnavailable: 50%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels: {{- include "cf-app-proxy.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "cf-app-proxy.fullname" . }}
+      containers:
+        - name: app-proxy
+          image: {{ include "cf-app-proxy.docker-image" . }}
+          imagePullPolicy: Always
+          resources:
+{{ toYaml .Values.appProxy.resources | indent 12 }}
+          env:
+            {{- if .Values.appProxy.env }}
+            {{- range $key, $value := .Values.appProxy.env }}
+            - name: {{ $key }}
+              value: "{{ $value}}"
+            {{- end}}
+            {{- end}}
+            - name: PORT
+              value: "3000"
+            - name: CODEFRESH_HOST
+              value: {{ .Values.global.codefreshHost }}
+            {{ if .Values.appProxy.ingress.pathPrefix }}
+            - name: API_PATH_PREFIX
+              value: {{ .Values.appProxy.ingress.pathPrefix }}
+            {{ end }}
+            {{- if .Values.newRelicLicense }}
+            - name: NEWRELIC_LICENSE_KEY
+              value: {{ .Values.newRelicLicense }}
+          {{- end }}
+          ports:
+            - containerPort: 3000
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 3000
+            periodSeconds: 5
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
+{{end}}

charts/codefresh/cf-runtime/1.7.8/templates/app-proxy/ingress.app-proxy.yaml

@@ -0,0 +1,32 @@
+{{ if .Values.appProxy.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ include "cf-app-proxy.fullname" . }}
+  labels: {{- include "cf-app-proxy.labels" . | nindent 4 }}
+  annotations:
+    {{ range $key, $value := .Values.appProxy.ingress.annotations }}
+    {{ $key }}: {{ $value | quote }}
+    {{ end }}
+spec:
+  {{ if .Values.appProxy.ingress.class }}
+  ingressClassName: {{ .Values.appProxy.ingress.class }}
+  {{ end }}
+  rules:
+    - host: {{ .Values.appProxy.ingress.host }}
+      http:
+        paths:
+          - path: {{ if .Values.appProxy.ingress.pathPrefix }}{{ .Values.appProxy.ingress.pathPrefix }}{{ else }}'/'{{end}}
+            pathType: ImplementationSpecific
+            backend:
+              service:
+                name: app-proxy
+                port:
+                  number: 80
+  {{ if .Values.appProxy.ingress.tlsSecret }}
+  tls:
+    - hosts:
+        - {{ .Values.appProxy.ingress.host }}
+      secretName: {{ .Values.appProxy.ingress.tlsSecret }}
+  {{ end }}
+{{ end }}

charts/codefresh/cf-runtime/1.7.8/templates/app-proxy/role-binding.app-proxy.yaml

@@ -0,0 +1,15 @@
+{{ if .Values.appProxy.enabled }}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-app-proxy.fullname" . }}
+  labels: {{- include "cf-app-proxy.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cf-app-proxy.fullname" . }} # this service account can get secrets cluster-wide (all namespaces)
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "cf-app-proxy.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io
+{{ end }}

charts/codefresh/cf-runtime/1.7.8/templates/app-proxy/role.app-proxy.yaml

@@ -0,0 +1,11 @@
+{{ if .Values.appProxy.enabled }}
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-app-proxy.fullname" . }}
+  labels: {{- include "cf-app-proxy.labels" . | nindent 4 }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "secrets" ]
+    verbs: [ "get" ]
+{{end}}

charts/codefresh/cf-runtime/1.7.8/templates/app-proxy/service-account.app-proxy.yaml

@@ -0,0 +1,11 @@
+{{ if .Values.appProxy.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cf-app-proxy.fullname" . }}
+  labels: {{- include "cf-app-proxy.labels" . | nindent 4 }}
+  annotations:
+  {{ range $key, $value := .Values.appProxy.serviceAccount.annotations }}
+    {{ $key }}: {{ $value | quote }}
+  {{ end }}
+{{ end }}

charts/codefresh/cf-runtime/1.7.8/templates/app-proxy/service.app-proxy.yaml

@@ -0,0 +1,13 @@
+{{ if .Values.appProxy.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cf-app-proxy.fullname" . }}
+  labels: {{- include "cf-app-proxy.labels" . | nindent 4 }}
+spec:
+  selector: {{ include "cf-app-proxy.selectorLabels" . | nindent 4 }}
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 3000
+{{ end }}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/_helpers.tpl

@@ -0,0 +1,54 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-monitor.name" -}}
+    {{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-monitor.fullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "cf-monitor.rollbackFullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor-rollback" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-monitor.labels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: monitor
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-monitor.selectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: monitor
+{{- end }}
+
+{{- define "cf-monitor.docker-image" -}}
+{{- if ne .Values.dockerRegistry ""}}
+{{- .Values.dockerRegistry }}/{{ .Values.monitor.image }}
+{{- else }}
+{{- .Values.monitor.image }}
+{{- end }}
+{{- end }}
+
+{{/*
+Get the token secret.
+*/}}
+{{- define "cf-monitor.secretTokenName" -}}
+    {{- if .Values.monitor.existingMonitorToken -}}
+        {{- printf "%s" (tpl .Values.monitor.existingMonitorToken $) -}}
+    {{- else -}}
+        {{- printf "%s" (include "cf-monitor.fullname" .) -}}
+    {{- end -}}
+{{- end -}}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/deployment.monitor.yaml

