andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #311 from samuelattwood/main 

Release Partner Charts
pull/312/head
Samuel Attwood 2022-01-11 00:35:41 -05:00 committed by GitHub
parent 3ccd805d95 8714ca45e0
commit 8ca1af3a0e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 2136 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.500.tgz Normal file
View File

Binary file not shown.

23
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# Helm files
OWNERS

18
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v1
appVersion: 2.6.5
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>=1.18.0-0'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
version: 2.6.500

1
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/LICENSE Normal file
View File

@ -0,0 +1 @@
# Placeholder for the License if we decide to provide one

124
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/README.md Normal file
View File

@ -0,0 +1,124 @@
# K8s-TrilioVault-Operator
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
## Introduction
## Prerequisites
- Kubernetes 1.18+
- Alpha feature gates should be enabled
- PV provisioner support
- CSI driver should be installed
## Installation
To install the operator on local setup just run the latest helm charts inside this repo
```shell script
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
helm install tvm trilio-vault-operator/k8s-triliovault-operator
```
Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows:
```
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
triliovault: k8s
name: tvk
spec:
trilioVaultAppVersion: latest
applicationScope: Cluster
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
ingressConfig:
host: "trilio.co.in"
tlsSecretName: "secret-name"
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
componentConfiguration:
web-backend:
resources:
requests:
memory: "400Mi"
cpu: "200m"
limits:
memory: "2584Mi"
cpu: "1000m"
ingress-controller:
enabled: true
service:
type: LoadBalancer
```
### Apply the Custom Resource
Apply `TVM.yaml`:
```shell
kubectl create -f TVM.yaml
```
Check that the pods were created:
```
kubectl get pods
```
```
NAME READY STATUS RESTARTS AGE
k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc 1/1 Running 0 81s
k8s-triliovault-backend-6f66b6b8d5-gxtmz 1/1 Running 0 81s
k8s-triliovault-control-plane-6c464c5d78-ftk6g 1/1 Running 0 81s
k8s-triliovault-exporter-59566f97dd-gs4xc 1/1 Running 0 81s
k8s-triliovault-ingress-controller-84cf46848-tkcdz 1/1 Running 0 18s
k8s-triliovault-web-967c8475-m7pc6 1/1 Running 0 81s
tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb 1/1 Running 0 6m48s
```
Check that ingress controller service is of type LoadBalancer:
```
k8s-triliovault-admission-webhook ClusterIP 10.255.241.108 <none> 443/TCP 2m7s
k8s-triliovault-ingress-gateway LoadBalancer 10.255.254.153 34.75.176.146 80:30737/TCP,443:30769/TCP 2m7s
k8s-triliovault-web ClusterIP 10.255.245.52 <none> 80/TCP 2m7s
k8s-triliovault-web-backend ClusterIP 10.255.250.166 <none> 80/TCP 2m7s
kubernetes ClusterIP 10.255.240.1 <none> 443/TCP 6m9s
tvm-k8s-triliovault-operator-webhook-service ClusterIP 10.255.249.77 <none> 443/TCP 3m22s
```
Check that ingress resources has the host defined by the user:
```
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-triliovault-ingress-master nginx trilio.co.in 80 98s
k8s-triliovault-ingress-minion nginx trilio.co.in 80 98s
```
## Delete
```shell
kubectl delete -f TVM.yaml
```
## Uninstall
To uninstall/delete the operator helm chart :
```bash
helm uninstall tvm
```
## TrilioVaultManager compatibility
The following table captures the compatibility matrix of the TrilioVault Manager against TVK:
| TVM Version | TVK 2.5.2 | TVK 2.5.1 | TVK 2.5.0 | TVK 2.1.0 | TVK 2.0.5 | TVK 2.0.4 | TVK 2.0.3 | TVK 2.0.2 | TVK 2.0.1 |
|-------------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|-----------|
| 2.5.2 | yes | yes | yes | yes | yes | yes | yes | yes | yes |
| 2.5.0 | no | yes | yes | yes | yes | yes | yes | yes | yes |
| v2.1.0 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.5 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.2 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.1 | no | no | no | yes | yes | yes | yes | yes | yes |
| v2.0.0 | no | no | no | yes | yes | yes | yes | yes | yes |

