andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added chart versions: 

codefresh/cf-runtime:
    - 6.4.7
  intel/intel-device-plugins-operator:
    - 0.31.1
  intel/intel-device-plugins-qat:
    - 0.31.1
  intel/intel-device-plugins-sgx:
    - 0.31.1
  linkerd/linkerd-control-plane:
    - 2024.10.3
  linkerd/linkerd-crds:
    - 2024.10.3
  speedscale/speedscale-operator:
    - 2.2.556
pull/1079/head
github-actions[bot] 2024-10-19 00:39:52 +00:00
parent 7b6abcd904
commit 854ab5457f
219 changed files with 27824 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/codefresh/cf-runtime-6.4.7.tgz Normal file
View File

Binary file not shown.

BIN
assets/intel/intel-device-plugins-operator-0.31.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/intel/intel-device-plugins-qat-0.31.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/intel/intel-device-plugins-sgx-0.31.1.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-2024.10.2.tgz
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-control-plane-2024.10.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/linkerd/linkerd-crds-2024.10.3.tgz Normal file
View File

Binary file not shown.

BIN
assets/speedscale/speedscale-operator-2.2.556.tgz Normal file
View File

Binary file not shown.

3
charts/codefresh/cf-runtime/6.4.7/.helmignore Normal file
View File

@ -0,0 +1,3 @@
tests/
.ci/
test-values/

28
charts/codefresh/cf-runtime/6.4.7/Chart.yaml Normal file
View File

@ -0,0 +1,28 @@
annotations:
artifacthub.io/changes: |
- kind: fixed
description: "ensure all env vars are quoted for engine and dind pods"
artifacthub.io/containsSecurityUpdates: "false"
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Codefresh
catalog.cattle.io/kube-version: '>=1.18-0'
catalog.cattle.io/release-name: cf-runtime
apiVersion: v2
dependencies:
- name: cf-common
repository: oci://quay.io/codefresh/charts
version: 0.16.0
description: A Helm chart for Codefresh Runner
home: https://codefresh.io/
icon: file://assets/icons/cf-runtime.png
keywords:
- codefresh
- runner
kubeVersion: '>=1.18-0'
maintainers:
- name: codefresh
url: https://codefresh-io.github.io/
name: cf-runtime
sources:
- https://github.com/codefresh-io/venona
version: 6.4.7

1230
charts/codefresh/cf-runtime/6.4.7/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

1007
charts/codefresh/cf-runtime/6.4.7/README.md.gotmpl Normal file
View File

File diff suppressed because it is too large Load Diff

37
charts/codefresh/cf-runtime/6.4.7/files/cleanup-runtime.sh Normal file
View File

@ -0,0 +1,37 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "AGENT: ${AGENT}"
echo "AGENT_SECRET_NAME: ${AGENT_SECRET_NAME}"
echo "DIND_SECRET_NAME: ${DIND_SECRET_NAME}"
echo "-----"
auth() {
codefresh auth create-context --api-key ${API_TOKEN} --url ${API_HOST}
}
remove_runtime() {
if [ "$AGENT" == "true" ]; then
codefresh delete re ${RUNTIME_NAME} || true
else
codefresh delete sys-re ${RUNTIME_NAME} || true
fi
}
remove_agent() {
codefresh delete agent ${AGENT_NAME} || true
}
remove_secrets() {
kubectl patch secret $(kubectl get secret -l codefresh.io/internal=true | awk 'NR>1{print $1}' | xargs) -p '{"metadata":{"finalizers":null}}' --type=merge || true
kubectl delete secret $AGENT_SECRET_NAME || true
kubectl delete secret $DIND_SECRET_NAME || true
}
auth
remove_runtime
remove_agent
remove_secrets

132
charts/codefresh/cf-runtime/6.4.7/files/configure-dind-certs.sh Normal file
View File

@ -0,0 +1,132 @@
#!/usr/bin/env bash
#
#---
fatal() {
echo "ERROR: $1"
exit 1
}
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
exit_trap () {
local lc="$BASH_COMMAND" rc=$?
if [ $rc != 0 ]; then
if [[ -n "$SLEEP_ON_ERROR" ]]; then
echo -e "\nSLEEP_ON_ERROR is set - Sleeping to fix error"
sleep $SLEEP_ON_ERROR
fi
fi
}
trap exit_trap EXIT
usage() {
echo "Usage:
$0 [-n | --namespace] [--server-cert-cn] [--server-cert-extra-sans] codefresh-api-host codefresh-api-token
Example:
$0 -n workflow https://g.codefresh.io 21341234.423141234.412431234
"
}
# Args
while [[ $1 =~ ^(-(n|h)|--(namespace|server-cert-cn|server-cert-extra-sans|help)) ]]
do
key=$1
value=$2
case $key in
-h|--help)
usage
exit
;;
-n|--namespace)
NAMESPACE="$value"
shift
;;
--server-cert-cn)
SERVER_CERT_CN="$value"
shift
;;
--server-cert-extra-sans)
SERVER_CERT_EXTRA_SANS="$value"
shift
;;
esac
shift # past argument or value
done
API_HOST=${1:-"$CF_API_HOST"}
API_TOKEN=${2:-"$CF_API_TOKEN"}
[[ -z "$API_HOST" ]] && usage && fatal "Missing API_HOST"
[[ -z "$API_TOKEN" ]] && usage && fatal "Missing token"
API_SIGN_PATH=${API_SIGN_PATH:-"api/custom_clusters/signServerCerts"}
NAMESPACE=${NAMESPACE:-default}
RELEASE=${RELEASE:-cf-runtime}
DIR=$(dirname $0)
TMPDIR=/tmp/codefresh/
TMP_CERTS_FILE_ZIP=$TMPDIR/cf-certs.zip
TMP_CERTS_HEADERS_FILE=$TMPDIR/cf-certs-response-headers.txt
CERTS_DIR=$TMPDIR/ssl
SRV_TLS_CA_CERT=${CERTS_DIR}/ca.pem
SRV_TLS_KEY=${CERTS_DIR}/server-key.pem
SRV_TLS_CSR=${CERTS_DIR}/server-cert.csr
SRV_TLS_CERT=${CERTS_DIR}/server-cert.pem
CF_SRV_TLS_CERT=${CERTS_DIR}/cf-server-cert.pem
CF_SRV_TLS_CA_CERT=${CERTS_DIR}/cf-ca.pem
mkdir -p $TMPDIR $CERTS_DIR
K8S_CERT_SECRET_NAME=codefresh-certs-server
echo -e "\n------------------\nGenerating server tls certificates ... "
SERVER_CERT_CN=${SERVER_CERT_CN:-"docker.codefresh.io"}
SERVER_CERT_EXTRA_SANS="${SERVER_CERT_EXTRA_SANS}"
###
openssl genrsa -out $SRV_TLS_KEY 4096 || fatal "Failed to generate openssl key "
openssl req -subj "/CN=${SERVER_CERT_CN}" -new -key $SRV_TLS_KEY -out $SRV_TLS_CSR || fatal "Failed to generate openssl csr "
GENERATE_CERTS=true
CSR=$(sed ':a;N;$!ba;s/\n/\\n/g' ${SRV_TLS_CSR})
SERVER_CERT_SANS="IP:127.0.0.1,DNS:dind,DNS:*.dind.${NAMESPACE},DNS:*.dind.${NAMESPACE}.svc${KUBE_DOMAIN},DNS:*.cf-cd.com,DNS:*.codefresh.io"
if [[ -n "${SERVER_CERT_EXTRA_SANS}" ]]; then
SERVER_CERT_SANS=${SERVER_CERT_SANS},${SERVER_CERT_EXTRA_SANS}
fi
echo "{\"reqSubjectAltName\": \"${SERVER_CERT_SANS}\", \"csr\": \"${CSR}\" }" > ${TMPDIR}/sign_req.json
rm -fv ${TMP_CERTS_HEADERS_FILE} ${TMP_CERTS_FILE_ZIP}
SIGN_STATUS=$(curl -k -sSL -d @${TMPDIR}/sign_req.json -H "Content-Type: application/json" -H "Authorization: ${API_TOKEN}" -H "Expect: " \
-o ${TMP_CERTS_FILE_ZIP} -D ${TMP_CERTS_HEADERS_FILE} -w '%{http_code}' ${API_HOST}/${API_SIGN_PATH} )
echo "Sign request completed with HTTP_STATUS_CODE=$SIGN_STATUS"
if [[ $SIGN_STATUS != 200 ]]; then
echo "ERROR: Cannot sign certificates"
if [[ -f ${TMP_CERTS_FILE_ZIP} ]]; then
mv ${TMP_CERTS_FILE_ZIP} ${TMP_CERTS_FILE_ZIP}.error
cat ${TMP_CERTS_FILE_ZIP}.error
fi
exit 1
fi
unzip -o -d ${CERTS_DIR}/ ${TMP_CERTS_FILE_ZIP} || fatal "Failed to unzip certificates to ${CERTS_DIR} "
cp -v ${CF_SRV_TLS_CA_CERT} $SRV_TLS_CA_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains ca.pem"
cp -v ${CF_SRV_TLS_CERT} $SRV_TLS_CERT || fatal "received ${TMP_CERTS_FILE_ZIP} does not contains cf-server-cert.pem"
echo -e "\n------------------\nCreating certificate secret "
kubectl -n $NAMESPACE create secret generic $K8S_CERT_SECRET_NAME \
--from-file=$SRV_TLS_CA_CERT \
--from-file=$SRV_TLS_KEY \
--from-file=$SRV_TLS_CERT \
--dry-run=client -o yaml | kubectl apply --overwrite -f -
kubectl -n $NAMESPACE label --overwrite secret ${K8S_CERT_SECRET_NAME} codefresh.io/internal=true
kubectl -n $NAMESPACE patch secret $K8S_CERT_SECRET_NAME -p '{"metadata": {"finalizers": ["kubernetes"]}}'

80
charts/codefresh/cf-runtime/6.4.7/files/init-runtime.sh Normal file
View File

@ -0,0 +1,80 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "AGENT_NAME: ${AGENT_NAME}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "SECRET_NAME: ${SECRET_NAME}"
echo "-----"
create_agent_secret() {
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: ${SECRET_NAME}
namespace: ${KUBE_NAMESPACE}
labels:
codefresh.io/internal: "true"
finalizers:
- kubernetes
ownerReferences:
- apiVersion: apps/v1
kind: Deploy
name: ${OWNER_NAME}
uid: ${OWNER_UID}
stringData:
agent-codefresh-token: ${1}
EOF
}
OWNER_UID=$(kubectl get deploy ${OWNER_NAME} --namespace ${KUBE_NAMESPACE} -o jsonpath='{.metadata.uid}')
echo "got owner uid: ${OWNER_UID}"
if [ ! -z "${AGENT_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "runtime and agent are already initialized"
echo "-----"
exit 0
fi
if [ ! -z "${EXISTING_AGENT_CODEFRESH_TOKEN}" ]; then
echo "using existing agentToken value"
create_agent_secret $EXISTING_AGENT_CODEFRESH_TOKEN
exit 0
fi
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
echo "-----"
echo "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
echo "-----"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
# AGENT_TOKEN might be empty, in which case it will be returned by the call
RES=$(codefresh install agent \
--name ${AGENT_NAME} \
--kube-context-name ${KUBE_CONTEXT} \
--kube-namespace ${KUBE_NAMESPACE} \
--agent-kube-namespace ${KUBE_NAMESPACE} \
--install-runtime \
--runtime-name ${RUNTIME_NAME} \
--skip-cluster-creation \
--platform-only)
AGENT_CODEFRESH_TOKEN=$(echo "${RES}" | tail -n 1)
echo "generated agent + runtime in platform"
create_agent_secret $AGENT_CODEFRESH_TOKEN
echo "-----"
echo "done initializing runtime and agent"
echo "-----"

38
charts/codefresh/cf-runtime/6.4.7/files/reconcile-runtime.sh Normal file
View File

@ -0,0 +1,38 @@
#!/bin/bash
echo "-----"
echo "API_HOST: ${API_HOST}"
echo "KUBE_CONTEXT: ${KUBE_CONTEXT}"
echo "KUBE_NAMESPACE: ${KUBE_NAMESPACE}"
echo "OWNER_NAME: ${OWNER_NAME}"
echo "RUNTIME_NAME: ${RUNTIME_NAME}"
echo "CONFIGMAP_NAME: ${CONFIGMAP_NAME}"
echo "RECONCILE_INTERVAL: ${RECONCILE_INTERVAL}"
echo "-----"
msg() { echo -e "\e[32mINFO ---> $1\e[0m"; }
err() { echo -e "\e[31mERR ---> $1\e[0m" ; return 1; }
if [ -z "${USER_CODEFRESH_TOKEN}" ]; then
err "missing codefresh user token. must supply \".global.codefreshToken\" if agent-codefresh-token does not exist"
exit 1
fi
codefresh auth create-context --api-key ${USER_CODEFRESH_TOKEN} --url ${API_HOST}
while true; do
msg "Reconciling ${RUNTIME_NAME} runtime"
sleep $RECONCILE_INTERVAL
codefresh get re \
--name ${RUNTIME_NAME} \
-o yaml \
| yq 'del(.version, .metadata.changedBy, .metadata.creationTime)' > /tmp/runtime.yaml
kubectl get cm ${CONFIGMAP_NAME} -n ${KUBE_NAMESPACE} -o yaml \
| yq 'del(.metadata.resourceVersion, .metadata.uid)' \
| yq eval '.data["runtime.yaml"] = load_str("/tmp/runtime.yaml")' \
| kubectl apply -f -
done