@@ -0,0 +1,70 @@
+{{- if .Values.monitor.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cf-monitor.fullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 50%
+      maxSurge: 50%
+  selector:
+    matchLabels: {{- include "cf-monitor.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels: {{- include "cf-monitor.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "cf-monitor.fullname" . }}
+      containers:
+        - name: monitor
+          resources:
+{{ toYaml .Values.monitor.resources | indent 12 }}
+          image: {{ include "cf-monitor.docker-image" . }}
+          imagePullPolicy: Always
+          env:
+            {{- if .Values.monitor.env }}
+            {{- range $key, $value := .Values.monitor.env }}
+            - name: {{ $key }}
+              value: "{{ $value}}"
+            {{- end}}
+            {{- end}}
+            - name: SERVICE_NAME
+              value: {{ include "cf-monitor.fullname" . }}
+            {{- if .Values.monitor.useNamespaceWideRole  }} # not use cluster role
+            - name: ROLE_BINDING
+              value: "true"
+            {{- end }}
+            - name: PORT
+              value: "9020"
+            - name: API_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "cf-monitor.secretTokenName" . }}
+                  key: codefresh.token
+            - name: CLUSTER_ID
+              value: {{ .Values.monitor.clusterId }}
+            - name: API_URL
+              value: {{ .Values.global.codefreshHost }}/api/k8s-monitor/events
+            - name: ACCOUNT_ID
+              value: user
+            - name: HELM3
+              value: "{{ .Values.monitor.helm3 }}"
+            - name: NAMESPACE
+              value: "{{ .Release.Namespace }}"
+            - name: NODE_OPTIONS
+              value: "--max_old_space_size=4096"
+          ports:
+            - containerPort: 9020
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /api/ping
+              port: 9020
+            periodSeconds: 5
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
+  {{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/role.monitor.yaml

@@ -0,0 +1,44 @@
+{{- if and .Values.monitor.enabled }}
+{{- if .Values.monitor.useNamespaceWideRole }}
+kind: Role
+{{- else }}
+kind: ClusterRole
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-monitor.fullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+      - ""
+    resources: [ "*" ]
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - delete
+  - apiGroups:
+      - ""
+    resources: [ "pods" ]
+    verbs:
+      - get
+      - list
+      - watch
+      - create
+      - deletecollection
+  - apiGroups:
+      - extensions
+    resources: [ "*" ]
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apps
+    resources: [ "*" ]
+    verbs:
+      - get
+      - list
+      - watch
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/rolebinding.monitor.yaml

@@ -0,0 +1,23 @@
+{{- if and .Values.monitor.enabled }}
+{{- if .Values.monitor.useNamespaceWideRole }}
+kind: RoleBinding
+{{- else }}
+kind: ClusterRoleBinding
+{{- end }}
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-monitor.fullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cf-monitor.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  {{- if .Values.monitor.useNamespaceWideRole }}
+  kind: Role
+  {{- else }}
+  kind: ClusterRole
+  {{- end }}
+  name: {{ include "cf-monitor.fullname" . }}
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/rollback-role-binding.monitor.yaml

@@ -0,0 +1,14 @@
+{{- if and .Values.monitor.enabled }}
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-monitor.rollbackFullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cf-monitor.rollbackFullname" .}}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: cluster-admin
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/rollback-serviceaccount.monitor.yaml

@@ -0,0 +1,11 @@
+{{- if and .Values.monitor.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cf-monitor.rollbackFullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+  annotations:
+    {{ range $key, $value := .Values.monitor.serviceAccount.annotations }}
+    {{ $key }}: {{ $value }}
+    {{ end }}
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/secret.monitor.yaml

@@ -0,0 +1,10 @@
+{{- if (not .Values.monitor.existingMonitorToken ) -}}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ include "cf-monitor.fullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+data:
+  codefresh.token: {{ .Values.monitor.token | b64enc }}
+{{- end -}}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/service-account.monitor.yaml

@@ -0,0 +1,11 @@
+{{- if and .Values.monitor.enabled }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cf-monitor.fullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+  annotations:
+    {{ range $key, $value := .Values.monitor.serviceAccount.annotations }}
+    {{ $key }}: {{ $value }}
+    {{ end }}
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/monitor/service.monitor.yaml

@@ -0,0 +1,15 @@
+{{- if and .Values.monitor.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "cf-monitor.fullname" . }}
+  labels: {{- include "cf-monitor.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: "http"
+      port: 80
+      protocol: TCP
+      targetPort: 9020
+  selector: {{- include "cf-monitor.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/re/_helpers.tpl