37
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/app-readme.md Normal file
View File

@ -0,0 +1,37 @@
# TrilioVault for Kubernetes
[K8s-TrilioVault-Operator](https://trilio.io) is an operator designed to manage
the K8s-TrilioVault Application Lifecycle.
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
Introduction:
Prerequisites:
Kubernetes 1.17+
Alpha feature gates should be enabled
PV provisioner support
CSI driver should be installed
Installation:
To install the chart with the operator name trilio:
helm install k8s-triliovault-operator triliovault-operator/k8s-triliovault-operator
# For helm version 3
helm install triliovault-operator triliovault-operator/k8s-triliovault-operator
The command deploys the Triliovault for Kubernetes Operator with the default configuration.
Uninstall:
To uninstall/delete the chart trilio :
# For helm version 3
helm uninstall k8s-triliovault-operator
For more information around TVM manager installation, please follow below link:
https://docs.trilio.io/kubernetes/use-triliovault/installing-triliovault

1183
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/crds/triliovault.trilio.io_triliovaultmanagers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

41
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/NOTES.txt Normal file
View File

@ -0,0 +1,41 @@
TrilioVault Operator is a helm based operator which install/upgrade/delete the helm Chart of the TrilioVault For Kubernetes.
This operator watches over the entire helm application of TrilioVault for Kubernetes and has self-healing capabilities.
To verify that TrilioVault Operator has started, run:
kubectl --namespace={{ .Release.Namespace }} wait --for=condition=ready pod -l "release={{ .Release.Name }}"
Once the Triliovault operator is in running state, you can create the TrilioVault for Kubernetes(TVK) with the
following custom resource:
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
app: triliovault
name: tvk
namespace: {{ .Release.Namespace }}
spec:
trilioVaultAppVersion: latest
applicationScope: Cluster
ingressConfig:
host: "trilio.net"
componentConfiguration:
ingress-controller:
enabled: true
service:
type: LoadBalancer
Once the above CR has been created, you have to wait for the TVK pods to come up. To check all the pods come into
running state, run:
kubectl --namespace {{ .Release.Namespace }} wait --for=condition=ready pod -l "release=tvk-{{ .Release.Namespace }}"
Once all the pods are in running state, you can access the TVK UI from your browser at:
https://trilio.net
Note: The host `trilio.net` is used from the `ingressConfig.host` defined in the TVM CR by the user.
You can start backup and restore of your application using TVK. For more details on how to do that, please follow our
getting started guide: https://docs.trilio.io/kubernetes/getting-started/getting-started-1

41
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/TVMCustomResource.yaml Normal file
View File

@ -0,0 +1,41 @@
{{- if .Values.installTVK.enabled }}
{{- if not (lookup "triliovault.trilio.io/v1" "TrilioVaultManager" "" "").items }}
{{template "k8s-triliovault-operator.tlsSecretValidation" .}}
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
name: {{ .Release.Name }}-tvk
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install
spec:
{{- if eq .Chart.Version "0.1.0" }}
trilioVaultAppVersion: latest
{{- else}}
trilioVaultAppVersion: {{ .Chart.Version }}
{{- end }}
applicationScope: {{ .Values.installTVK.applicationScope }}
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
ingressConfig:
{{- if and (gt (len .Values.installTVK.ingressConfig.annotations) 0) (not .Values.installTVK.ComponentConfiguration.ingressController.enabled) }}
annotations:
{{- range $key, $value := .Values.installTVK.ingressConfig.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end -}}
{{- end }}
host: {{ .Values.installTVK.ingressConfig.host | default (printf "%s.k8s-tvk.com" $.Release.Namespace) | quote }}
{{- if not .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
ingressClass: {{ .Values.installTVK.ingressConfig.ingressClass | quote }}
{{- end }}
{{- if .Values.installTVK.ingressConfig.tlsSecretName }}
tlsSecretName: {{ .Values.installTVK.ingressConfig.tlsSecretName | quote }}
{{- end }}
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
componentConfiguration:
ingress-controller:
enabled: {{ .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
service:
type: {{ .Values.installTVK.ComponentConfiguration.ingressController.service.type }}
{{- end -}}
{{- end -}}