70
charts/codefresh/cf-runtime/6.4.7/templates/_components/app-proxy/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "app-proxy.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "app-proxy.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "app-proxy.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "app-proxy.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: app-proxy
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "app-proxy.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 3000
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

19
charts/codefresh/cf-runtime/6.4.7/templates/_components/app-proxy/_env-vars.yaml Normal file
View File

@ -0,0 +1,19 @@
{{- define "app-proxy.environment-variables.defaults" }}
PORT: 3000
{{- end }}
{{- define "app-proxy.environment-variables.calculated" }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- with .Values.ingress.pathPrefix }}
API_PATH_PREFIX: {{ . | quote }}
{{- end }}
{{- end }}
{{- define "app-proxy.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "app-proxy.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "app-proxy.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.4.7/templates/_components/app-proxy/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "app-proxy.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "app-proxy.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "app-proxy" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "app-proxy.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Selector labels
*/}}
{{- define "app-proxy.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: app-proxy
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "app-proxy.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "app-proxy.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

32
charts/codefresh/cf-runtime/6.4.7/templates/_components/app-proxy/_ingress.yaml Normal file
View File

@ -0,0 +1,32 @@
{{- define "app-proxy.resources.ingress" -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ include "app-proxy.fullname" . }}
labels: {{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.ingress.class (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
ingressClassName: {{ .Values.ingress.class }}
{{- end }}
{{- if .Values.ingress.tlsSecret }}
tls:
- hosts:
- {{ .Values.ingress.host }}
secretName: {{ .Values.tlsSecret }}
{{- end }}
rules:
- host: {{ .Values.ingress.host }}
http:
paths:
- path: {{ .Values.ingress.pathPrefix | default "/" }}
pathType: ImplementationSpecific
backend:
service:
name: {{ include "app-proxy.fullname" . }}
port:
number: 80
{{- end -}}

47
charts/codefresh/cf-runtime/6.4.7/templates/_components/app-proxy/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "app-proxy.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "app-proxy.serviceAccountName" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "app-proxy.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "app-proxy.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.7/templates/_components/app-proxy/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "app-proxy.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "app-proxy.fullname" . }}
labels:
{{- include "app-proxy.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 3000
selector:
{{- include "app-proxy.selectorLabels" . | nindent 4 }}
{{- end -}}

62
charts/codefresh/cf-runtime/6.4.7/templates/_components/event-exporter/_deployment.yaml Normal file
View File

@ -0,0 +1,62 @@
{{- define "event-exporter.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "event-exporter.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "event-exporter.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: event-exporter
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
args: [--running-in-cluster=true]
env:
{{- include "event-exporter.environment-variables" . | nindent 8 }}
ports:
- name: metrics
containerPort: 9102
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.4.7/templates/_components/event-exporter/_env-vars.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.environment-variables.defaults" }}
{{- end }}
{{- define "event-exporter.environment-variables.calculated" }}
{{- end }}
{{- define "event-exporter.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "event-exporter.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "event-exporter.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

43
charts/codefresh/cf-runtime/6.4.7/templates/_components/event-exporter/_helpers.tpl Normal file
View File

@ -0,0 +1,43 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "event-exporter.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "event-exporter.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "event-exporter" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "event-exporter.labels" -}}
{{ include "cf-runtime.labels" . }}
app: event-exporter
{{- end }}
{{/*
Selector labels
*/}}
{{- define "event-exporter.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
app: event-exporter
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "event-exporter.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "event-exporter.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

47
charts/codefresh/cf-runtime/6.4.7/templates/_components/event-exporter/_rbac.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "event-exporter.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "event-exporter.serviceAccountName" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: [events]
verbs: [get, list, watch]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "event-exporter.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "event-exporter.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.7/templates/_components/event-exporter/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "event-exporter.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: metrics
port: 9102
targetPort: metrics
protocol: TCP
selector:
{{- include "event-exporter.selectorLabels" . | nindent 4 }}
{{- end -}}

14
charts/codefresh/cf-runtime/6.4.7/templates/_components/event-exporter/_serviceMontor.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- define "event-exporter.resources.serviceMonitor" -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "event-exporter.fullname" . }}
labels:
{{- include "event-exporter.labels" . | nindent 4 }}
spec:
endpoints:
- port: metrics
selector:
matchLabels:
{{- include "event-exporter.selectorLabels" . | nindent 6 }}
{{- end -}}

70
charts/codefresh/cf-runtime/6.4.7/templates/_components/monitor/_deployment.yaml Normal file
View File

@ -0,0 +1,70 @@
{{- define "monitor.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "monitor.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include "monitor.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 9020
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /api/ping
port: 9020
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

26
charts/codefresh/cf-runtime/6.4.7/templates/_components/monitor/_env-vars.yaml Normal file
View File

@ -0,0 +1,26 @@
{{- define "monitor.environment-variables.defaults" }}
SERVICE_NAME: {{ include "monitor.fullname" . }}
PORT: 9020
HELM3: true
NODE_OPTIONS: "--max_old_space_size=4096"
{{- end }}
{{- define "monitor.environment-variables.calculated" }}
API_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
CLUSTER_ID: {{ include "runtime.runtime-environment-spec.context-name" . }}
API_URL: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}/api/k8s-monitor/events
ACCOUNT_ID: {{ .Values.global.accountId }}
NAMESPACE: {{ .Release.Namespace }}
{{- if .Values.rbac.namespaced }}
ROLE_BINDING: true
{{- end }}
{{- end }}
{{- define "monitor.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "monitor.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "monitor.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

42
charts/codefresh/cf-runtime/6.4.7/templates/_components/monitor/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "monitor.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Selector labels
*/}}
{{- define "monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: monitor
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "monitor.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "monitor.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

56
charts/codefresh/cf-runtime/6.4.7/templates/_components/monitor/_rbac.yaml Normal file
View File

@ -0,0 +1,56 @@
{{- define "monitor.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "monitor.serviceAccountName" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch", "create", "delete" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "deletecollection" ]
- apiGroups: [ "extensions" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "apps" ]
resources: [ "*" ]
verbs: [ "get", "list", "watch" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: {{ .Values.rbac.namespaced | ternary "RoleBinding" "ClusterRoleBinding" }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "monitor.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: {{ .Values.rbac.namespaced | ternary "Role" "ClusterRole" }}
name: {{ include "monitor.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

17
charts/codefresh/cf-runtime/6.4.7/templates/_components/monitor/_service.yaml Normal file
View File

@ -0,0 +1,17 @@
{{- define "monitor.resources.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ include "monitor.fullname" . }}
labels:
{{- include "monitor.labels" . | nindent 4 }}
spec:
type: ClusterIP
ports:
- name: http
port: 80
protocol: TCP
targetPort: 9020
selector:
{{- include "monitor.selectorLabels" . | nindent 4 }}
{{- end -}}

103
charts/codefresh/cf-runtime/6.4.7/templates/_components/runner/_deployment.yaml Normal file
View File

@ -0,0 +1,103 @@
{{- define "runner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "runner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "runner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "runner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
initContainers:
- name: init
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.init.image "context" .) }}
imagePullPolicy: {{ .Values.init.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/init-runtime.sh" | nindent 10 }}
env:
{{- include "runner-init.environment-variables" . | nindent 8 }}
{{- with .Values.init.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
containers:
- name: runner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "IfNotPresent" }}
env:
{{- include "runner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
readinessProbe:
initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.readinessProbe.successThreshold }}
failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
httpGet:
path: /health
port: http
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- with .Values.extraVolumeMounts }}
volumeMounts:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.sidecar.enabled }}
- name: reconcile-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.sidecar.image "context" .) }}
imagePullPolicy: {{ .Values.sidecar.image.pullPolicy | default "IfNotPresent" }}
command:
- /bin/bash
args:
- -ec
- | {{ .Files.Get "files/reconcile-runtime.sh" | nindent 10 }}
env:
{{- include "runner-sidecar.environment-variables" . | nindent 8 }}
{{- with .Values.sidecar.resources }}
resources:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- with .Values.extraVolumes }}
volumes:
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

42
charts/codefresh/cf-runtime/6.4.7/templates/_components/runner/_helpers.tpl Normal file
View File

@ -0,0 +1,42 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "runner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runner
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "runner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "runner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

53
charts/codefresh/cf-runtime/6.4.7/templates/_components/runner/_rbac.yaml Normal file
View File

@ -0,0 +1,53 @@
{{- define "runner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runner.serviceAccountName" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "pods", "persistentvolumeclaims" ]
verbs: [ "get", "create", "delete", patch ]
- apiGroups: [ "" ]
resources: [ "configmaps", "secrets" ]
verbs: [ "get", "create", "update", patch ]
- apiGroups: [ "apps" ]
resources: [ "deployments" ]
verbs: [ "get" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "runner.fullname" . }}
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "runner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: Role
name: {{ include "runner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

30
charts/codefresh/cf-runtime/6.4.7/templates/_components/runner/environment-variables/_init-container.yaml Normal file
View File

@ -0,0 +1,30 @@
{{- define "runner-init.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-init.environment-variables.calculated" }}
AGENT_NAME: {{ include "runtime.runtime-environment-spec.agent-name" . }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
AGENT_CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
optional: true
EXISTING_AGENT_CODEFRESH_TOKEN: {{ include "runtime.agent-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
SECRET_NAME: {{ include "runner.fullname" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
{{- end }}
{{- define "runner-init.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-init.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-init.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

28
charts/codefresh/cf-runtime/6.4.7/templates/_components/runner/environment-variables/_main-container.yaml Normal file
View File

@ -0,0 +1,28 @@
{{- define "runner.environment-variables.defaults" }}
AGENT_MODE: InCluster
SELF_DEPLOYMENT_NAME:
valueFrom:
fieldRef:
fieldPath: metadata.name
{{- end }}
{{- define "runner.environment-variables.calculated" }}
AGENT_ID: {{ include "runtime.runtime-environment-spec.agent-name" . }}
CODEFRESH_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
CODEFRESH_IN_CLUSTER_RUNTIME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CODEFRESH_TOKEN:
valueFrom:
secretKeyRef:
name: {{ include "runner.fullname" . }}
key: agent-codefresh-token
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
{{- end }}
{{- define "runner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

22
charts/codefresh/cf-runtime/6.4.7/templates/_components/runner/environment-variables/_sidecar-container.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "runner-sidecar.environment-variables.defaults" }}
HOME: /tmp
{{- end }}
{{- define "runner-sidecar.environment-variables.calculated" }}
API_HOST: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
USER_CODEFRESH_TOKEN: {{ include "runtime.installation-token-env-var-value" . | nindent 2 }}
KUBE_CONTEXT: {{ include "runtime.runtime-environment-spec.context-name" . }}
KUBE_NAMESPACE: {{ .Release.Namespace }}
OWNER_NAME: {{ include "runner.fullname" . }}
RUNTIME_NAME: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
CONFIGMAP_NAME: {{ printf "%s-%s" (include "runtime.fullname" .) "spec" }}
{{- end }}
{{- define "runner-sidecar.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "runner-sidecar.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "runner-sidecar.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.sidecar.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}

58
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_cronjob.yaml Normal file
View File

@ -0,0 +1,58 @@
{{- define "dind-volume-provisioner.resources.cronjob" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- if not (eq .Values.storage.backend "local") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "dind-volume-cleanup.fullname" . }}
labels:
{{- include "dind-volume-cleanup.labels" . | nindent 4 }}
spec:
concurrencyPolicy: {{ .Values.concurrencyPolicy }}
schedule: {{ .Values.schedule | quote }}
successfulJobsHistoryLimit: {{ .Values.successfulJobsHistory }}
failedJobsHistoryLimit: {{ .Values.failedJobsHistory }}
{{- with .Values.suspend }}
suspend: {{ . }}
{{- end }}
jobTemplate:
spec:
template:
metadata:
labels:
{{- include "dind-volume-cleanup.selectorLabels" . | nindent 12 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 12 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 10 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
restartPolicy: {{ .Values.restartPolicy | default "Never" }}
containers:
- name: dind-volume-cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 12 }}
- name: PROVISIONED_BY
value: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
resources:
{{- toYaml .Values.resources | nindent 14 }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 10 }}
{{- end }}
{{- end }}
{{- end -}}

98
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_daemonset.yaml Normal file
View File

@ -0,0 +1,98 @@
{{- define "dind-volume-provisioner.resources.daemonset" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $localVolumeParentDir := .Values.storage.local.volumeParentDir }}
{{- if eq .Values.storage.backend "local" }}
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "dind-lv-monitor.fullname" . }}
labels:
{{- include "dind-lv-monitor.labels" . | nindent 4 }}
spec:
selector:
matchLabels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-lv-monitor.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.volumePermissions.enabled }}
initContainers:
- name: volume-permissions
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.volumePermissions.image "context" .) }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | default "Always" }}
command:
- /bin/sh
args:
- -ec
- |
chown -R {{ .Values.podSecurityContext.runAsUser }}:{{ .Values.podSecurityContext.fsGroup }} {{ $localVolumeParentDir }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
name: dind-volume-dir
{{- if eq ( toString ( .Values.volumePermissions.securityContext.runAsUser )) "auto" }}
securityContext: {{- omit .Values.volumePermissions.securityContext "runAsUser" | toYaml | nindent 10 }}
{{- else }}
securityContext: {{- .Values.volumePermissions.securityContext | toYaml | nindent 10 }}
{{- end }}
resources:
{{- toYaml .Values.volumePermissions.resources | nindent 10 }}
{{- end }}
containers:
- name: dind-lv-monitor
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 10 }}
{{- end }}
command:
- /home/dind-volume-utils/bin/local-volumes-agent
env:
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" .Values.env "context" .) | nindent 10 }}
- name: NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: VOLUME_PARENT_DIR
value: {{ $localVolumeParentDir }}
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
- mountPath: {{ $localVolumeParentDir }}
readOnly: false
name: dind-volume-dir
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
- name: dind-volume-dir
hostPath:
path: {{ $localVolumeParentDir }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end }}
{{- end -}}