@@ -0,0 +1,31 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-re.name" -}}
+    {{- printf "%s-%s" (include "cf-runtime.name" .) "re" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-re.fullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "re" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-re.labels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: runtime
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-re.selectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: runtime
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/re/codefresh-certs-server-secret.re.yaml

@@ -0,0 +1,13 @@
+{{- if (not .Values.global.existingDindCertsSecret ) -}}
+apiVersion: v1
+type: Opaque
+kind: Secret
+metadata:
+  {{/* has to be a constant */}}
+  name: codefresh-certs-server
+  labels: {{- include "cf-re.labels" . | nindent 4 }}
+data:
+  server-cert.pem: {{ .Values.global.keys.serverCert | b64enc }}
+  server-key.pem: {{ .Values.global.keys.key | b64enc }}
+  ca.pem: {{ .Values.global.keys.ca | b64enc }}
+{{- end -}}

charts/codefresh/cf-runtime/1.7.8/templates/re/dind-daemon-conf.re.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  {{/* has to be a constant */}}
+  name: codefresh-dind-config
+data:
+  daemon.json: |
+{{ .Values.re.dindDaemon | toPrettyJson | indent 4 }}

charts/codefresh/cf-runtime/1.7.8/templates/re/dind-headless-service.re.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: dind
+  {{/* has to be a constant */}}
+  name: dind
+spec:
+  ports:
+  - name: "dind-port"
+    port: 1300
+    protocol: TCP
+
+  # This is a headless service, Kubernetes won't assign a VIP for it.
+  # *.dind.default.svc.cluster.local
+  clusterIP: None
+  selector:
+    app: dind

charts/codefresh/cf-runtime/1.7.8/templates/re/role.engine.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: codefresh-engine
+  labels: {{- include "cf-re.labels" . | nindent 4 }}
+rules:
+  - apiGroups:
+    - ""
+    resources:
+    - secrets
+    verbs:
+    - get

charts/codefresh/cf-runtime/1.7.8/templates/re/rolebinding.engine.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: codefresh-engine
+  labels: {{- include "cf-re.labels" . | nindent 4 }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: codefresh-engine
+subjects:
+  - kind: ServiceAccount
+    name: codefresh-engine

charts/codefresh/cf-runtime/1.7.8/templates/re/service-account.re.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  {{- /* has to be a constant */}}
+  name: codefresh-engine
+  labels: {{- include "cf-re.labels" . | nindent 4 }}
+{{- if .Values.re.serviceAccount }}
+  annotations: 
+    {{- range $key, $value := .Values.re.serviceAccount.annotations }}
+    {{ $key }}: {{ $value }}
+  {{- end}}
+{{- end}}

charts/codefresh/cf-runtime/1.7.8/templates/venona/_helpers.tpl

@@ -0,0 +1,50 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-runner.name" -}}
+    {{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "cf-runner.fullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-runner.labels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: runner
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-runner.selectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: runner
+{{- end }}
+
+{{- define "cf-runner.docker-image" -}}
+{{- if ne .Values.dockerRegistry ""}}
+{{- .Values.dockerRegistry }}/{{ .Values.runner.image }}
+{{- else }}
+{{- .Values.runner.image }}
+{{- end}}
+{{- end }}
+
+{{/*
+Get the token secret.
+*/}}
+{{- define "cf-runner.secretTokenName" -}}
+    {{- if .Values.global.existingAgentToken -}}
+        {{- printf "%s" (tpl .Values.global.existingAgentToken $) -}}
+    {{- else -}}
+        {{- printf "%s" (include "cf-runner.fullname" .) -}}
+    {{- end -}}
+{{- end -}}

charts/codefresh/cf-runtime/1.7.8/templates/venona/deployment.runner.yaml

@@ -0,0 +1,82 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cf-runner.fullname" . }}
+  labels: {{- include "cf-runner.labels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels: {{- include "cf-runner.selectorLabels" . | nindent 6 }}
+  replicas: 1
+  revisionHistoryLimit: 5
+  strategy:
+    rollingUpdate:
+      maxSurge: 50%
+      maxUnavailable: 50%
+    type: RollingUpdate
+  template:
+    metadata:
+      labels: {{- include "cf-runner.labels" . | nindent 8 }}
+    spec:
+      serviceAccountName: {{ include "cf-runner.fullname" . }}
+      {{- if .Values.runner.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.runner.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.runner.tolerations }}
+      tolerations:
+{{ toYaml .Values.runner.tolerations | indent 8 }}
+      {{- end }}
+      containers:
+        - name: runner
+          env:
+            {{- if .Values.runner.env }}
+            {{- range $key, $value := .Values.runner.env }}
+            - name: {{ $key }}
+              value: "{{ $value}}"
+            {{- end}}
+            {{- end}}
+            - name: SELF_DEPLOYMENT_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: CODEFRESH_TOKEN
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "cf-runner.secretTokenName" . }}
+                  key: codefresh.token
+            - name: CODEFRESH_IN_CLUSTER_RUNTIME
+              value: {{ .Values.global.runtimeName }}
+            - name: CODEFRESH_HOST
+              value: {{ .Values.global.codefreshHost }}
+            - name: AGENT_MODE
+              value: InCluster
+            - name: "AGENT_ID" {{/* agent name */}}
+              value: {{ .Values.global.agentName }}
+            {{- if ne .Values.dockerRegistry "" }}
+            - name: DOCKER_REGISTRY
+              value: {{ .Values.dockerRegistry }}
+            {{- end }}
+            {{- if .Values.newRelicLicense }}
+            - name: NEWRELIC_LICENSE_KEY
+              value: {{ .Values.newRelicLicense }}
+          {{- end }}
+          image: {{ include "cf-runner.docker-image" . }}
+          ports:
+            - containerPort: 8080
+              protocol: TCP
+          readinessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+            periodSeconds: 5
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
+          imagePullPolicy: Always
+          resources:
+{{ toYaml .Values.runner.resources | indent 12  }}
+      securityContext:
+        runAsUser: 10001
+        runAsGroup: 10001
+        fsGroup: 10001
+      restartPolicy: Always

charts/codefresh/cf-runtime/1.7.8/templates/venona/role-binding.runner.yaml

@@ -0,0 +1,12 @@
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-runner.fullname" . }}
+  labels: {{- include "cf-runner.labels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cf-runner.fullname" . }}
+roleRef:
+  kind: Role
+  name: {{ include "cf-runner.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io

charts/codefresh/cf-runtime/1.7.8/templates/venona/role.runner.yaml

@@ -0,0 +1,8 @@
+kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-runner.fullname" . }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "pods", "persistentvolumeclaims" ]
+    verbs: [ "get", "create", "delete" ]

charts/codefresh/cf-runtime/1.7.8/templates/venona/secret.runner.yaml

@@ -0,0 +1,10 @@
+{{- if (not .Values.global.existingAgentToken ) -}}
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: {{ include "cf-runner.fullname" . }}
+  labels: {{- include "cf-runner.labels" . | nindent 4 }}
+data:
+  codefresh.token: {{ .Values.global.agentToken | b64enc }}
+{{- end -}}

charts/codefresh/cf-runtime/1.7.8/templates/venona/service-account.runner.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cf-runner.fullname" . }}
+  labels: {{- include "cf-runner.labels" . | nindent 4 }}

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/_helpers.tpl

@@ -0,0 +1,85 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "cf-vp.name" -}}
+    {{- printf "%s-%s" (include "cf-runtime.name" .) "vp" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "cf-vp.fullname" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "cf-vp.provisionerName" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "cf-vp.monitorName" -}}
+    {{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{- define "cf-vp.volumeProvisionerName" -}}
+    codefresh.io/dind-volume-provisioner-runner-{{ .Release.Namespace }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-vp.monitorLabels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: lv-monitor
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-vp.monitorSelectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: lv-monitor
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-vp.provisionerLabels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: volume-provisioner
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "cf-vp.provisionerSelectorLabels" -}}
+{{ include "cf-runtime.selectorLabels" . }}
+codefresh.io/application: volume-provisioner
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "cf-vp.cleanupLabels" -}}
+{{ include "cf-runtime.labels" . }}
+codefresh.io/application: pv-cleanup
+{{- end }}
+
+
+{{- define "cf-vp.docker-image-volume-utils" -}}
+{{- if ne .Values.dockerRegistry ""}}
+{{- .Values.dockerRegistry }}/codefresh/dind-volume-utils:1.29.0
+{{- else }}codefresh/dind-volume-utils:1.29.0
+{{- end}}
+{{- end }}
+
+{{- define "cf-vp.docker-image-volume-provisioner" -}}
+{{- if ne .Values.dockerRegistry ""}}
+{{- .Values.dockerRegistry }}/{{ .Values.volumeProvisioner.image }}
+{{- else }}
+{{- .Values.volumeProvisioner.image }}
+{{- end }}
+{{- end }}
+
+{{- define "cf-vp.docker-image-cleanup-cron" -}}
+{{- if ne .Values.dockerRegistry ""}}
+{{- .Values.dockerRegistry }}/codefresh/dind-volume-cleanup
+{{- else }}codefresh/dind-volume-cleanup
+{{- end}}
+{{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/cluster-role-binding.dind-volume-provisioner.vp.yaml

@@ -0,0 +1,13 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-vp.fullname" . }}
+  labels: {{- include "cf-vp.provisionerLabels" . | nindent 4 }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "cf-vp.fullname" . }}
+    namespace: {{ .Release.Namespace }}
+roleRef:
+  kind: ClusterRole
+  name: {{ include "cf-vp.fullname" . }}
+  apiGroup: rbac.authorization.k8s.io

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/cluster-role.dind-volume-provisioner.vp.yaml

@@ -0,0 +1,30 @@
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: {{ include "cf-vp.fullname" . }}
+  labels: {{- include "cf-vp.provisionerLabels" . | nindent 4 }}
+rules:
+  - apiGroups: [ "" ]
+    resources: [ "persistentvolumes" ]
+    verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "persistentvolumeclaims" ]
+    verbs: [ "get", "list", "watch", "update" ]
+  - apiGroups: [ "storage.k8s.io" ]
+    resources: [ "storageclasses" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "events" ]
+    verbs: [ "list", "watch", "create", "update", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "secrets" ]
+    verbs: [ "get", "list" ]
+  - apiGroups: [ "" ]
+    resources: [ "nodes" ]
+    verbs: [ "get", "list", "watch" ]
+  - apiGroups: [ "" ]
+    resources: [ "pods" ]
+    verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
+  - apiGroups: [ "" ]
+    resources: [ "endpoints" ]
+    verbs: [ "get", "list", "watch", "create", "update", "delete" ]

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/cron-job.dind-volume-cleanup.vp.yaml

@@ -0,0 +1,25 @@
+{{- if not (eq .Values.storage.backend "local") }}
+apiVersion: batch/v1beta1
+kind: CronJob
+metadata:
+  name: {{ include "cf-vp.fullname" . }}
+  labels: {{- include "cf-vp.cleanupLabels" . | nindent 4 }}
+spec:
+  schedule: "0,10,20,30,40,50 * * * *"
+  concurrencyPolicy: Forbid
+  {{- if eq .Values.storage.backend "local" }}
+  suspend: true
+  {{- end }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+          serviceAccountName: {{ include "cf-vp.fullname" . }}
+          restartPolicy: Never
+          containers:
+            - name: dind-volume-cleanup
+              image: {{ include "cf-vp.docker-image-cleanup-cron" . }}
+              env:
+                - name: PROVISIONED_BY
+                  value: {{ include "cf-vp.volumeProvisionerName" . }}
+  {{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/daemonset.dind-lv-monitor.vp.yaml

@@ -0,0 +1,58 @@
+{{- if eq .Values.storage.backend "local" -}}
+  {{- $localVolumeParentDir := .Values.storage.local.volumeParentDir  }}
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: {{ include "cf-vp.monitorName" . }}
+  labels: {{- include "cf-vp.monitorLabels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels: {{- include "cf-vp.monitorSelectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      labels: {{- include "cf-vp.monitorLabels" . | nindent 8 }}
+      annotations:
+        prometheus_port: "9100"
+        prometheus_scrape: "true"
+    spec:
+      serviceAccountName: {{ include "cf-vp.fullname" . }}
+      {{- if .Values.storage.localVolumeMonitor.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.storage.localVolumeMonitor.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations:
+        - key: 'codefresh/dind'
+          operator: 'Exists'
+          effect: 'NoSchedule'
+      {{- if .Values.storage.localVolumeMonitor.tolerations }}
+{{ toYaml .Values.storage.localVolumeMonitor.tolerations | indent 8 }}
+      {{- end }}
+      containers:
+        - image: {{ include "cf-vp.docker-image-volume-utils" . }}
+          name: lv-cleaner
+          imagePullPolicy: Always
+          resources: {{ toYaml .Values.storage.localVolumeMonitor.resources | nindent 12 }}
+          command:
+            - /bin/local-volumes-agent
+          env:
+            {{- if .Values.storage.localVolumeMonitor.env }}
+            {{- range $key, $value := .Values.storage.localVolumeMonitor.env }}
+            - name: {{ $key }}
+              value: "{{ $value}}"
+            {{- end}}
+            {{- end}}
+            - name: NODE_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+            - name: VOLUME_PARENT_DIR
+              value: {{ $localVolumeParentDir }}
+          volumeMounts:
+            - mountPath: {{ $localVolumeParentDir }}
+              readOnly: false
+              name: dind-volume-dir
+      volumes:
+        - name: dind-volume-dir
+          hostPath:
+            path: {{ $localVolumeParentDir }}
+  {{- end -}}

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/deployment.dind-volume-provisioner.vp.yaml

@@ -0,0 +1,94 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "cf-vp.provisionerName" . }}
+  labels: {{- include "cf-vp.provisionerLabels" . | nindent 4 }}
+spec:
+  selector:
+    matchLabels: {{- include "cf-vp.provisionerSelectorLabels" . | nindent 6 }}
+  replicas: 1
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels: {{- include "cf-vp.provisionerLabels" . | nindent 9 }}
+    spec:
+      serviceAccountName: {{ include "cf-vp.fullname" . }}
+      {{- if .Values.volumeProvisioner.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.volumeProvisioner.nodeSelector | indent 8 }}
+      {{- end }}
+      tolerations:
+      {{- if .Values.volumeProvisioner.tolerations }}
+{{ toYaml .Values.volumeProvisioner.tolerations | indent 8 }}
+      {{- end }}      
+      containers:
+        - name: dind-volume-provisioner
+          {{- if .Values.volumeProvisioner.resources }}
+          resources:
+{{ toYaml .Values.volumeProvisioner.resources | indent 12 }}
+          {{- end }}      
+          image: {{ include "cf-vp.docker-image-volume-provisioner" . }}
+          imagePullPolicy: Always
+          command:
+            - /usr/local/bin/dind-volume-provisioner
+            - -v=4
+            - --resync-period=50s
+          env:
+            {{- if .Values.volumeProvisioner.env }}
+            {{- range $key, $value := .Values.volumeProvisioner.env }}
+            - name: {{ $key }}
+              value: "{{ $value}}"
+            {{- end}}
+            {{- end}}
+            - name: PROVISIONER_NAME
+              value: {{ include "cf-vp.volumeProvisionerName" . }}
+            {{- if ne .Values.dockerRegistry "" }}
+            - name: DOCKER_REGISTRY
+              value: {{ .Values.dockerRegistry }}
+            {{- end }}
+            {{- if .Values.storage.ebs.accessKeyId }}
+            - name: AWS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: dind-volume-provisioner
+                  key: aws_access_key_id
+            {{- end }}
+            {{- if .Values.storage.ebs.secretAccessKey }}
+            - name: AWS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: dind-volume-provisioner
+                  key: aws_secret_access_key
+            {{- end }}
+            {{- if .Values.storage.gcedisk.serviceAccountJson }}
+            - name: GOOGLE_APPLICATION_CREDENTIALS
+              value: /etc/dind-volume-provisioner/credentials/google-service-account.json
+            {{- end }}
+            {{- if .Values.volumeProvisioner.mountAzureJson }}
+            - name: AZURE_CREDENTIAL_FILE
+              value: "/etc/kubernetes/azure.json"
+          {{- end }}
+          volumeMounts:
+            {{- if .Values.volumeProvisioner.mountAzureJson }}
+            - name: azure-json
+              readOnly: true
+              mountPath: "/etc/kubernetes/azure.json"
+            {{- end }}
+            {{- if .Values.storage.gcedisk.serviceAccountJson }}
+            - name: credentials
+              readOnly: true
+              mountPath: "/etc/dind-volume-provisioner/credentials"
+      {{- end }}
+      volumes:
+        {{- if .Values.volumeProvisioner.mountAzureJson }}
+        - name: azure-json
+          hostPath:
+            path: /etc/kubernetes/azure.json
+            type: File
+        {{- end }}
+        {{- if .Values.storage.gcedisk.serviceAccountJson }}
+        - name: credentials
+          secret:
+            secretName: dind-volume-provisioner
+  {{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/secret.dind-volume-provisioner.vp.yaml

@@ -0,0 +1,17 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: dind-volume-provisioner
+  labels:
+    app: dind-volume-provisioner
+data:
+  {{- if .Values.storage.gcedisk.serviceAccountJson }}
+  google-service-account.json: {{ .Values.storage.gcedisk.serviceAccountJson | b64enc }}
+  {{- end }}
+  {{- if .Values.storage.ebs.accessKeyId }}
+  aws_access_key_id: {{ .Values.storage.ebs.accessKeyId | b64enc }}
+  {{- end }}
+  {{- if .Values.storage.ebs.secretAccessKey }}
+  aws_secret_access_key: {{ .Values.storage.ebs.secretAccessKey | b64enc }}
+  {{- end }}

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/service-account.dind-volume-provisioner.vp.yaml

@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "cf-vp.fullname" . }}
+  labels: {{- include "cf-vp.provisionerLabels" . | nindent 4 }}
+  annotations:
+{{- if .Values.volumeProvisioner.serviceAccount }}
+    {{- range $key, $value := .Values.volumeProvisioner.serviceAccount.annotations }}
+    {{ $key }}: {{ $value }}
+  {{- end}}
+{{- end}}

charts/codefresh/cf-runtime/1.7.8/templates/volume-provisioner/storageclass.dind-volume-provisioner.vp.yaml

@@ -0,0 +1,61 @@
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  {{/* has to be exactly that */}}
+  name: dind-local-volumes-runner-{{.Values.global.namespace}}
+  labels:
+    app: dind-volume-provisioner
+  {{/*  annotations:*/}}
+  {{/*    {{ range $key, $value := .Values.Storage.Annotations }}*/}}
+  {{/*    {{ $key }}: {{ $value }}*/}}
+  {{/*  {{ end }}*/}}
+provisioner: {{ include "cf-vp.volumeProvisionerName" . }}
+parameters:
+  {{- if eq .Values.storage.backend "local" }}
+
+  volumeBackend: local
+  volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
+
+  {{- else if eq .Values.storage.backend "gcedisk" }}
+
+  volumeBackend: {{ .Values.storage.backend }}
+  type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
+  zone: {{ .Values.storage.gcedisk.availabilityZone }}
+  fsType: {{ .Values.storage.fsType | default "ext4" }}
+
+  {{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
+  volumeBackend: {{ .Values.storage.backend }}
+  VolumeType: {{ .Values.storage.ebs.volumeType | default "gp2" }}
+  AvailabilityZone: {{ .Values.storage.ebs.availabilityZone }}
+  fsType: {{ .Values.storage.fsType | default "ext4" }}
+  encrypted: "{{ .Values.storage.ebs.encrypted | default "false" }}"
+  {{ if .Values.storage.ebs.kmsKeyId }}
+  kmsKeyId: {{ .Values.storage.ebs.kmsKeyId }}
+  {{- end }}
+  {{- if .Values.storage.ebs.iops }}
+  iops: {{ .Values.storage.ebs.iops | quote }}
+  {{- end }}
+  {{- if .Values.storage.ebs.throughput }}
+  throughput: {{ .Values.storage.ebs.throughput | quote }}
+  {{- end }}
+
+
+  {{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
+  volumeBackend: {{ .Values.storage.backend }}
+  kind: managed
+  skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
+  fsType: {{ .Values.storage.fsType | default "ext4" }}
+  cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
+
+  {{- if .Values.storage.azuredisk.location }}
+  location: {{ .Values.storage.azuredisk.location }}
+  {{- end }}
+  {{/* azure location */}}
+
+  {{- if .Values.storage.azuredisk.resourceGroup }}
+  resourceGroup: {{ .Values.storage.azuredisk.resourceGroup }}
+  {{- end }}
+  {{/* azure resource group*/}}
+
+  {{- end }}
+  {{/* if azuredisk*/}}