66
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,66 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "k8s-triliovault-operator.name" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "k8s-triliovault-operator.appName" -}}
{{- printf "%s" .Chart.Name -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "k8s-triliovault-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper TrilioVault Operator image name
*/}}
{{- define "k8s-triliovault-operator.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{/*
Validation of the secret of CA bundle if provided
*/}}
{{- define "k8s-triliovault-operator.caBundleValidation" -}}
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- if not (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP) }}
{{ fail "Proxy CA bundle proxy is not present in the release namespace" }}
{{- else }}
{{- $caMap := (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP).data }}
{{- if not (get $caMap "ca-bundle.crt") }}
{{ fail "Proxy CA certificate file key should be ca-bundle.crt" }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Validation for the ingress tlsSecret, should exists if provided
*/}}
{{- define "k8s-triliovault-operator.tlsSecretValidation" }}
{{- if .Values.installTVK.ingressConfig.tlsSecretName -}}
{{- if not (lookup "v1" "Secret" .Release.Namespace .Values.installTVK.ingressConfig.tlsSecretName ) -}}
{{ fail "Ingress tls secret is not present in the release namespace" }}
{{- end -}}
{{- end -}}
{{- end -}}

125
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,125 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role
app.kubernetes.io/managed-by: {{ .Release.Service }}
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
- services
- services/finalizers
- secrets
- events
- pods
- endpoints
- configmaps
verbs:
- create
- update
- delete
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- update
- delete
- patch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- update
- delete
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- create
- update
- delete
- patch
- bind
- escalate
- apiGroups:
- triliovault.trilio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- update
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- delete
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- update
- patch
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses
verbs:
- create
- patch
- update
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- delete

17
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/clusterrole_binding.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-manager-rolebinding
app.kubernetes.io/managed-by: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role
subjects:
- kind: ServiceAccount
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
namespace: {{ .Release.Namespace }}

202
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/deployment.yaml Normal file
View File

@ -0,0 +1,202 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
selector:
matchLabels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
hostNetwork: {{ .Values.podSpec.hostNetwork }}
hostIPC: {{ .Values.podSpec.hostIPC }}
hostPID: {{ .Values.podSpec.hostPID }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.podSpec.securityContext | nindent 8 }}
{{- end }}
containers:
- name: k8s-triliovault-operator
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
{{- if .Values.tvkEnv }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
{{- end}}
{{- if .Values.tvkHelmRepo }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
{{- end }}
- name: INSTALL_NAMESPACE
value: {{ .Release.Namespace }}
- name: REGISTRY
value: {{ .Values.registry }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
livenessProbe:
httpGet:
path: /healthz
port: 8081
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /readyz
port: 8081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
mountPath: /root/.helm
readOnly: true
{{- if .Values.tls.verify }}
- name: helm-tls-ca
mountPath: /root/.helm/ca.crt
readOnly: true
{{- end }}
{{- end }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-certs
readOnly: true
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 10m
memory: 10Mi
initContainers:
- name: webhook-init
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
- name: RELEASE_VERSION
value: {{ .Chart.AppVersion }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
- name: WEBHOOK_SERVICE
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
- name: WEBHOOK_NAMESPACE
value: {{ .Release.Namespace }}
- name: SECRET_NAME
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
volumeMounts:
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
{{- if .Values.nodeSelector }}
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
configMap:
name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
secret:
secretName: {{ .Values.tls.secretName }}
defaultMode: 0400
{{- if .Values.tls.verify }}
- name: helm-tls-ca
configMap:
name: {{ template "helm-operator.fullname" . }}-helm-tls-ca-config
defaultMode: 0600
{{- end }}
{{- end }}
- name: webhook-certs
secret:
defaultMode: 420
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs

31
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/mutating-webhook.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-mutating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /mutate-triliovault-trilio-io-v1-triliovaultmanager
failurePolicy: Fail
name: v1-tvm-mutation.trilio.io
rules:
- apiGroups:
- triliovault.trilio.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- triliovaultmanagers
sideEffects: None
admissionReviewVersions:
- v1

37
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/ns-validating-webhook.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-ns-validating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-core-v1-namespace
failurePolicy: Fail
name: v1-tvm-ns-validation.trilio.io
namespaceSelector:
matchExpressions:
- key: trilio-operator-label
operator: In
values:
- {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- namespaces
scope: '*'
sideEffects: None
admissionReviewVersions:
- v1

21
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/proxyConfig.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.proxySettings.PROXY_ENABLED }}
{{ template "k8s-triliovault-operator.caBundleValidation" . }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-proxy
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
{{- range $key, $val := .Values.proxySettings }}
{{ $val = $val| toString | b64enc }}
{{- if $val -}}
{{ $key }}: {{ $val }}
{{- end -}}
{{- end }}
type: Opaque
{{- end }}

11
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-certs
app.kubernetes.io/managed-by: {{ .Release.Service }}
type: Opaque

10
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/serviceAccount.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-service-account
app.kubernetes.io/managed-by: {{ .Release.Service }}

31
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/validating-webhook.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-triliovault-trilio-io-v1-triliovaultmanager
failurePolicy: Fail
name: v1-tvm-validation.trilio.io
rules:
- apiGroups:
- triliovault.trilio.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- triliovaultmanagers
sideEffects: None
admissionReviewVersions:
- v1

19
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/templates/webhook-service.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-service
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"

76
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.6.500/values.yaml Normal file
View File

@ -0,0 +1,76 @@
## TrilioVault Operator
registry: "eu.gcr.io/amazing-chalice-243510"
operator-webhook-init:
repository: operator-webhook-init
k8s-triliovault-operator:
repository: k8s-triliovault-operator
tag: "2.6.5"
tvkHelmRepo: ""
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
image:
pullPolicy: Always
tls:
secretName: "helm-client-certs"
verify: false
enable: false
keyFile: "tls.key"
certFile: "tls.crt"
caContent: ""
hostname: ""
nameOverride: ""
replicaCount: 1
proxySettings:
PROXY_ENABLED: false
NO_PROXY: ""
HTTP_PROXY: ""
HTTPS_PROXY: ""
CA_BUNDLE_CONFIGMAP: ""
podSpec:
hostIPC: false
hostNetwork: false
hostPID: false
securityContext:
runAsNonRoot: true
runAsUser: 1001
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
installTVK:
enabled: true
applicationScope: Cluster
ingressConfig:
host: ""
tlsSecretName: ""
annotations: {}
ingressClass: ""
ComponentConfiguration:
ingressController:
enabled: true
service:
type: NodePort

22
index.yaml
View File

@ -1832,6 +1832,28 @@ entries:
- assets/instana-agent/instana-agent-1.0.2900.tgz
version: 1.0.2900
k8s-triliovault-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v1
appVersion: 2.6.5
created: "2022-01-10T12:32:26.501820339Z"
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
digest: 4049bd872424bb4d4d7c63455db4aaa8ed02d44ecf47f5c88acf2959739db4f0
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>=1.18.0-0'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
urls:
- assets/k8s-triliovault-operator/k8s-triliovault-operator-2.6.500.tgz
version: 2.6.500
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator