andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Adding assets, charts, and index.yaml

pull/382/head
Samuel Attwood 2022-04-08 06:02:45 -04:00
parent 754c9fa5d0
commit a88b5e7ccd
22 changed files with 2281 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/k8s-triliovault-operator/k8s-triliovault-operator-2.7.200.tgz Normal file
View File

Binary file not shown.

23
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/.helmignore Normal file
View File

@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
# Helm files
OWNERS

18
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/Chart.yaml Normal file
View File

@ -0,0 +1,18 @@
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v1
appVersion: 2.7.2
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>=1.18.0-0'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
version: 2.7.200

1
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/LICENSE Normal file
View File

@ -0,0 +1 @@
# Placeholder for the License if we decide to provide one

150
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/README.md Normal file
View File

@ -0,0 +1,150 @@
# K8s-TrilioVault-Operator
This operator is to manage the lifecycle of TrilioVault Backup/Recovery solution. This operator install, updates and manage the TrilioVault application.
## Introduction
## Prerequisites
- Kubernetes 1.19+
- PV provisioner support
- CSI driver should be installed
### One Click Installation
In one click install for upstream operator, a cluster scope TVM custom resource `triliovault-manager` is created.
```shell script
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
helm install tvm trilio-vault-operator/k8s-triliovault-operator
```
#### One click install Configuration
The following table lists the configuration parameter of the upstream operator one click install feature and their
default values.
| Parameter | Description | Default
| --------- | ----------- | -------
| `installTVK.enabled` | 1 click install feature is enabled | true
| `installTVK.applicationScope` | scope of TVK application created | Cluster
| `installTVK.ingressConfig.host` | host of the ingress resource created | ""
| `installTVK.ingressConfig.tlsSecretName` | tls secret name which contains ingress certs | ""
| `installTVK.ingressConfig.annotations` | annotations to be added on ingress resource | ""
| `installTVK.ingressConfig.ingressClass` | ingress class name for the ingress resource | ""
| `installTVK.ComponentConfiguration.ingressController.enabled` | TVK ingress controller should be deployed | true
| `installTVK.ComponentConfiguration.ingressController.service.type` | TVK ingress controller service type | "NodePort"
Check the TVM CR configuration by running following command:
```
kubectl get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml
```
Once the operator pod is in running state, the TVK pods getting spawned. Confirm the [TVK pods are up](#Check-TVK-Install).
## Manual Installation
To install the operator on local setup just run the latest helm charts inside this repo
```shell script
helm repo add trilio-vault-operator https://charts.k8strilio.net/trilio-stable/k8s-triliovault-operator
helm install tvm trilio-vault-operator/k8s-triliovault-operator
```
Now, create a TrilioVaultManager CR to install the TrilioVault for Kubernetes. You can provide the custom configurations for the TVK resources as follows:
```
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
triliovault: k8s
name: tvk
spec:
trilioVaultAppVersion: latest
applicationScope: Cluster
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
ingressConfig:
host: "trilio.co.in"
tlsSecretName: "secret-name"
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
componentConfiguration:
web-backend:
resources:
requests:
memory: "400Mi"
cpu: "200m"
limits:
memory: "2584Mi"
cpu: "1000m"
ingress-controller:
enabled: true
service:
type: LoadBalancer
```
### Apply the Custom Resource
Apply `TVM.yaml`:
```shell
kubectl create -f TVM.yaml
```
### Check TVK Install
Check that the pods were created:
```
kubectl get pods
```
```
NAME READY STATUS RESTARTS AGE
k8s-triliovault-admission-webhook-6ff5f98c8-qwmfc 1/1 Running 0 81s
k8s-triliovault-backend-6f66b6b8d5-gxtmz 1/1 Running 0 81s
k8s-triliovault-control-plane-6c464c5d78-ftk6g 1/1 Running 0 81s
k8s-triliovault-exporter-59566f97dd-gs4xc 1/1 Running 0 81s
k8s-triliovault-ingress-nginx-controller-867c764cd5-qhpx6 1/1 Running 0 18s
k8s-triliovault-web-967c8475-m7pc6 1/1 Running 0 81s
tvm-k8s-triliovault-operator-66bd7d86d5-dvhzb 1/1 Running 0 6m48s
```
Check that ingress controller service is of type LoadBalancer:
```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
k8s-triliovault-admission-webhook ClusterIP 10.7.243.24 <none> 443/TCP 129m
k8s-triliovault-ingress-nginx-controller LoadBalancer 10.7.246.193 35.203.155.148 80:30362/TCP,443:32327/TCP 129m
k8s-triliovault-ingress-nginx-controller-admission ClusterIP 10.7.250.31 <none> 443/TCP 129m
k8s-triliovault-web ClusterIP 10.7.254.41 <none> 80/TCP 129m
k8s-triliovault-web-backend ClusterIP 10.7.252.146 <none> 80/TCP 129m
tvm-k8s-triliovault-operator-webhook-service ClusterIP 10.7.248.163 <none> 443/TCP 130m 123m
```
Check that ingress resources has the host defined by the user:
```
NAME CLASS HOSTS ADDRESS PORTS AGE
k8s-triliovault k8s-triliovault-default-nginx * 35.203.155.148 80 129m
```
You can access the TVK UI by hitting this address in your browser: https://35.203.155.148
## Delete
```shell
kubectl delete -f TVM.yaml
```
## Uninstall
To uninstall/delete the operator helm chart :
```bash
helm uninstall tvm
```
## TrilioVaultManager compatibility
We maintain the version parity between the TrilioVaultManager(upstream operator) and TrilioVault for Kubernetes. Whenever
user wants to upgrade to the new version, should use the same version for upstream operator and Triliovault for Kubernetes.

1189
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/crds/triliovault.trilio.io_triliovaultmanagers.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

120
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/questions.yaml Normal file
View File

@ -0,0 +1,120 @@
questions:
- variable: installTVK.enabled
default: true
description: "TriloVault Manager is an instance of TrilioVault for Kubernetes. Selecting this checkbox automatically creates a TrilioVault Manager instance"
required: true
type: boolean
label: "Install TrilioVault Manager Automatically"
group: "TrilioVault Manager Install Configuration"
- variable: installTVK.tvkInstanceName
show_if: "installTVK.enabled=true"
default: "triliovault-manager"
description: "TrilioVault Manager Instance Name. This will be used to manage the Kubernetes cluster in TVK Management Console and backups performed by the TrilioVault for Kubernetes"
required: true
type: string
label: "TrilioVault Manager Instance Name"
group: "TrilioVault Manager Install Configuration"
- variable: installTVK.applicationScope
default: Cluster
description: "TrilioVault Manager installation scope: Cluster or Namespaced"
required: true
type: enum
label: "TrilioVault Manager Installation Scope"
group: "TrilioVault Manager Install Configuration"
options:
- "Cluster"
- "Namespaced"
- variable: installTVK.ingressConfig.host
default: "rancher.k8s-tvk.com"
description: "Hostname URL to access the TVK Management Console - For example: rancher.k8s-tvk.com"
required: true
type: hostname
label: "TVK Management Console Hostname URL"
group: "Ingress Configuration"
- variable: installTVK.ingressConfig.tlsSecretName
default: ""
description: "TLS Secret containing an appropriate certificate to access the TVK Management Console over HTTPS protocol. Secret should of type kubernetes.io/tls"
required: false
type: secret
label: "TLS Secret of type kubernetes.io/tls (Optional)"
group: "Ingress Configuration"
- variable: installTVK.ComponentConfiguration.ingressController.enabled
default: true
description: "Select if Trilio provided Ingress Controller (nginx) should be leveraged or if an existing Ingress Controller within the cluster should be used"
required: true
type: boolean
label: "Use Trilio Provided Ingress Controller"
group: "Ingress Configuration"
- variable: installTVK.ComponentConfiguration.ingressController.service.type
show_if: "installTVK.ComponentConfiguration.ingressController.enabled=true"
default: "NodePort"
description: "Ingress Controller Service Type to access the TVK Management Console"
required: true
type: enum
label: "Ingress Controller Service Type"
group: "Ingress Configuration"
options:
- "NodePort"
- "LoadBalancer"
- variable: installTVK.ingressConfig.ingressClass
show_if: "installTVK.ComponentConfiguration.ingressController.enabled=false"
default: ""
description: "Name of an existing Ingress Class to use to access the TVK Management Console. Ingress class must exist on the Kubernetes cluster"
required: true
type: string
label: "Ingress Class Name"
group: "Ingress Configuration"
- variable: installTVK.ingressConfig.annotations
show_if: "installTVK.ComponentConfiguration.ingressController.enabled=false"
default: ""
description: "Annotations to add for the TrilioVault Manager ingress resource - For example: {'foo':'bar'}"
required: false
type: string
label: "Annotations for Ingress Resource (Optional)"
group: "Ingress Configuration"
- variable: proxySettings.PROXY_ENABLED
default: false
description: "Select this checkbox to deploy the TrilioVault Manager via a proxy server"
required: false
type: boolean
label: "Proxy Settings (Optional)"
group: "Proxy Settings"
show_subquestion_if: true
subquestions:
- variable: proxySettings.NO_PROXY
default: ""
description: "Provide the user defined IPs/hosts and subnets to exempt from proxy. User can provide comma separated values. For example: 'localhost,127.0.0.1,10.239.112.0/20,10.240.0.0/14'"
required: false
type: string
label: "No Proxy (Optional)"
group: "Proxy Settings"
- variable: proxySettings.HTTP_PROXY
default: ""
description: "Provide HTTP proxy information. For example: http://<uname>:<password>@<IP>:<Port>"
required: true
type: string
label: "HTTP Proxy"
group: "Proxy Settings"
- variable: proxySettings.HTTPS_PROXY
default: ""
description: "Provide HTTPS proxy information. For example: https://<uname>:<password>@<IP>:<Port>"
required: true
type: string
label: "HTTPS Proxy"
group: "Proxy Settings"
- variable: proxySettings.CA_BUNDLE_CONFIGMAP
default: ""
description: "Provide a CA Certificate bundle configmap present on the Kubernetes cluster to communicate with the proxy server"
required: false
type: string
label: "CA Certificate Bundle Configmap Name (Optional)"
group: "Proxy Settings"