67
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_deployment.yaml Normal file
View File

@ -0,0 +1,67 @@
{{- define "dind-volume-provisioner.resources.deployment" -}}
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
spec:
replicas: {{ .Values.replicasCount }}
strategy:
type: {{ .Values.updateStrategy.type }}
selector:
matchLabels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 6 }}
template:
metadata:
labels:
{{- include "dind-volume-provisioner.selectorLabels" . | nindent 8 }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- include (printf "%s.image.pullSecrets" $cfCommonTplSemver ) . | nindent 8 }}
serviceAccountName: {{ include "dind-volume-provisioner.serviceAccountName" . }}
{{- if .Values.podSecurityContext.enabled }}
securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: dind-volume-provisioner
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" .Values.image "context" .) }}
imagePullPolicy: {{ .Values.image.pullPolicy | default "Always" }}
command:
- /usr/local/bin/dind-volume-provisioner
- -v=4
- --resync-period=50s
env:
{{- include "dind-volume-provisioner.environment-variables" . | nindent 8 }}
ports:
- name: http
containerPort: 8080
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumeMounts:
{{- include "dind-volume-provisioner.volumeMounts.calculated" . | nindent 8 }}
{{- with .Values.extraVolumeMounts }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
volumes:
{{- include "dind-volume-provisioner.volumes.calculated" . | nindent 6 }}
{{- with .Values.extraVolumes }}
{{- toYaml . | nindent 6 }}
{{- end }}
{{- end -}}

88
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_env-vars.yaml Normal file
View File

@ -0,0 +1,88 @@
{{- define "dind-volume-provisioner.environment-variables.defaults" }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables.calculated" }}
DOCKER_REGISTRY: {{ .Values.global.imageRegistry }}
PROVISIONER_NAME: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.accessKeyIdSecretKeyRef }}
AWS_ACCESS_KEY_ID:
{{- if .Values.storage.ebs.accessKeyId }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_access_key_id
{{- else if .Values.storage.ebs.accessKeyIdSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.accessKeyIdSecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.ebs.secretAccessKey .Values.storage.ebs.secretAccessKeySecretKeyRef }}
AWS_SECRET_ACCESS_KEY:
{{- if .Values.storage.ebs.secretAccessKey }}
valueFrom:
secretKeyRef:
name: {{ include "dind-volume-provisioner.fullname" . }}
key: aws_secret_access_key
{{- else if .Values.storage.ebs.secretAccessKeySecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.storage.ebs.secretAccessKeySecretKeyRef | toYaml | nindent 6 }}
{{- end }}
{{- end }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
GOOGLE_APPLICATION_CREDENTIALS: {{ printf "/etc/dind-volume-provisioner/credentials/%s" (.Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.key | default "google-service-account.json") }}
{{- end }}
{{- if and .Values.storage.mountAzureJson }}
AZURE_CREDENTIAL_FILE: /etc/kubernetes/azure.json
CLOUDCONFIG_AZURE: /etc/kubernetes/azure.json
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.environment-variables" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- $defaults := (include "dind-volume-provisioner.environment-variables.defaults" . | fromYaml) }}
{{- $calculated := (include "dind-volume-provisioner.environment-variables.calculated" . | fromYaml) }}
{{- $overrides := .Values.env }}
{{- $mergedValues := mergeOverwrite (merge $defaults $calculated) $overrides }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $mergedValues "context" .) }}
{{- end }}
{{- define "dind-volume-provisioner.volumes.calculated" }}
{{- if .Values.storage.gcedisk.serviceAccountJson }}
- name: credentials
secret:
secretName: {{ include "dind-volume-provisioner.fullname" . }}
optional: true
{{- else if .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
secret:
secretName: {{ .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef.name }}
optional: true
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
hostPath:
path: /etc/kubernetes/azure.json
type: File
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.volumeMounts.calculated" }}
{{- if or .Values.storage.gcedisk.serviceAccountJson .Values.storage.gcedisk.serviceAccountJsonSecretKeyRef }}
- name: credentials
readOnly: true
mountPath: "/etc/dind-volume-provisioner/credentials"
{{- end }}
{{- if .Values.storage.mountAzureJson }}
- name: azure-json
readOnly: true
mountPath: "/etc/kubernetes/azure.json"
{{- end }}
{{- end }}

93
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_helpers.tpl Normal file
View File

@ -0,0 +1,93 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "dind-volume-provisioner.name" -}}
{{- printf "%s-%s" (include "cf-runtime.name" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "dind-volume-provisioner.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-provisioner" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- define "dind-volume-cleanup.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "volume-cleanup" | trunc 52 | trimSuffix "-" }}
{{- end }}
{{- define "dind-lv-monitor.fullname" -}}
{{- printf "%s-%s" (include "cf-runtime.fullname" .) "lv-monitor" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Provisioner name for storage class
*/}}
{{- define "dind-volume-provisioner.volumeProvisionerName" }}
{{- printf "codefresh.io/dind-volume-provisioner-runner-%s" .Release.Namespace }}
{{- end }}
{{/*
Common labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Selector labels for dind-lv-monitor
*/}}
{{- define "dind-lv-monitor.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: lv-monitor
{{- end }}
{{/*
Common labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Selector labels for dind-volume-provisioner
*/}}
{{- define "dind-volume-provisioner.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: volume-provisioner
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Common labels for dind-volume-cleanup
*/}}
{{- define "dind-volume-cleanup.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: pv-cleanup
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "dind-volume-provisioner.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "dind-volume-provisioner.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}
{{- define "dind-volume-provisioner.storageClassName" }}
{{- printf "dind-local-volumes-runner-%s" .Release.Namespace }}
{{- end }}

71
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_rbac.yaml Normal file
View File

@ -0,0 +1,71 @@
{{- define "dind-volume-provisioner.resources.rbac" -}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
{{- with .Values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if .Values.rbac.create }}
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "persistentvolumes" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "persistentvolumeclaims" ]
verbs: [ "get", "list", "watch", "update", "delete" ]
- apiGroups: [ "storage.k8s.io" ]
resources: [ "storageclasses" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "events" ]
verbs: [ "list", "watch", "create", "update", "patch" ]
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get", "list" ]
- apiGroups: [ "" ]
resources: [ "nodes" ]
verbs: [ "get", "list", "watch" ]
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "list", "watch", "create", "delete", "patch" ]
- apiGroups: [ "" ]
resources: [ "endpoints" ]
verbs: [ "get", "list", "watch", "create", "update", "delete" ]
- apiGroups: [ "coordination.k8s.io" ]
resources: [ "leases" ]
verbs: [ "get", "create", "update" ]
{{- with .Values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and .Values.serviceAccount.create .Values.rbac.create }}
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ include "dind-volume-provisioner.serviceAccountName" . }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: {{ include "dind-volume-provisioner.fullname" . }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
{{- end -}}

22
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_secret.yaml Normal file
View File

@ -0,0 +1,22 @@
{{- define "dind-volume-provisioner.resources.secret" -}}
{{- if or .Values.storage.ebs.accessKeyId .Values.storage.ebs.secretAccessKey .Values.storage.gcedisk.serviceAccountJson }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "dind-volume-provisioner.fullname" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
stringData:
{{- with .Values.storage.gcedisk.serviceAccountJson }}
google-service-account.json: |
{{- . | nindent 4 }}
{{- end }}
{{- with .Values.storage.ebs.accessKeyId }}
aws_access_key_id: {{ . }}
{{- end }}
{{- with .Values.storage.ebs.secretAccessKey }}
aws_secret_access_key: {{ . }}
{{- end }}
{{- end }}
{{- end -}}

47
charts/codefresh/cf-runtime/6.4.7/templates/_components/volume-provisioner/_storageclass.yaml Normal file
View File

@ -0,0 +1,47 @@
{{- define "dind-volume-provisioner.resources.storageclass" -}}
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
{{/* has to be exactly that */}}
name: {{ include "dind-volume-provisioner.storageClassName" . }}
labels:
{{- include "dind-volume-provisioner.labels" . | nindent 4 }}
provisioner: {{ include "dind-volume-provisioner.volumeProvisionerName" . }}
parameters:
{{- if eq .Values.storage.backend "local" }}
volumeBackend: local
volumeParentDir: {{ .Values.storage.local.volumeParentDir }}
{{- else if eq .Values.storage.backend "gcedisk" }}
volumeBackend: {{ .Values.storage.backend }}
type: {{ .Values.storage.gcedisk.volumeType | default "pd-ssd" }}
zone: {{ required ".Values.storage.gcedisk.availabilityZone is required" .Values.storage.gcedisk.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
{{- else if or (eq .Values.storage.backend "ebs") (eq .Values.storage.backend "ebs-csi")}}
volumeBackend: {{ .Values.storage.backend }}
VolumeType: {{ .Values.storage.ebs.volumeType | default "gp3" }}
AvailabilityZone: {{ required ".Values.storage.ebs.availabilityZone is required" .Values.storage.ebs.availabilityZone }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
encrypted: {{ .Values.storage.ebs.encrypted | default "false" | quote }}
{{- with .Values.storage.ebs.kmsKeyId }}
kmsKeyId: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.iops }}
iops: {{ . | quote }}
{{- end }}
{{- with .Values.storage.ebs.throughput }}
throughput: {{ . | quote }}
{{- end }}
{{- else if or (eq .Values.storage.backend "azuredisk") (eq .Values.storage.backend "azuredisk-csi")}}
volumeBackend: {{ .Values.storage.backend }}
kind: managed
skuName: {{ .Values.storage.azuredisk.skuName | default "Premium_LRS" }}
fsType: {{ .Values.storage.fsType | default "ext4" }}
cachingMode: {{ .Values.storage.azuredisk.cachingMode | default "None" }}
{{- with .Values.storage.azuredisk.availabilityZone }}
availabilityZone: {{ . | quote }}
{{- end }}
{{- with .Values.storage.azuredisk.resourceGroup }}
resourceGroup: {{ . | quote }}
{{- end }}
{{- end }}
{{- end -}}

51
charts/codefresh/cf-runtime/6.4.7/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,51 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "cf-runtime.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cf-runtime.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cf-runtime.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "cf-runtime.labels" -}}
helm.sh/chart: {{ include "cf-runtime.chart" . }}
{{ include "cf-runtime.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "cf-runtime.selectorLabels" -}}
app.kubernetes.io/name: {{ include "cf-runtime.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/app-proxy/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.deployment" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/app-proxy/ingress.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.ingress" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/app-proxy/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.rbac" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/app-proxy/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $appProxyContext := deepCopy . }}
{{- $_ := set $appProxyContext "Values" (get .Values "appProxy") }}
{{- $_ := set $appProxyContext.Values "global" (get .Values "global") }}
{{- $_ := set $appProxyContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $appProxyContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $appProxyContext.Values.enabled }}
{{- include "app-proxy.resources.service" $appProxyContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/event-exporter/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.deployment" $eventExporterContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/event-exporter/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.rbac" $eventExporterContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.7/templates/event-exporter/service.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $eventExporterContext := deepCopy . }}
{{- $_ := set $eventExporterContext "Values" (get .Values "event-exporter") }}
{{- $_ := set $eventExporterContext.Values "global" (get .Values "global") }}
{{- $_ := set $eventExporterContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $eventExporterContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $eventExporterContext.Values.enabled }}
{{- include "event-exporter.resources.service" $eventExporterContext }}
---
{{- include "event-exporter.resources.serviceMonitor" $eventExporterContext }}
{{- end }}

6
charts/codefresh/cf-runtime/6.4.7/templates/extra/extra-resources.yaml Normal file
View File

@ -0,0 +1,6 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{- range .Values.extraResources }}
---
{{ include (printf "%s.tplrender" $cfCommonTplSemver) (dict "Values" . "context" $) }}
{{- end }}

19
charts/codefresh/cf-runtime/6.4.7/templates/extra/runtime-images-cm.yaml Normal file
View File

@ -0,0 +1,19 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.engine.runtimeImages }}
---
kind: ConfigMap
apiVersion: v1
metadata:
{{- /* dummy template just to list runtime images */}}
name: {{ include "runtime.fullname" . }}-images
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
images: |
{{- range $key, $val := $values }}
image: {{ $val }}
{{- end }}

18
charts/codefresh/cf-runtime/6.4.7/templates/hooks/post-install/cm-update-runtime.yaml Normal file
View File

@ -0,0 +1,18 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "runtime.fullname" . }}-spec
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
data:
runtime.yaml: |
{{ include "runtime.runtime-environment-spec.template" . | nindent 4 | trim }}
{{- end }}

68
charts/codefresh/cf-runtime/6.4.7/templates/hooks/post-install/job-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,68 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "3"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-gencerts-dind
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: gencerts-dind
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/configure-dind-certs.sh" | nindent 10 }}
env:
- name: NAMESPACE
value: {{ .Release.Namespace }}
- name: RELEASE
value: {{ .Release.Name }}
- name: CF_API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: CF_API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

77
charts/codefresh/cf-runtime/6.4.7/templates/hooks/post-install/job-update-runtime.yaml Normal file
View File

@ -0,0 +1,77 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: post-install,post-upgrade
helm.sh/hook-weight: "5"
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-patch
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: patch-runtime
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- |
codefresh auth create-context --api-key $API_KEY --url $API_HOST
cat /usr/share/extras/runtime.yaml
codefresh get re
{{- if .Values.runtime.agent }}
codefresh patch re -f /usr/share/extras/runtime.yaml
{{- else }}
codefresh patch sys-re -f /usr/share/extras/runtime.yaml
{{- end }}
env:
- name: API_KEY
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
volumeMounts:
- name: config
mountPath: /usr/share/extras/runtime.yaml
subPath: runtime.yaml
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
volumes:
- name: config
configMap:
name: {{ include "runtime.fullname" . }}-spec
{{- end }}

37
charts/codefresh/cf-runtime/6.4.7/templates/hooks/post-install/rbac-gencerts-dind.yaml Normal file
View File

@ -0,0 +1,37 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.gencerts }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
resources:
- secrets
- configmaps
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-gencerts-dind
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-gencerts-dind
namespace: {{ .Release.Namespace }}
{{ end }}

73
charts/codefresh/cf-runtime/6.4.7/templates/hooks/pre-delete/job-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,73 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 4 }}
annotations:
helm.sh/hook: pre-delete
helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation
{{- with $values.annotations }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
{{- with $values.ttlSecondsAfterFinished }}
ttlSecondsAfterFinished: {{ . }}
{{- end }}
{{- with $values.backoffLimit }}
backoffLimit: {{ . | int }}
{{- end }}
template:
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
labels:
{{- include "runtime.labels" . | nindent 8 }}
spec:
{{- if $values.rbac.enabled }}
serviceAccountName: {{ template "runtime.fullname" . }}-cleanup
{{- end }}
securityContext:
{{- toYaml $values.podSecurityContext | nindent 8 }}
containers:
- name: cleanup
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $values.image "context" .) }}
imagePullPolicy: {{ $values.image.pullPolicy | default "Always" }}
command:
- "/bin/bash"
args:
- -ec
- | {{ .Files.Get "files/cleanup-runtime.sh" | nindent 10 }}
env:
- name: AGENT_NAME
value: {{ include "runtime.runtime-environment-spec.agent-name" . }}
- name: RUNTIME_NAME
value: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
- name: API_HOST
value: {{ include "runtime.runtime-environment-spec.codefresh-host" . }}
- name: API_TOKEN
{{- include "runtime.installation-token-env-var-value" . | indent 10}}
- name: AGENT
value: {{ .Values.runtime.agent | quote }}
- name: AGENT_SECRET_NAME
value: {{ include "runner.fullname" . }}
- name: DIND_SECRET_NAME
value: codefresh-certs-server
{{- include (printf "%s.env-vars" $cfCommonTplSemver) (dict "Values" $values.env "context" .) | nindent 8 }}
{{- with $values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $values.tolerations }}
tolerations:
{{- toYaml . | nindent 6 }}
{{- end }}
restartPolicy: OnFailure
{{- end }}

46
charts/codefresh/cf-runtime/6.4.7/templates/hooks/pre-delete/rbac-cleanup-resources.yaml Normal file
View File

@ -0,0 +1,46 @@
{{ $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version }}
{{ $values := .Values.runtime.patch }}
{{- if and $values.enabled }}
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
rules:
- apiGroups:
- "*"
resources:
- "*"
verbs:
- "*"
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-delete
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation,hook-failed
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "runtime.fullname" . }}-cleanup
subjects:
- kind: ServiceAccount
name: {{ include "runtime.fullname" . }}-cleanup
namespace: {{ .Release.Namespace }}
{{ end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/monitor/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.deployment" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/monitor/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.rbac" $monitorContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/monitor/service.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $monitorContext := deepCopy . }}
{{- $_ := set $monitorContext "Values" (get .Values "monitor") }}
{{- $_ := set $monitorContext.Values "global" (get .Values "global") }}
{{- $_ := set $monitorContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $monitorContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $monitorContext.Values.enabled }}
{{- include "monitor.resources.service" $monitorContext }}
{{- end }}

2
charts/codefresh/cf-runtime/6.4.7/templates/other/external-secrets.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.external-secrets" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.4.7/templates/other/podMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.podMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

2
charts/codefresh/cf-runtime/6.4.7/templates/other/serviceMonitor.yaml Normal file
View File

@ -0,0 +1,2 @@
{{ $templateName := printf "cf-common-%s.serviceMonitor" (index .Subcharts "cf-common").Chart.Version }}
{{- include $templateName . -}}

9
charts/codefresh/cf-runtime/6.4.7/templates/runner/deployment.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.deployment" $runnerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/runner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $runnerContext := deepCopy . }}
{{- $_ := set $runnerContext "Values" (get .Values "runner") }}
{{- $_ := set $runnerContext.Values "global" (get .Values "global") }}
{{- $_ := set $runnerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $runnerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $runnerContext.Values.enabled .Values.runtime.agent }}
{{- include "runner.resources.rbac" $runnerContext }}
{{- end }}

123
charts/codefresh/cf-runtime/6.4.7/templates/runtime/_helpers.tpl Normal file
View File

@ -0,0 +1,123 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "runtime.name" -}}
{{- printf "%s" (include "cf-runtime.name" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "runtime.fullname" -}}
{{- printf "%s" (include "cf-runtime.fullname" .) | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "runtime.labels" -}}
{{ include "cf-runtime.labels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Selector labels
*/}}
{{- define "runtime.selectorLabels" -}}
{{ include "cf-runtime.selectorLabels" . }}
codefresh.io/application: runtime
{{- end }}
{{/*
Return runtime image (classic runtime) with private registry prefix
*/}}
{{- define "runtime.runtimeImageName" -}}
{{- if .registry -}}
{{- $imageName := (trimPrefix "quay.io/" .imageFullName) -}}
{{- printf "%s/%s" .registry $imageName -}}
{{- else -}}
{{- printf "%s" .imageFullName -}}
{{- end -}}
{{- end -}}
{{/*
Environment variable value of Codefresh installation token
*/}}
{{- define "runtime.installation-token-env-var-value" -}}
{{- if .Values.global.codefreshToken }}
valueFrom:
secretKeyRef:
name: {{ include "runtime.installation-token-secret-name" . }}
key: codefresh-api-token
{{- else if .Values.global.codefreshTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.codefreshTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Environment variable value of Codefresh agent token
*/}}
{{- define "runtime.agent-token-env-var-value" -}}
{{- if .Values.global.agentToken }}
{{- printf "%s" .Values.global.agentToken | toYaml }}
{{- else if .Values.global.agentTokenSecretKeyRef }}
valueFrom:
secretKeyRef:
{{- .Values.global.agentTokenSecretKeyRef | toYaml | nindent 4 }}
{{- end }}
{{- end }}
{{/*
Print Codefresh API token secret name
*/}}
{{- define "runtime.installation-token-secret-name" }}
{{- print "codefresh-user-token" }}
{{- end }}
{{/*
Print Codefresh host
*/}}
{{- define "runtime.runtime-environment-spec.codefresh-host" }}
{{- if and (not .Values.global.codefreshHost) }}
{{- fail "ERROR: .global.codefreshHost is required" }}
{{- else }}
{{- printf "%s" (trimSuffix "/" .Values.global.codefreshHost) }}
{{- end }}
{{- end }}
{{/*
Print runtime-environment name
*/}}
{{- define "runtime.runtime-environment-spec.runtime-name" }}
{{- if and (not .Values.global.runtimeName) }}
{{- printf "%s/%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.runtimeName }}
{{- end }}
{{- end }}
{{/*
Print agent name
*/}}
{{- define "runtime.runtime-environment-spec.agent-name" }}
{{- if and (not .Values.global.agentName) }}
{{- printf "%s_%s" .Values.global.context .Release.Namespace }}
{{- else }}
{{- printf "%s" .Values.global.agentName }}
{{- end }}
{{- end }}
{{/*
Print context
*/}}
{{- define "runtime.runtime-environment-spec.context-name" }}
{{- if and (not .Values.global.context) }}
{{- fail "ERROR: .global.context is required" }}
{{- else }}
{{- printf "%s" .Values.global.context }}
{{- end }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.7/templates/runtime/cm-dind-daemon.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ConfigMap
metadata:
{{- /* has to be a constant */}}
name: codefresh-dind-config
labels:
{{- include "runtime.labels" . | nindent 4 }}
data:
daemon.json: |
{{ coalesce .Values.re.dindDaemon .Values.runtime.dindDaemon | toPrettyJson | indent 4 }}

48
charts/codefresh/cf-runtime/6.4.7/templates/runtime/rbac.yaml Normal file
View File

@ -0,0 +1,48 @@
{{ $values := .Values.runtime }}
---
{{- if or $values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
{{- /* has to be a constant */}}
name: codefresh-engine
labels:
{{- include "runtime.labels" . | nindent 4 }}
{{- with $values.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
---
{{- if $values.rbac.create }}
kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
rules:
- apiGroups: [ "" ]
resources: [ "secrets" ]
verbs: [ "get" ]
{{- with $values.rbac.rules }}
{{ toYaml . | nindent 2 }}
{{- end }}
{{- end }}
---
{{- if and $values.serviceAccount.create $values.rbac.create }}
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: codefresh-engine
labels:
{{- include "runner.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: codefresh-engine
roleRef:
kind: Role
name: codefresh-engine
apiGroup: rbac.authorization.k8s.io
{{- end }}

206
charts/codefresh/cf-runtime/6.4.7/templates/runtime/runtime-env-spec-tmpl.yaml Normal file
View File

@ -0,0 +1,206 @@
{{- define "runtime.runtime-environment-spec.template" }}
{{- $cfCommonTplSemver := printf "cf-common-%s" (index .Subcharts "cf-common").Chart.Version -}}
{{- $kubeconfigFilePath := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $name := (include "runtime.runtime-environment-spec.runtime-name" .) -}}
{{- $engineContext := .Values.runtime.engine -}}
{{- $dindContext := .Values.runtime.dind -}}
{{- $imageRegistry := .Values.global.imageRegistry -}}
metadata:
name: {{ include "runtime.runtime-environment-spec.runtime-name" . }}
agent: {{ .Values.runtime.agent }}
runtimeScheduler:
type: KubernetesPod
{{- if $engineContext.image }}
image: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $engineContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $engineContext.image.pullPolicy }}
{{- with $engineContext.command }}
command: {{- toYaml . | nindent 4 }}
{{- end }}
envVars:
{{- with $engineContext.env }}
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
COMPOSE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COMPOSE_IMAGE) | squote }}
CONTAINER_LOGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CONTAINER_LOGGER_IMAGE) | squote }}
DOCKER_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_BUILDER_IMAGE) | squote }}
DOCKER_PULLER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PULLER_IMAGE) | squote }}
DOCKER_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_PUSHER_IMAGE) | squote }}
DOCKER_TAG_PUSHER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.DOCKER_TAG_PUSHER_IMAGE) | squote }}
FS_OPS_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.FS_OPS_IMAGE) | squote }}
GIT_CLONE_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GIT_CLONE_IMAGE) | squote }}
KUBE_DEPLOY: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.KUBE_DEPLOY) | squote }}
PIPELINE_DEBUGGER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.PIPELINE_DEBUGGER_IMAGE) | squote }}
TEMPLATE_ENGINE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.TEMPLATE_ENGINE) | squote }}
CR_6177_FIXER: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.CR_6177_FIXER) | squote }}
GC_BUILDER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.GC_BUILDER_IMAGE) | squote }}
COSIGN_IMAGE_SIGNER_IMAGE: {{ include "runtime.runtimeImageName" (dict "registry" $imageRegistry "imageFullName" $engineContext.runtimeImages.COSIGN_IMAGE_SIGNER_IMAGE) | squote }}
{{- with $engineContext.userEnvVars }}
userEnvVars: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.workflowLimits }}
workflowLimits: {{- toYaml . | nindent 4 }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $engineContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $engineContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $engineContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $engineContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $engineContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $engineContext.schedulerName }}
schedulerName: {{ $engineContext.schedulerName }}
{{- end }}
resources:
{{- if $engineContext.resources}}
{{- toYaml $engineContext.resources | nindent 4 }}
{{- end }}
{{- with $engineContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
dockerDaemonScheduler:
type: DindKubernetesPod
{{- if $dindContext.image }}
dindImage: {{ include (printf "%s.image.name" $cfCommonTplSemver ) (dict "image" $dindContext.image "context" .) | squote }}
{{- end }}
imagePullPolicy: {{ $dindContext.image.pullPolicy }}
{{- with $dindContext.userAccess }}
userAccess: {{ . }}
{{- end }}
{{- with $dindContext.env }}
envVars:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
cluster:
namespace: {{ .Release.Namespace }}
serviceAccount: {{ $dindContext.serviceAccount }}
{{- if .Values.runtime.agent }}
clusterProvider:
accountId: {{ .Values.global.accountId }}
selector: {{ include "runtime.runtime-environment-spec.context-name" . }}
{{- else }}
{{- if .Values.runtime.inCluster }}
inCluster: true
kubeconfigFilePath: null
{{- else }}
name: {{ $name }}
kubeconfigFilePath: {{ printf "/etc/kubeconfig/%s" $kubeconfigFilePath }}
{{- end }}
{{- end }}
{{- with $dindContext.nodeSelector }}
nodeSelector: {{- toYaml . | nindent 6 }}
{{- end }}
{{- with $dindContext.affinity }}
affinity: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.tolerations }}
tolerations: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.podAnnotations }}
annotations:
{{- range $key, $val := . }}
{{ $key }}: {{ $val | squote }}
{{- end }}
{{- end }}
{{- with $dindContext.podLabels }}
labels: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if $dindContext.schedulerName }}
schedulerName: {{ $dindContext.schedulerName }}
{{- end }}
{{- if $dindContext.pvcs }}
pvcs:
{{- range $index, $pvc := $dindContext.pvcs }}
- name: {{ $pvc.name }}
reuseVolumeSelector: {{ $pvc.reuseVolumeSelector | squote }}
reuseVolumeSortOrder: {{ $pvc.reuseVolumeSortOrder }}
storageClassName: {{ include (printf "%v.tplrender" $cfCommonTplSemver) (dict "Values" $pvc.storageClassName "context" $) }}
volumeSize: {{ $pvc.volumeSize }}
{{- with $pvc.annotations }}
annotations: {{ . | toYaml | nindent 8 }}
{{- end }}
{{- end }}
{{- end }}
defaultDindResources:
{{- with $dindContext.resources }}
{{- if not .requests }}
limits: {{- toYaml .limits | nindent 6 }}
requests: null
{{- else }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
{{- with $dindContext.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ . }}
{{- end }}
{{- with $dindContext.userVolumeMounts }}
userVolumeMounts: {{- toYaml . | nindent 4 }}
{{- end }}
{{- with $dindContext.userVolumes }}
userVolumes: {{- toYaml . | nindent 4 }}
{{- end }}
{{- if and (not .Values.runtime.agent) }}
clientCertPath: /etc/ssl/cf/
volumeMounts:
codefresh-certs-server:
name: codefresh-certs-server
mountPath: /etc/ssl/cf
readOnly: false
volumes:
codefresh-certs-server:
name: codefresh-certs-server
secret:
secretName: codefresh-certs-server
{{- end }}
extends: {{- toYaml .Values.runtime.runtimeExtends | nindent 2 }}
{{- if .Values.runtime.description }}
description: {{ .Values.runtime.description }}
{{- else }}
description: null
{{- end }}
{{- if .Values.global.accountId }}
accountId: {{ .Values.global.accountId }}
{{- end }}
{{- if not .Values.runtime.agent }}
accounts: {{- toYaml .Values.runtime.accounts | nindent 2 }}
{{- end }}
{{- if .Values.appProxy.enabled }}
appProxy:
externalIP: >-
{{ printf "https://%s%s" .Values.appProxy.ingress.host (.Values.appProxy.ingress.pathPrefix | default "/") }}
{{- end }}
{{- if not .Values.runtime.agent }}
systemHybrid: true
{{- end }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.7/templates/runtime/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- if and .Values.global.codefreshToken }}
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: {{ include "runtime.installation-token-secret-name" . }}
labels:
{{- include "runtime.labels" . | nindent 4 }}
stringData:
codefresh-api-token: {{ .Values.global.codefreshToken }}
{{- end }}