charts/codefresh/cf-runtime/1.7.8/values.yaml

@@ -0,0 +1,214 @@
+# global values are in generated_values.yaml
+# run `codefresh runner init --generate-helm-values-file` first
+global:
+  namespace: ""
+  codefreshHost: ""
+  agentToken: ""
+  # Existing secret (name-of-existing-secret) with API token from Codefresh (supersedes value for global.agentToken; secret must contain `codefresh.token` key)
+  existingAgentToken: ""
+  agentId: ""
+  agentName: ""
+  accountId: ""
+  runtimeName: ""
+  # Existing secret (name has to be `codefresh-certs-server`) (supersedes value for global.keys; secret must contain `server-cert.pem` `server-key.pem` and `ca.pem`` keys)
+  existingDindCertsSecret: ""
+  keys:
+    key: ""
+    csr: ""
+    ca: ""
+    serverCert: ""
+
+dockerRegistry: "quay.io" # Registry prefix for the runtime images (default quay.io)
+## e.g:
+# dockerRegistry: "docker.io"
+newRelicLicense: "" # NEWRELIC_LICENSE_KEY (for app-proxy and runner deployments)
+
+runner: # Runner Deployment
+  image: "codefresh/venona:1.7.8"
+  env: {}
+  ## e.g:
+  # env:
+  #   HTTP_PROXY: 10.20.0.35:8080
+  #   HTTPS_PROXY: 10.20.0.35:8080
+  #   NO_PROXY: 10.20.0.*
+  resources: {}
+  ## e.g:
+  # resources:
+  #   limits:
+  #     cpu: 400m
+  #     memory: 1200Mi
+  #   requests:
+  #     cpu: 200m
+  #     memory: 500Mi
+  nodeSelector: {}
+  ## e.g:
+  # nodeSelector:
+  #   foo: bar
+  tolerations: []
+  ## e.g:
+  # tolerations:
+  # - key: codefresh
+  #   operator: Equal
+  #   value: dind
+  #   effect: NoSchedule
+
+volumeProvisioner: # Volume-Provisioner Deployment
+  image: "codefresh/dind-volume-provisioner:1.31.9"
+  serviceAccount: {} # annotate volume-provisioner service account
+  ## e.g:
+  # serviceAccount:
+  #   annotations:
+  #     eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
+  nodeSelector: {}
+  resources: {}
+  tolerations: []
+  env: {}
+  ## e.g:
+  # env:
+  #   PRIVILEGED_CONTAINER: true
+  ### https://codefresh.io/docs/docs/administration/codefresh-runner/#installing-on-aks
+  # mountAzureJson: true
+
+storage: # Storage parameters for Volume-Provisioner
+  backend: local    # volume type: local(default), ebs, gcedisk or azuredisk
+  fsType: "ext4"    # filesystem type: ext4(default) or xfs
+
+  # Storage example for local volumes on the K8S nodes filesystem
+  # https://kubernetes.io/docs/concepts/storage/volumes/#local
+  local:
+    volumeParentDir: /var/lib/codefresh/dind-volumes
+
+  localVolumeMonitor: # lv-monitor DaemonSet (only for `storage.backend: local`)
+    nodeSelector: {}
+    resources: {}
+    tolerations: []
+    env: {}
+
+  # Storage example for aws ebs disks
+  # https://aws.amazon.com/ebs/
+  # https://codefresh.io/docs/docs/administration/codefresh-runner/#installing-on-aws
+  ebs:
+    volumeType: "" # gp2(default), gp3 or io1
+    availabilityZone: "" # valid aws zone
+    encrypted: "" # encrypt volume (false by default)
+    kmsKeyId: "" # (Optional) KMS Key ID
+    accessKeyId: "" # (Optional) AWS_ACCESS_KEY_ID
+    secretAccessKey: "" # (Optional) AWS_SECRET_ACCESS_KEY
+  ## e.g:
+  # ebs:
+  #   volumeType: gp3
+  #   availabilityZone: us-east-1c
+  #   encrypted: false
+  #   iops: "5000"
+  #   # I/O operations per second. Only effetive when gp3 volume type is specified.
+  #   # Default value - 3000.
+  #   # Max - 16,000
+  #   throughput: "500"
+  #   # Throughput in MiB/s. Only effective when gp3 volume type is specified.
+  #   # Default value - 125.
+  #   # Max - 1000.
+  # ebs:
+  #   volumeType: gp2
+  #   availabilityZone: us-east-1c
+  #   encrypted: true
+  #   kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
+  #   accessKeyId: "AKIAIOSFODNN7EXAMPLE"
+  #   secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+
+  # Storage example for gce disks
+  # https://cloud.google.com/compute/docs/disks#pdspecs
+  # https://codefresh.io/docs/docs/administration/codefresh-runner/#installing-on-google-kubernetes-engine
+  gcedisk:
+    volumeType: "" # pd-ssd(default) or pd-standard
+    availabilityZone: "" # valid gcp zone
+    serviceAccountJson: "" # (Optional) Google SA JSON key
+  ## e.g:
+  # gcedisk:
+  #   volumeType: pd-ssd
+  #   availabilityZone: us-central1-c
+  #   serviceAccountJson: |-
+  #          {
+  #           "type": "service_account",
+  #           "project_id": "...",
+  #           "private_key_id": "...",
+  #           "private_key": "...",
+  #           "client_email": "...",
+  #           "client_id": "...",
+  #           "auth_uri": "...",
+  #           "token_uri": "...",
+  #           "auth_provider_x509_cert_url": "...",
+  #           "client_x509_cert_url": "..."
+  #           }
+
+  # Storage example for Azure Disks
+  # https://codefresh.io/docs/docs/administration/codefresh-runner/#installing-on-aks
+  azuredisk:
+    skuName: Premium_LRS #default
+    cachingMode: None
+    # location: westcentralus
+    # resourceGroup:
+    # DiskIOPSReadWrite: 500
+    # DiskMBpsReadWrite: 100
+
+
+re:
+  # Optionally add an AWS IAM role to your pipelines
+  # More info: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
+  ## e.g:
+  # re:
+  #   serviceAccount:
+  #     annotations:   # will be set on codefresh-engine service account
+  #       eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
+  dindDaemon: # dind daemon config
+    hosts:
+      - unix:///var/run/docker.sock
+      - tcp://0.0.0.0:1300
+    storage-driver: overlay2
+    tlsverify: true
+    tls: true
+    tlscacert: /etc/ssl/cf-client/ca.pem
+    tlscert: /etc/ssl/cf/server-cert.pem
+    tlskey: /etc/ssl/cf/server-key.pem
+    insecure-registries:
+      - 192.168.99.100:5000
+    metrics-addr: 0.0.0.0:9323
+    experimental: true
+
+appProxy: # App-Proxy Deployment
+  enabled: false
+  image: "codefresh/cf-app-proxy:latest"
+  env: {}
+  ## e.g:
+  # env:
+  #   LOG_LEVEL: debug
+  ingress:
+    pathPrefix: ""      # Specify path prefix for ingress (default is '/')
+    class: ""           # Specify ingress class
+    host: ""            # Specify DNS hostname the ingress will use
+    tlsSecret: ""       # Specify k8s tls secret for the ingress object
+    annotations: {}     # Specify extra annotations for ingress object
+  ## e.g:
+  # ingress:
+  #   pathPrefix: "/app-proxy"
+  #   class: "nginx"
+  #   host: "mydomain.com"
+  #   tlsSecret: "tls-cert-app-proxy"
+  #   annotations:
+  #     nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
+  resources: {}
+  serviceAccount:
+    annotations: {}
+
+monitor: # Monitor Deployment
+  enabled: false
+  image: "codefresh/agent:stable"
+  helm3: true
+  useNamespaceWideRole: false     # Use ClusterRole(false) or Role(true)
+  clusterId: ""                   # Cluster name as it registered in account
+  token: ""                       # API token from Codefresh
+  existingMonitorToken: ""        # Existing secret (name-of-existing-secret) with API token from Codefresh (supersedes value of monitor.token; secret must contain `codefresh.token` key)
+  env: {}
+  resources: {}
+  serviceAccount:
+    annotations: {}
+