16
charts/codefresh/cf-runtime/6.4.7/templates/runtime/svc-dind.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: v1
kind: Service
metadata:
labels:
{{- include "runtime.labels" . | nindent 4 }}
app: dind
{{/* has to be a constant */}}
name: dind
spec:
ports:
- name: "dind-port"
port: 1300
protocol: TCP
clusterIP: None
selector:
app: dind

11
charts/codefresh/cf-runtime/6.4.7/templates/volume-provisioner/cronjob.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-volume-cleanup") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.cronjob" $volumeProvisionerContext }}
{{- end }}

11
charts/codefresh/cf-runtime/6.4.7/templates/volume-provisioner/daemonset.yaml Normal file
View File

@ -0,0 +1,11 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values.volumeProvisioner "dind-lv-monitor") }}
{{- $_ := set $volumeProvisionerContext.Values "serviceAccount" (get .Values.volumeProvisioner "serviceAccount") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if and $volumeProvisionerContext.Values.enabled .Values.volumeProvisioner.enabled }}
{{- include "dind-volume-provisioner.resources.daemonset" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.7/templates/volume-provisioner/deployment.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.deployment" $volumeProvisionerContext }}
{{- end }}

9
charts/codefresh/cf-runtime/6.4.7/templates/volume-provisioner/rbac.yaml Normal file
View File

@ -0,0 +1,9 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.rbac" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.7/templates/volume-provisioner/secret.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.secret" $volumeProvisionerContext }}
{{- end }}

10
charts/codefresh/cf-runtime/6.4.7/templates/volume-provisioner/storageclass.yaml Normal file
View File

@ -0,0 +1,10 @@
{{- $volumeProvisionerContext := deepCopy . }}
{{- $_ := set $volumeProvisionerContext "Values" (get .Values "volumeProvisioner") }}
{{- $_ := set $volumeProvisionerContext.Values "global" (get .Values "global") }}
{{- $_ := set $volumeProvisionerContext.Values "storage" (get .Values "storage") }}
{{- $_ := set $volumeProvisionerContext.Values "nameOverride" (get .Values "nameOverride") }}
{{- $_ := set $volumeProvisionerContext.Values "fullnameOverride" (get .Values "fullnameOverride") }}
{{- if $volumeProvisionerContext.Values.enabled }}
{{- include "dind-volume-provisioner.resources.storageclass" $volumeProvisionerContext }}
{{- end }}

951
charts/codefresh/cf-runtime/6.4.7/values.yaml Normal file
View File

@ -0,0 +1,951 @@
# -- String to partially override cf-runtime.fullname template (will maintain the release name)
nameOverride: ""
# -- String to fully override cf-runtime.fullname template
fullnameOverride: ""
# -- Global parameters
# @default -- See below
global:
# -- Global Docker image registry
imageRegistry: ""
# -- Global Docker registry secret names as array
imagePullSecrets: []
# -- URL of Codefresh Platform (required!)
codefreshHost: "https://g.codefresh.io"
# -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!)
# Ref: https://g.codefresh.io/user/settings (see API Keys)
# Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write)
codefreshToken: ""
# -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!)
codefreshTokenSecretKeyRef: {}
# E.g.
# codefreshTokenSecretKeyRef:
# name: my-codefresh-api-token
# key: codefresh-api-token
# -- Account ID (required!)
# Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information
accountId: ""
# -- K8s context name (required!)
context: ""
# E.g.
# context: prod-ue1-runtime-1
# -- Agent Name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}`
agentName: ""
# E.g.
# agentName: prod-ue1-runtime-1
# -- Runtime name (optional!)
# If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}`
runtimeName: ""
# E.g.
# runtimeName: prod-ue1-runtime-1/namespace
# -- DEPRECATED Agent token in plain text.
# !!! MUST BE provided if migrating from < 6.x chart version
agentToken: ""
# -- DEPRECATED Agent token that references an existing secret containing API key.
# !!! MUST BE provided if migrating from < 6.x chart version
agentTokenSecretKeyRef: {}
# E.g.
# agentTokenSecretKeyRef:
# name: my-codefresh-agent-secret
# key: codefresh-agent-token
# DEPRECATED -- Use `.Values.global.imageRegistry` instead
dockerRegistry: ""
# DEPRECATED -- Use `.Values.runtime` instead
re: {}
# -- Runner parameters
# @default -- See below
runner:
# -- Enable the runner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/venona
tag: 1.10.2
# -- Init container
init:
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
resources:
limits:
memory: 512Mi
cpu: '1'
requests:
memory: 256Mi
cpu: '0.2'
# -- Sidecar container
# Reconciles runtime spec from Codefresh API for drift detection
sidecar:
enabled: false
image:
registry: quay.io
repository: codefresh/codefresh-shell
tag: 0.0.2
env:
RECONCILE_INTERVAL: 300
resources: {}
# -- Add additional env vars
env: {}
# E.g.
# env:
# WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Volume Provisioner parameters
# @default -- See below
volumeProvisioner:
# -- Enable volume-provisioner
enabled: true
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/dind-volume-provisioner
tag: 1.35.0
# -- Add additional env vars
env: {}
# E.g.
# env:
# THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: true
runAsUser: 3000
runAsGroup: 3000
fsGroup: 3000
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- `dind-lv-monitor` DaemonSet parameters
# (local volumes cleaner)
# @default -- See below
dind-lv-monitor:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-utils
tag: 1.29.4
podAnnotations: {}
podSecurityContext:
enabled: true
runAsUser: 1000
fsGroup: 1000
containerSecurityContext: {}
env: {}
resources: {}
nodeSelector: {}
tolerations:
- key: 'codefresh/dind'
operator: 'Exists'
effect: 'NoSchedule'
volumePermissions:
enabled: true
image:
registry: docker.io
repository: alpine
tag: 3.18
resources: {}
securityContext:
runAsUser: 0 # auto
# `dind-volume-cleanup` CronJob parameters
# (external volumes cleaner)
# @default -- See below
dind-volume-cleanup:
enabled: true
image:
registry: quay.io
repository: codefresh/dind-volume-cleanup
tag: 1.2.0
env: {}
concurrencyPolicy: Forbid
schedule: "*/10 * * * *"
successfulJobsHistory: 3
failedJobsHistory: 1
suspend: false
podAnnotations: {}
podSecurityContext:
enabled: true
fsGroup: 3000
runAsGroup: 3000
runAsUser: 3000
nodeSelector: {}
affinity: {}
tolerations: []
# Storage parameters for volume-provisioner
# @default -- See below
storage:
# -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`)
backend: local
# -- Set filesystem type (`ext4`/`xfs`)
fsType: "ext4"
# Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`)
# https://kubernetes.io/docs/concepts/storage/volumes/#local
# @default -- See below
local:
# -- Set volume path on the host filesystem
volumeParentDir: /var/lib/codefresh/dind-volumes
# Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`)
# https://aws.amazon.com/ebs/
# https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration
# @default -- See below
ebs:
# -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required)
volumeType: "gp2"
# -- Set EBS volumes availability zone (required)
availabilityZone: "us-east-1a"
# -- Enable encryption (optional)
encrypted: "false"
# -- Set KMS encryption key ID (optional)
kmsKeyId: ""
# -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
accessKeyId: ""
# -- Existing secret containing AWS_ACCESS_KEY_ID.
accessKeyIdSecretKeyRef: {}
# E.g.
# accessKeyIdSecretKeyRef:
# name:
# key:
# -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional)
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions
secretAccessKey: ""
# -- Existing secret containing AWS_SECRET_ACCESS_KEY
secretAccessKeySecretKeyRef: {}
# E.g.
# secretAccessKeySecretKeyRef:
# name:
# key:
# E.g.
# ebs:
# volumeType: gp3
# availabilityZone: us-east-1c
# encrypted: false
# iops: "5000"
# # I/O operations per second. Only effetive when gp3 volume type is specified.
# # Default value - 3000.
# # Max - 16,000
# throughput: "500"
# # Throughput in MiB/s. Only effective when gp3 volume type is specified.
# # Default value - 125.
# # Max - 1000.
# ebs:
# volumeType: gp2
# availabilityZone: us-east-1c
# encrypted: true
# kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab"
# accessKeyId: "MYKEYID"
# secretAccessKey: "MYACCESSKEY"
# Storage parameters example for gce disks
# https://cloud.google.com/compute/docs/disks#pdspecs
# https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration
# @default -- See below
gcedisk:
# -- Set GCP volume backend type (`pd-ssd`/`pd-standard`)
volumeType: "pd-ssd"
# -- Set GCP volume availability zone
availabilityZone: "us-west1-a"
# -- Set Google SA JSON key for volume-provisioner (optional)
serviceAccountJson: ""
# -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional)
serviceAccountJsonSecretKeyRef: {}
# E.g.
# gcedisk:
# volumeType: pd-ssd
# availabilityZone: us-central1-c
# serviceAccountJson: |-
# {
# "type": "service_account",
# "project_id": "...",
# "private_key_id": "...",
# "private_key": "...",
# "client_email": "...",
# "client_id": "...",
# "auth_uri": "...",
# "token_uri": "...",
# "auth_provider_x509_cert_url": "...",
# "client_x509_cert_url": "..."
# }
# Storage parameters example for Azure Disks
# https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks
# @default -- See below
azuredisk:
# -- Set storage type (`Premium_LRS`)
skuName: Premium_LRS
cachingMode: None
# availabilityZone: northeurope-1
# resourceGroup:
# DiskIOPSReadWrite: 500
# DiskMBpsReadWrite: 100
mountAzureJson: false
# -- Set runtime parameters
# @default -- See below
runtime:
# -- Set annotation on engine Service Account
# Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster
serviceAccount:
create: true
annotations: {}
# E.g.
# serviceAccount:
# annotations:
# eks.amazonaws.com/role-arn: "arn:aws:iam::<ACCOUNT_ID>:role/<IAM_ROLE_NAME>"
# -- Set parent runtime to inherit.
# Should not be changes. Parent runtime is controlled from Codefresh side.
runtimeExtends:
- system/default/hybrid/k8s_low_limits
# -- Runtime description
description: ""
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the engine role
rules: []
# -- (for On-Premise only) Enable agent
agent: true
# -- (for On-Premise only) Set inCluster runtime
inCluster: true
# -- (for On-Premise only) Assign accounts to runtime (list of account ids)
accounts: []
# -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod).
dind:
# -- Set dind image.
image:
registry: quay.io
repository: codefresh/dind
tag: 26.1.4-1.28.7 # use `latest-rootless/rootless/26.1.4-1.28.7-rootless` tags for rootless-dind
pullPolicy: IfNotPresent
# -- Set dind resources.
resources:
requests: null
limits:
cpu: 400m
memory: 800Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 30
# -- PV claim spec parametes.
pvcs:
# -- Default dind PVC parameters
dind:
# -- PVC name prefix.
# Keep `dind` as default! Don't change!
name: dind
# -- PVC storage class name.
# Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner
storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}'
# -- PVC size.
volumeSize: 16Gi
# -- PV reuse selector.
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy
reuseVolumeSelector: codefresh-app,io.codefresh.accountName
reuseVolumeSortOrder: pipeline_id
# -- PV annotations.
annotations: {}
# E.g.:
# annotations:
# codefresh.io/volume-retention: 7d
# -- Set additional env vars.
env:
DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Keep `true` as default!
userAccess: true
# -- Add extra volumes
userVolumes: {}
# E.g.:
# userVolumes:
# regctl-docker-registry:
# name: regctl-docker-registry
# secret:
# items:
# - key: .dockerconfigjson
# path: config.json
# secretName: regctl-docker-registry
# optional: true
# -- Add extra volume mounts
userVolumeMounts: {}
# E.g.:
# userVolumeMounts:
# regctl-docker-registry:
# name: regctl-docker-registry
# mountPath: /home/appuser/.docker/
# readOnly: true
# -- Parameters for Engine pod (aka "pipeline" orchestrator).
engine:
# -- Set image.
image:
registry: quay.io
repository: codefresh/engine
tag: 1.174.13
pullPolicy: IfNotPresent
# -- Set container command.
command:
- npm
- run
- start
# -- Set resources.
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 1000m
memory: 2048Mi
# -- Set termination grace period.
terminationGracePeriodSeconds: 180
# -- Set system(base) runtime images.
# @default -- See below.
runtimeImages:
COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0
CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.7
DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.14
DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18
DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16
DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.14
FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3
GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.1.28
KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11
PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.6
TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1
CR_6177_FIXER: 'quay.io/codefresh/alpine:edge'
GC_BUILDER_IMAGE: 'quay.io/codefresh/cf-gc-builder:0.5.3'
COSIGN_IMAGE_SIGNER_IMAGE: 'quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2'
# -- Set additional env vars.
env:
# -- Interval to check the exec status in the container-logger
CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000
# -- Timeout while doing requests to the Docker daemon
DOCKER_REQUEST_TIMEOUT_MS: 30000
# -- If "true", composition images will be pulled sequentially
FORCE_COMPOSE_SERIAL_PULL: false
# -- Level of logging for engine
LOGGER_LEVEL: debug
# -- Enable debug-level logging of outgoing HTTP/HTTPS requests
LOG_OUTGOING_HTTP_REQUESTS: false
# -- Enable emitting metrics from engine
METRICS_PROMETHEUS_ENABLED: true
# -- Enable legacy metrics
METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false
# -- Enable collecting process metrics
METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false
# -- Host for Prometheus metrics server
METRICS_PROMETHEUS_HOST: '0.0.0.0'
# -- Port for Prometheus metrics server
METRICS_PROMETHEUS_PORT: 9100
# -- Set workflow limits.
workflowLimits:
# -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds.
MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600
# -- Maximum time for workflow execution; seconds.
MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400
# -- Maximum time allowed to workflow to spend in "elected" state; seconds.
MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900
# -- Maximum retry attempts allowed for workflow.
MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20
# -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900
# -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds.
MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300
# -- Time since the last health check report after which workflow is terminated; seconds.
TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300
# -- Time since the last health check report after which the engine is considered unhealthy; seconds.
TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60
# -- Time since the last workflow logs activity after which workflow is terminated; seconds.
TIME_INACTIVE_UNTIL_TERMINATION: 2700
# -- Set pod annotations.
podAnnotations: {}
# -- Set pod labels.
podLabels: {}
# -- Set node selector.
nodeSelector: {}
# -- Set affinity
affinity: {}
# -- Set tolerations.
tolerations: []
# -- Set scheduler name.
schedulerName: ""
# -- Set service account for pod.
serviceAccount: codefresh-engine
# -- Set extra env vars
userEnvVars: []
# E.g.
# userEnvVars:
# - name: GITHUB_TOKEN
# valueFrom:
# secretKeyRef:
# name: github-token
# key: token
# -- Parameters for `runtime-patch` post-upgrade/install hook
# @default -- See below
patch:
enabled: true
image:
registry: quay.io
repository: codefresh/cli
tag: 0.85.0-rootless
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
env:
HOME: /tmp
# -- Parameters for `gencerts-dind` post-upgrade/install hook
# @default -- See below
gencerts:
enabled: true
image:
registry: quay.io
repository: codefresh/kubectl
tag: 1.28.4
rbac:
enabled: true
annotations: {}
affinity: {}
nodeSelector: {}
podSecurityContext: {}
resources: {}
tolerations: []
ttlSecondsAfterFinished: 180
# -- DinD pod daemon config
# @default -- See below
dindDaemon:
hosts:
- unix:///var/run/docker.sock
- tcp://0.0.0.0:1300
tlsverify: true
tls: true
tlscacert: /etc/ssl/cf-client/ca.pem
tlscert: /etc/ssl/cf/server-cert.pem
tlskey: /etc/ssl/cf/server-key.pem
insecure-registries:
- 192.168.99.100:5000
metrics-addr: 0.0.0.0:9323
experimental: true
# App-Proxy parameters
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation
# @default -- See below
appProxy:
# -- Enable app-proxy
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-app-proxy
tag: 0.0.47
# -- Add additional env vars
env: {}
# Set app-proxy ingress parameters
# @default -- See below
ingress:
# -- Set path prefix for ingress (keep empty for default `/` path)
pathPrefix: ""
# -- Set ingress class
class: ""
# -- Set DNS hostname the ingress will use
host: ""
# -- Set k8s tls secret for the ingress object
tlsSecret: ""
# -- Set extra annotations for ingress object
annotations: {}
# E.g.
# ingress:
# pathPrefix: "/cf-app-proxy"
# class: "nginx"
# host: "mydomain.com"
# tlsSecret: "tls-cert-app-proxy"
# annotations:
# nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
podSecurityContext: {}
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
# -- Set requests and limits
resources: {}
# -- Set node selector
nodeSelector: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# Monitor parameters
# @default -- See below
monitor:
# -- Enable monitor
# Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: RollingUpdate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: quay.io
repository: codefresh/cf-k8s-agent
tag: 1.3.18
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Use Role(true)/ClusterRole(true)
namespaced: true
# -- Add custom rule to the role
rules: []
# -- Readiness probe configuration
# @default -- See below
readinessProbe:
failureThreshold: 5
initialDelaySeconds: 5
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 5
podSecurityContext: {}
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Add serviceMonitor
# @default -- See below
serviceMonitor:
main:
# -- Enable service monitor for dind pods
enabled: false
nameOverride: dind
selector:
matchLabels:
app: dind
endpoints:
- path: /metrics
targetPort: 9100
relabelings:
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
# -- Add podMonitor (for engine pods)
# @default -- See below
podMonitor:
main:
# -- Enable pod monitor for engine pods
enabled: false
nameOverride: engine
selector:
matchLabels:
app: runtime
podMetricsEndpoints:
- path: /metrics
targetPort: 9100
runner:
# -- Enable pod monitor for runner pod
enabled: false
nameOverride: runner
selector:
matchLabels:
codefresh.io/application: runner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
volume-provisioner:
# -- Enable pod monitor for volumeProvisioner pod
enabled: false
nameOverride: volume-provisioner
selector:
matchLabels:
codefresh.io/application: volume-provisioner
podMetricsEndpoints:
- path: /metrics
targetPort: 8080
# -- Event exporter parameters
# @default -- See below
event-exporter:
# -- Enable event-exporter
enabled: false
# -- Set number of pods
replicasCount: 1
# -- Upgrade strategy
updateStrategy:
type: Recreate
# -- Set pod annotations
podAnnotations: {}
# -- Set image
image:
registry: docker.io
repository: codefresh/k8s-event-exporter
tag: latest
# -- Add additional env vars
env: {}
# -- Service Account parameters
serviceAccount:
# -- Create service account
create: true
# -- Override service account name
name: ""
# -- Additional service account annotations
annotations: {}
# -- RBAC parameters
rbac:
# -- Create RBAC resources
create: true
# -- Add custom rule to the role
rules: []
# -- Set security context for the pod
# @default -- See below
podSecurityContext:
enabled: false
# -- Set node selector
nodeSelector: {}
# -- Set resources
resources: {}
# -- Set tolerations
tolerations: []
# -- Set affinity
affinity: {}
# -- Array of extra objects to deploy with the release
extraResources: []
# E.g.
# extraResources:
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRole
# metadata:
# name: codefresh-role
# rules:
# - apiGroups: [ "*"]
# resources: ["*"]
# verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
# - apiVersion: v1
# kind: ServiceAccount
# metadata:
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: rbac.authorization.k8s.io/v1
# kind: ClusterRoleBinding
# metadata:
# name: codefresh-user
# roleRef:
# apiGroup: rbac.authorization.k8s.io
# kind: ClusterRole
# name: codefresh-role
# subjects:
# - kind: ServiceAccount
# name: codefresh-user
# namespace: "{{ .Release.Namespace }}"
# - apiVersion: v1
# kind: Secret
# type: kubernetes.io/service-account-token
# metadata:
# name: codefresh-user-token
# namespace: "{{ .Release.Namespace }}"
# annotations:
# kubernetes.io/service-account.name: "codefresh-user"

23
charts/intel/intel-device-plugins-operator/0.31.1/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

13
charts/intel/intel-device-plugins-operator/0.31.1/Chart.yaml Normal file
View File

@ -0,0 +1,13 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: Intel Device Plugins Operator
catalog.cattle.io/kube-version: '>=1.19-0'
catalog.cattle.io/release-name: intel-device-plugins-operator
apiVersion: v2
appVersion: 0.31.1
description: A Helm chart for Intel Device Plugins Operator for Kubernetes
icon: file://assets/icons/intel-device-plugins-operator.png
kubeVersion: '>=1.19-0'
name: intel-device-plugins-operator
type: application
version: 0.31.1

14
charts/intel/intel-device-plugins-operator/0.31.1/LICENSE Normal file
View File

@ -0,0 +1,14 @@
Copyright 2023 Intel Corporation
SPDX-License-Identifier: Apache-2.0
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

54
charts/intel/intel-device-plugins-operator/0.31.1/README.md Normal file
View File

@ -0,0 +1,54 @@
# Intel Device Plugins Operator Helm Chart
[Intel Device Plugins for Kubernetes](https://github.com/intel/intel-device-plugins-for-kubernetes) Helm charts for installing the operator. Operator installation is manadtory after which each device plugin can be installed via its own Helm chart.
## Prerequisites
- [cert-manager](https://cert-manager.io/docs/installation/helm)
- [Node Feature Discovery NFD](https://kubernetes-sigs.github.io/node-feature-discovery/master/get-started/deployment-and-usage.html) [optional]
## Get Helm Repository Info
```
helm repo add intel https://intel.github.io/helm-charts/
helm repo update
```
You can execute `helm search repo intel` command to see pulled charts [optional].
## Install Helm Chart
CRDs of the device plugin operator are installed as part of the chart.
```
helm install device-plugin-operator intel/intel-device-plugins-operator [flags]
```
## Upgrade Chart
```
helm upgrade device-plugin-operator intel/intel-device-plugins-operator [flags]
```
## Uninstall Chart
```
helm uninstall device-plugin-operator
```
CRDs are not uninstalled.
## Configuration
See [Customizing the Chart Before Installing](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing). To see all configurable options with detailed comments:
```console
helm show values intel/intel-device-plugins-operator
```
You may also run `helm show values` on this chart's dependencies for additional options.
|parameter| value |
|---------|-----------|
| `manager.image.hub` | `intel` |
| `manager.image.tag` | `` |
| `kubeRbacProxy.image.hub` | `quay.io` |
| `kubeRbacProxy.image.hubRepo` | `brancz` |
| `kubeRbacProxy.image.tag` | `v0.18.1` |
| `kubeRbacProxy.image.pullPolicy` | `IfNotPresent` |
| `privateRegistry.registryUrl` | `` |
| `privateRegistry.registryUser` | `` |
| `privateRegistry.registrySecret` | `` |
| `pullPolicy` | `IfNotPresent` |

190
charts/intel/intel-device-plugins-operator/0.31.1/crds/deviceplugin.intel.com_dlbdeviceplugins.yaml Normal file
View File

@ -0,0 +1,190 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: dlbdeviceplugins.deviceplugin.intel.com
spec:
group: deviceplugin.intel.com
names:
kind: DlbDevicePlugin
listKind: DlbDevicePluginList
plural: dlbdeviceplugins
singular: dlbdeviceplugin
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.desiredNumberScheduled
name: Desired
type: integer
- jsonPath: .status.numberReady
name: Ready
type: integer
- jsonPath: .spec.nodeSelector
name: Node Selector
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
DlbDevicePlugin is the Schema for the dlbdeviceplugins API. It represents
the DLB device plugin responsible for advertising Intel DLB hardware resources to
the kubelet.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DlbDevicePluginSpec defines the desired state of DlbDevicePlugin.
properties:
image:
description: Image is a container image with DLB device plugin executable.
type: string
initImage:
description: InitImage is a container image with a script that initializes
devices.
type: string
logLevel:
description: LogLevel sets the plugin's log level.
minimum: 0
type: integer
nodeSelector:
additionalProperties:
type: string
description: NodeSelector provides a simple way to constrain device
plugin pods to nodes with particular labels.
type: object
tolerations:
description: Specialized nodes (e.g., with accelerators) can be Tainted
to make sure unwanted pods are not scheduled on them. Tolerations
can be set for the plugin pod to neutralize the Taint.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: DlbDevicePluginStatus defines the observed state of DlbDevicePlugin.
properties:
controlledDaemonSet:
description: ControlledDaemoSet references the DaemonSet controlled
by the operator.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the device plugin
pod (including nodes correctly running the device plugin pod).
format: int32
type: integer
nodeNames:
description: The list of Node names where the device plugin pods are
running.
items:
type: string
type: array
numberReady:
description: |-
The number of nodes that should be running the device plugin pod and have one
or more of the device plugin pod running and ready.
format: int32
type: integer
required:
- desiredNumberScheduled
- numberReady
type: object
type: object
served: true
storage: true
subresources:
status: {}

200
charts/intel/intel-device-plugins-operator/0.31.1/crds/deviceplugin.intel.com_dsadeviceplugins.yaml Normal file
View File

@ -0,0 +1,200 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: dsadeviceplugins.deviceplugin.intel.com
spec:
group: deviceplugin.intel.com
names:
kind: DsaDevicePlugin
listKind: DsaDevicePluginList
plural: dsadeviceplugins
singular: dsadeviceplugin
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.desiredNumberScheduled
name: Desired
type: integer
- jsonPath: .status.numberReady
name: Ready
type: integer
- jsonPath: .spec.nodeSelector
name: Node Selector
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
DsaDevicePlugin is the Schema for the dsadeviceplugins API. It represents
the DSA device plugin responsible for advertising Intel DSA hardware resources to
the kubelet.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: DsaDevicePluginSpec defines the desired state of DsaDevicePlugin.
properties:
image:
description: Image is a container image with DSA device plugin executable.
type: string
initImage:
description: InitImage is an initcontainer image to configure and
enable DSA devices and workqueues with idxd-config (accel-config)
utility
type: string
logLevel:
description: LogLevel sets the plugin's log level.
minimum: 0
type: integer
nodeSelector:
additionalProperties:
type: string
description: NodeSelector provides a simple way to constrain device
plugin pods to nodes with particular labels.
type: object
provisioningConfig:
description: ProvisioningConfig is a ConfigMap used to pass the DSA
devices and workqueues configuration into idxd-config initcontainer.
type: string
sharedDevNum:
description: SharedDevNum is a number of containers that can share
the same DSA device.
minimum: 1
type: integer
tolerations:
description: Specialized nodes (e.g., with accelerators) can be Tainted
to make sure unwanted pods are not scheduled on them. Tolerations
can be set for the plugin pod to neutralize the Taint.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: DsaDevicePluginStatus defines the observed state of DsaDevicePlugin.
properties:
controlledDaemonSet:
description: ControlledDaemoSet references the DaemonSet controlled
by the operator.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the device plugin
pod (including nodes correctly running the device plugin pod).
format: int32
type: integer
nodeNames:
description: The list of Node names where the device plugin pods are
running.
items:
type: string
type: array
numberReady:
description: |-
The number of nodes that should be running the device plugin pod and have one
or more of the device plugin pod running and ready.
format: int32
type: integer
required:
- desiredNumberScheduled
- numberReady
type: object
type: object
served: true
storage: true
subresources:
status: {}

197
charts/intel/intel-device-plugins-operator/0.31.1/crds/deviceplugin.intel.com_fpgadeviceplugins.yaml Normal file
View File

@ -0,0 +1,197 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: fpgadeviceplugins.deviceplugin.intel.com
spec:
group: deviceplugin.intel.com
names:
kind: FpgaDevicePlugin
listKind: FpgaDevicePluginList
plural: fpgadeviceplugins
singular: fpgadeviceplugin
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.desiredNumberScheduled
name: Desired
type: integer
- jsonPath: .status.numberReady
name: Ready
type: integer
- jsonPath: .spec.nodeSelector
name: Node Selector
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
FpgaDevicePlugin is the Schema for the fpgadeviceplugins API. It represents
the FPGA device plugin responsible for advertising Intel FPGA hardware resources to
the kubelet.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: FpgaDevicePluginSpec defines the desired state of FpgaDevicePlugin.
properties:
image:
description: Image is a container image with FPGA device plugin executable.
type: string
initImage:
description: InitImage is a container image with tools used to initialize
the host before starting FPGA workloads on it.
type: string
logLevel:
description: LogLevel sets the plugin's log level.
minimum: 0
type: integer
mode:
description: Mode is a mode of the plugin's operation.
enum:
- af
- region
- regiondevel
type: string
nodeSelector:
additionalProperties:
type: string
description: NodeSelector provides a simple way to constrain device
plugin pods to nodes with particular labels.
type: object
tolerations:
description: Specialized nodes (e.g., with accelerators) can be Tainted
to make sure unwanted pods are not scheduled on them. Tolerations
can be set for the plugin pod to neutralize the Taint.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: FpgaDevicePluginStatus defines the observed state of FpgaDevicePlugin.
properties:
controlledDaemonSet:
description: ControlledDaemoSet references the DaemonSet controlled
by the operator.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the device plugin
pod (including nodes correctly running the device plugin pod).
format: int32
type: integer
nodeNames:
description: The list of Node names where the device plugin pods are
running.
items:
type: string
type: array
numberReady:
description: |-
The number of nodes that should be running the device plugin pod and have one
or more of the device plugin pod running and ready.
format: int32
type: integer
required:
- desiredNumberScheduled
- numberReady
type: object
type: object
served: true
storage: true
subresources:
status: {}

214
charts/intel/intel-device-plugins-operator/0.31.1/crds/deviceplugin.intel.com_gpudeviceplugins.yaml Normal file
View File

@ -0,0 +1,214 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: gpudeviceplugins.deviceplugin.intel.com
spec:
group: deviceplugin.intel.com
names:
kind: GpuDevicePlugin
listKind: GpuDevicePluginList
plural: gpudeviceplugins
singular: gpudeviceplugin
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.desiredNumberScheduled
name: Desired
type: integer
- jsonPath: .status.numberReady
name: Ready
type: integer
- jsonPath: .spec.nodeSelector
name: Node Selector
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
GpuDevicePlugin is the Schema for the gpudeviceplugins API. It represents
the GPU device plugin responsible for advertising Intel GPU hardware resources to
the kubelet.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GpuDevicePluginSpec defines the desired state of GpuDevicePlugin.
properties:
enableMonitoring:
description: |-
EnableMonitoring enables the monitoring resource ('i915_monitoring')
which gives access to all GPU devices on given node. Typically used with Intel XPU-Manager.
type: boolean
image:
description: Image is a container image with GPU device plugin executable.
type: string
initImage:
description: InitImage is a container image with tools (e.g., GPU
NFD source hook) installed on each node.
type: string
logLevel:
description: LogLevel sets the plugin's log level.
minimum: 0
type: integer
nodeSelector:
additionalProperties:
type: string
description: NodeSelector provides a simple way to constrain device
plugin pods to nodes with particular labels.
type: object
preferredAllocationPolicy:
description: |-
PreferredAllocationPolicy sets the mode of allocating GPU devices on a node.
See documentation for detailed description of the policies. Only valid when SharedDevNum > 1 is set.
Not applicable with ResourceManager.
enum:
- balanced
- packed
- none
type: string
resourceManager:
description: ResourceManager handles the fractional resource management
for multi-GPU nodes. Enable only for clusters with GPU Aware Scheduling.
type: boolean
sharedDevNum:
description: SharedDevNum is a number of containers that can share
the same GPU device.
minimum: 1
type: integer
tolerations:
description: Specialized nodes (e.g., with accelerators) can be Tainted
to make sure unwanted pods are not scheduled on them. Tolerations
can be set for the plugin pod to neutralize the Taint.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: GpuDevicePluginStatus defines the observed state of GpuDevicePlugin.
properties:
controlledDaemonSet:
description: ControlledDaemoSet references the DaemonSet controlled
by the operator.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the device plugin
pod (including nodes correctly running the device plugin pod).
format: int32
type: integer
nodeNames:
description: The list of Node names where the device plugin pods are
running.
items:
type: string
type: array
numberReady:
description: |-
The number of nodes that should be running the device plugin pod and have one
or more of the device plugin pod running and ready.
format: int32
type: integer
required:
- desiredNumberScheduled
- numberReady
type: object
type: object
served: true
storage: true
subresources:
status: {}

199
charts/intel/intel-device-plugins-operator/0.31.1/crds/deviceplugin.intel.com_iaadeviceplugins.yaml Normal file
View File

@ -0,0 +1,199 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: iaadeviceplugins.deviceplugin.intel.com
spec:
group: deviceplugin.intel.com
names:
kind: IaaDevicePlugin
listKind: IaaDevicePluginList
plural: iaadeviceplugins
singular: iaadeviceplugin
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.desiredNumberScheduled
name: Desired
type: integer
- jsonPath: .status.numberReady
name: Ready
type: integer
- jsonPath: .spec.nodeSelector
name: Node Selector
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
IaaDevicePlugin is the Schema for the iaadeviceplugins API. It represents
the IAA device plugin responsible for advertising Intel IAA hardware resources to
the kubelet.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: IaaDevicePluginSpec defines the desired state of IaaDevicePlugin.
properties:
image:
description: Image is a container image with IAA device plugin executable.
type: string
initImage:
description: InitImage is an initcontainer image to configure and
enable IAA devices and workqueues with accel-config utility
type: string
logLevel:
description: LogLevel sets the plugin's log level.
minimum: 0
type: integer
nodeSelector:
additionalProperties:
type: string
description: NodeSelector provides a simple way to constrain device
plugin pods to nodes with particular labels.
type: object
provisioningConfig:
description: ProvisioningConfig is a ConfigMap used to pass the IAA
configuration into idxd initcontainer.
type: string
sharedDevNum:
description: SharedDevNum is a number of containers that can share
the same IAA device.
minimum: 1
type: integer
tolerations:
description: Specialized nodes (e.g., with accelerators) can be Tainted
to make sure unwanted pods are not scheduled on them. Tolerations
can be set for the plugin pod to neutralize the Taint.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: IaaDevicePluginStatus defines the observed state of IaaDevicePlugin.
properties:
controlledDaemonSet:
description: ControlledDaemoSet references the DaemonSet controlled
by the operator.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the device plugin
pod (including nodes correctly running the device plugin pod).
format: int32
type: integer
nodeNames:
description: The list of Node names where the device plugin pods are
running.
items:
type: string
type: array
numberReady:
description: |-
The number of nodes that should be running the device plugin pod and have one
or more of the device plugin pod running and ready.
format: int32
type: integer
required:
- desiredNumberScheduled
- numberReady
type: object
type: object
served: true
storage: true
subresources:
status: {}

230
charts/intel/intel-device-plugins-operator/0.31.1/crds/deviceplugin.intel.com_qatdeviceplugins.yaml Normal file
View File

@ -0,0 +1,230 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: qatdeviceplugins.deviceplugin.intel.com
spec:
group: deviceplugin.intel.com
names:
kind: QatDevicePlugin
listKind: QatDevicePluginList
plural: qatdeviceplugins
singular: qatdeviceplugin
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.desiredNumberScheduled
name: Desired
type: integer
- jsonPath: .status.numberReady
name: Ready
type: integer
- jsonPath: .spec.nodeSelector
name: Node Selector
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
QatDevicePlugin is the Schema for the qatdeviceplugins API. It represents the QAT device
plugin responsible for advertising Intel QuickAssist Technology hardware resources
to the kubelet.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: QatDevicePluginSpec defines the desired state of QatDevicePlugin.
properties:
dpdkDriver:
description: DpdkDriver is a DPDK device driver for configuring the
QAT device.
enum:
- igb_uio
- vfio-pci
type: string
image:
description: Image is a container image with QAT device plugin executable.
type: string
initImage:
description: InitImage is a container image with a script that initialize
devices.
type: string
kernelVfDrivers:
description: KernelVfDrivers is a list of VF device drivers for the
QuickAssist devices in the system.
items:
description: KernelVfDriver is a VF device driver for QuickAssist
devices.
enum:
- dh895xccvf
- c6xxvf
- c3xxxvf
- d15xxvf
- 4xxxvf
- 420xxvf
- c4xxxvf
type: string
type: array
logLevel:
description: LogLevel sets the plugin's log level.
minimum: 0
type: integer
maxNumDevices:
description: MaxNumDevices is a maximum number of QAT devices to be
provided to the QuickAssist device plugin
minimum: 1
type: integer
nodeSelector:
additionalProperties:
type: string
description: NodeSelector provides a simple way to constrain device
plugin pods to nodes with particular labels.
type: object
preferredAllocationPolicy:
description: |-
PreferredAllocationPolicy sets the mode of allocating QAT devices on a node.
See documentation for detailed description of the policies.
enum:
- balanced
- packed
type: string
provisioningConfig:
description: ProvisioningConfig is a ConfigMap used to pass the configuration
of QAT devices into qat initcontainer.
type: string
tolerations:
description: Specialized nodes (e.g., with accelerators) can be Tainted
to make sure unwanted pods are not scheduled on them. Tolerations
can be set for the plugin pod to neutralize the Taint.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: QatDevicePluginStatus defines the observed state of QatDevicePlugin.
properties:
controlledDaemonSet:
description: ControlledDaemoSet references the DaemonSet controlled
by the operator.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the device plugin
pod (including nodes correctly running the device plugin pod).
format: int32
type: integer
nodeNames:
description: The list of Node names where the device plugin pods are
running.
items:
type: string
type: array
numberReady:
description: |-
The number of nodes that should be running the device plugin pod and have one
or more of the device plugin pod running and ready.
format: int32
type: integer
required:
- desiredNumberScheduled
- numberReady
type: object
type: object
served: true
storage: true
subresources:
status: {}

201
charts/intel/intel-device-plugins-operator/0.31.1/crds/deviceplugin.intel.com_sgxdeviceplugins.yaml Normal file
View File

@ -0,0 +1,201 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: sgxdeviceplugins.deviceplugin.intel.com
spec:
group: deviceplugin.intel.com
names:
kind: SgxDevicePlugin
listKind: SgxDevicePluginList
plural: sgxdeviceplugins
singular: sgxdeviceplugin
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.desiredNumberScheduled
name: Desired
type: integer
- jsonPath: .status.numberReady
name: Ready
type: integer
- jsonPath: .spec.nodeSelector
name: Node Selector
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1
schema:
openAPIV3Schema:
description: |-
SgxDevicePlugin is the Schema for the sgxdeviceplugins API. It represents
the SGX device plugin responsible for advertising SGX device nodes to
the kubelet.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: SgxDevicePluginSpec defines the desired state of SgxDevicePlugin.
properties:
enclaveLimit:
description: EnclaveLimit is a number of containers that can share
the same SGX enclave device.
minimum: 1
type: integer
image:
description: Image is a container image with SGX device plugin executable.
type: string
initImage:
description: |-
InitImage is a container image with tools (i.e., SGX NFD source hook) installed on each node.
Recommendation is to leave this unset and prefer the SGX NodeFeatureRule instead.
type: string
logLevel:
description: LogLevel sets the plugin's log level.
minimum: 0
type: integer
nodeSelector:
additionalProperties:
type: string
description: NodeSelector provides a simple way to constrain device
plugin pods to nodes with particular labels.
type: object
provisionLimit:
description: ProvisionLimit is a number of containers that can share
the same SGX provision device.
minimum: 1
type: integer
tolerations:
description: Specialized nodes (e.g., with accelerators) can be Tainted
to make sure unwanted pods are not scheduled on them. Tolerations
can be set for the plugin pod to neutralize the Taint.
items:
description: |-
The pod this Toleration is attached to tolerates any taint that matches
the triple <key,value,effect> using the matching operator <operator>.
properties:
effect:
description: |-
Effect indicates the taint effect to match. Empty means match all taint effects.
When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
type: string
key:
description: |-
Key is the taint key that the toleration applies to. Empty means match all taint keys.
If the key is empty, operator must be Exists; this combination means to match all values and all keys.
type: string
operator:
description: |-
Operator represents a key's relationship to the value.
Valid operators are Exists and Equal. Defaults to Equal.
Exists is equivalent to wildcard for value, so that a pod can
tolerate all taints of a particular category.
type: string
tolerationSeconds:
description: |-
TolerationSeconds represents the period of time the toleration (which must be
of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,
it is not set, which means tolerate the taint forever (do not evict). Zero and
negative values will be treated as 0 (evict immediately) by the system.
format: int64
type: integer
value:
description: |-
Value is the taint value the toleration matches to.
If the operator is Exists, the value should be empty, otherwise just a regular string.
type: string
type: object
type: array
type: object
status:
description: SgxDevicePluginStatus defines the observed state of SgxDevicePlugin.
properties:
controlledDaemonSet:
description: ControlledDaemoSet references the DaemonSet controlled
by the operator.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
desiredNumberScheduled:
description: |-
The total number of nodes that should be running the device plugin
pod (including nodes correctly running the device plugin pod).
format: int32
type: integer
nodeNames:
description: The list of Node names where the device plugin pods are
running.
items:
type: string
type: array
numberReady:
description: |-
The number of nodes that should be running the device plugin pod and have one
or more of the device plugin pod running and ready.
format: int32
type: integer
required:
- desiredNumberScheduled
- numberReady
type: object
type: object
served: true
storage: true
subresources:
status: {}

68
charts/intel/intel-device-plugins-operator/0.31.1/crds/fpga.intel.com_acceleratorfunctions.yaml Normal file
View File

@ -0,0 +1,68 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: acceleratorfunctions.fpga.intel.com
spec:
group: fpga.intel.com
names:
kind: AcceleratorFunction
listKind: AcceleratorFunctionList
plural: acceleratorfunctions
shortNames:
- af
singular: acceleratorfunction
scope: Namespaced
versions:
- name: v2
schema:
openAPIV3Schema:
description: |-
AcceleratorFunction is a specification for an Accelerator Function resource
provided by a FPGA-based programmable hardware accelerator.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: AcceleratorFunctionSpec contains actual specs for AcceleratorFunction.
properties:
afuId:
pattern: ^[0-9a-f]{8,40}$
type: string
interfaceId:
pattern: ^[0-9a-f]{8,32}$
type: string
mode:
pattern: ^af|region$
type: string
required:
- afuId
- interfaceId
- mode
type: object
status:
description: AcceleratorFunctionStatus is an empty object used to satisfy
operator-sdk.
type: object
required:
- spec
type: object
served: true
storage: true

59
charts/intel/intel-device-plugins-operator/0.31.1/crds/fpga.intel.com_fpgaregions.yaml Normal file
View File

@ -0,0 +1,59 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.16.1
name: fpgaregions.fpga.intel.com
spec:
group: fpga.intel.com
names:
kind: FpgaRegion
listKind: FpgaRegionList
plural: fpgaregions
shortNames:
- fpga
singular: fpgaregion
scope: Namespaced
versions:
- name: v2
schema:
openAPIV3Schema:
description: |-
FpgaRegion is a specification for a FPGA region resource which can be programmed
with a bitstream.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: FpgaRegionSpec contains actual specs for FpgaRegion.
properties:
interfaceId:
pattern: ^[0-9a-f]{8,32}$
type: string
required:
- interfaceId
type: object
status:
description: FpgaRegionStatus is an empty object used to satisfy operator-sdk.
type: object
required:
- spec
type: object
served: true
storage: true

3
charts/intel/intel-device-plugins-operator/0.31.1/templates/NOTES.txt Normal file
View File

@ -0,0 +1,3 @@
Thank you for installing {{ .Chart.Name }}.
The next step would be to install the device (plugin) specific chart.

726
charts/intel/intel-device-plugins-operator/0.31.1/templates/operator.yaml Normal file
View File

@ -0,0 +1,726 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: inteldeviceplugins-leader-election-role
namespace: {{ .Release.Namespace | quote }}
rules:
- apiGroups:
- ""
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- update
- patch
- delete
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: inteldeviceplugins-gpu-manager-role
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- list
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
creationTimestamp: null
name: inteldeviceplugins-manager-role
rules:
- apiGroups:
- ""
resources:
- nodes/proxy
verbs:
- get
- list
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- create
- apiGroups:
- coordination.k8s.io
resourceNames:
- d1c7b6d5.intel.com
resources:
- leases
verbs:
- get
- update
- apiGroups:
- deviceplugin.intel.com
resources:
- dlbdeviceplugins
- dsadeviceplugins
- fpgadeviceplugins
- gpudeviceplugins
- iaadeviceplugins
- qatdeviceplugins
- sgxdeviceplugins
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- deviceplugin.intel.com
resources:
- dlbdeviceplugins/finalizers
- dsadeviceplugins/finalizers
- fpgadeviceplugins/finalizers
- gpudeviceplugins/finalizers
- iaadeviceplugins/finalizers
- qatdeviceplugins/finalizers
- sgxdeviceplugins/finalizers
verbs:
- update
- apiGroups:
- deviceplugin.intel.com
resources:
- dlbdeviceplugins/status
- dsadeviceplugins/status
- fpgadeviceplugins/status
- gpudeviceplugins/status
- iaadeviceplugins/status
- qatdeviceplugins/status
- sgxdeviceplugins/status
verbs:
- get
- patch
- update
- apiGroups:
- fpga.intel.com
resources:
- acceleratorfunctions
- fpgaregions
verbs:
- get
- list
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
verbs:
- create
- delete
- get
- list
- watch
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: inteldeviceplugins-metrics-reader
rules:
- nonResourceURLs:
- /metrics
verbs:
- get
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: inteldeviceplugins-proxy-role
rules:
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: inteldeviceplugins-leader-election-rolebinding
namespace: {{ .Release.Namespace | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: inteldeviceplugins-leader-election-role
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Release.Namespace | quote }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: inteldeviceplugins-manager-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: inteldeviceplugins-manager-role
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Release.Namespace | quote }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: inteldeviceplugins-proxy-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: inteldeviceplugins-proxy-role
subjects:
- kind: ServiceAccount
name: default
namespace: {{ .Release.Namespace | quote }}
---
apiVersion: v1
kind: Service
metadata:
labels:
control-plane: controller-manager
name: inteldeviceplugins-controller-manager-metrics-service
namespace: {{ .Release.Namespace | quote }}
spec:
ports:
- name: https
port: 8443
targetPort: https
selector:
control-plane: controller-manager
---
apiVersion: v1
kind: Service
metadata:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
control-plane: controller-manager
---
{{- if .Values.privateRegistry.registrySecret }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .Release.Name }}-operator-private-registry
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.privateRegistry.registryUrl (printf "%s:%s" .Values.privateRegistry.registryUser .Values.privateRegistry.registrySecret | b64enc) | b64enc }}
{{- end }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
control-plane: controller-manager
name: inteldeviceplugins-controller-manager
namespace: {{ .Release.Namespace | quote }}
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
template:
metadata:
labels:
control-plane: controller-manager
spec:
{{- if .Values.privateRegistry.registrySecret }}
imagePullSecrets:
- name: {{ .Release.Name }}-operator-private-registry
{{- end }}
containers:
- args:
{{- if .Values.controllerExtraArgs }}
{{- with .Values.controllerExtraArgs }}
{{- tpl . $ | trim | nindent 8 }}
{{- end }}
{{- end }}
env:
- name: DEVICEPLUGIN_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
image: "{{ .Values.manager.image.hub }}/intel-deviceplugin-operator:{{ .Values.manager.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.manager.image.pullPolicy }}
name: manager
ports:
- containerPort: 9443
name: webhook-server
protocol: TCP
resources:
{{- toYaml .Values.resources | nindent 10 }}
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
volumeMounts:
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
- args:
- --secure-listen-address=0.0.0.0:8443
- --upstream=http://127.0.0.1:8080/
- --logtostderr=true
- --tls-cipher-suites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- --v=10
image: "{{ .Values.kubeRbacProxy.image.hub }}/{{ .Values.kubeRbacProxy.image.hubRepo }}/kube-rbac-proxy:{{ .Values.kubeRbacProxy.image.tag }}"
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
serviceAccountName: default
terminationGracePeriodSeconds: 10
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: inteldeviceplugins-serving-cert
namespace: {{ .Release.Namespace | quote }}
spec:
dnsNames:
- inteldeviceplugins-webhook-service.{{ .Release.Namespace }}.svc
- inteldeviceplugins-webhook-service.{{ .Release.Namespace }}.svc.cluster.local
issuerRef:
kind: Issuer
name: inteldeviceplugins-selfsigned-issuer
secretName: webhook-server-cert
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: inteldeviceplugins-selfsigned-issuer
namespace: {{ .Release.Namespace | quote }}
spec:
selfSigned: {}
---
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/inteldeviceplugins-serving-cert
name: inteldeviceplugins-mutating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate-deviceplugin-intel-com-v1-dlbdeviceplugin
failurePolicy: Fail
name: mdlbdeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- dlbdeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate-deviceplugin-intel-com-v1-dsadeviceplugin
failurePolicy: Fail
name: mdsadeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- dsadeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate-deviceplugin-intel-com-v1-fpgadeviceplugin
failurePolicy: Fail
name: mfpgadeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- fpgadeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate-deviceplugin-intel-com-v1-gpudeviceplugin
failurePolicy: Fail
name: mgpudeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- gpudeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate-deviceplugin-intel-com-v1-iaadeviceplugin
failurePolicy: Fail
name: miaadeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- iaadeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate-deviceplugin-intel-com-v1-qatdeviceplugin
failurePolicy: Fail
name: mqatdeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- qatdeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate-deviceplugin-intel-com-v1-sgxdeviceplugin
failurePolicy: Fail
name: msgxdeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- sgxdeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /pods
failurePolicy: Ignore
name: fpga.mutator.webhooks.intel.com
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /mutate--v1-pod
failurePolicy: Ignore
name: sgx.mutator.webhooks.intel.com
reinvocationPolicy: IfNeeded
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- CREATE
resources:
- pods
sideEffects: None
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
annotations:
cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/inteldeviceplugins-serving-cert
name: inteldeviceplugins-validating-webhook-configuration
webhooks:
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /validate-deviceplugin-intel-com-v1-dlbdeviceplugin
failurePolicy: Fail
name: vdlbdeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- dlbdeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /validate-deviceplugin-intel-com-v1-dsadeviceplugin
failurePolicy: Fail
name: vdsadeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- dsadeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /validate-deviceplugin-intel-com-v1-fpgadeviceplugin
failurePolicy: Fail
name: vfpgadeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- fpgadeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /validate-deviceplugin-intel-com-v1-gpudeviceplugin
failurePolicy: Fail
name: vgpudeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- gpudeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /validate-deviceplugin-intel-com-v1-iaadeviceplugin
failurePolicy: Fail
name: viaadeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- iaadeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /validate-deviceplugin-intel-com-v1-qatdeviceplugin
failurePolicy: Fail
name: vqatdeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- qatdeviceplugins
sideEffects: None
- admissionReviewVersions:
- v1
clientConfig:
service:
name: inteldeviceplugins-webhook-service
namespace: {{ .Release.Namespace | quote }}
path: /validate-deviceplugin-intel-com-v1-sgxdeviceplugin
failurePolicy: Fail
name: vsgxdeviceplugin.kb.io
rules:
- apiGroups:
- deviceplugin.intel.com
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- sgxdeviceplugins
sideEffects: None

28
charts/intel/intel-device-plugins-operator/0.31.1/values.yaml Normal file
View File

@ -0,0 +1,28 @@
nodeSelector:
kubernetes.io/arch: amd64
manager:
image:
hub: intel
tag: ""
pullPolicy: IfNotPresent
kubeRbacProxy:
image:
hub: quay.io
hubRepo: brancz
tag: v0.18.1
pullPolicy: IfNotPresent
privateRegistry:
registryUrl: ""
registryUser: ""
registrySecret: ""
resources:
limits:
cpu: 100m
memory: 120Mi
requests:
cpu: 100m
memory: 100Mi

Some files were not shown because too many files have changed in this diff Show More