59
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/NOTES.txt Normal file
View File

@ -0,0 +1,59 @@
TrilioVault Operator is a helm based operator which install/upgrade/delete the helm Chart of the TrilioVault For Kubernetes.
This operator watches over the entire helm application of TrilioVault for Kubernetes and has self-healing capabilities.
To verify that TrilioVault Operator has started, run:
kubectl --namespace={{ .Release.Namespace }} wait --for=condition=ready pod -l "release={{ .Release.Name }}"
{{ if .Values.installTVK.enabled }}
In one click install, a cluster scope TVM custom resource triliovault-manager is created, you can check its
configuration by running following command:
kubectl --namespace {{ .Release.Namespace }} get triliovaultmanagers.triliovault.trilio.io triliovault-manager -o yaml
{{- else }}
Once the Triliovault operator is in running state, you can create the TrilioVault for Kubernetes(TVK) with the
following custom resource:
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
labels:
app: triliovault
name: triliovault-manager
namespace: {{ .Release.Namespace }}
spec:
trilioVaultAppVersion: latest
applicationScope: Cluster
ingressConfig:
host: ""
componentConfiguration:
ingress-controller:
enabled: true
service:
type: LoadBalancer
Once the above CR has been created, you have to wait for the TVK pods to come up.
{{- end }}
To check all the TVK pods come into running state, run:
kubectl --namespace {{ .Release.Namespace }} wait --for=condition=ready pod -l "release=triliovault-manager-{{ .Release.Namespace }}"
Once all the pods are in running state, you can access the TVK UI from your browser using following steps:
{{- if .Values.installTVK.enabled }}
{{- if eq .Values.installTVK.ComponentConfiguration.ingressController.service.type "LoadBalancer" }}
1. Find the external IP of the service `k8s-triliovault-ingress-nginx-controller`
2. Hit the URL in browser: https://<External IP of k8s-triliovault-ingress-nginx-controller>
{{- else }}
1. Find the NodePort from the service `k8s-triliovault-ingress-nginx-controller`
2. Hit the URL in browser with NodePort: https://<Node IP>:<Node-Port>/
{{- end }}
{{- end }}
For more details on how to access the TVK UI, follow this guide: https://docs.trilio.io/kubernetes/management-console-ui/prerequisites/accessing-the-ui
You can start backup and restore of your application using TVK. For more details on how to do that, please follow our
getting started guide: https://docs.trilio.io/kubernetes/getting-started-3/getting-started/getting-started-1

44
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/TVMCustomResource.yaml Normal file
View File

@ -0,0 +1,44 @@
{{- if .Values.installTVK.enabled }}
{{- if not (lookup "triliovault.trilio.io/v1" "TrilioVaultManager" "" "").items }}
{{template "k8s-triliovault-operator.tlsSecretValidation" .}}
apiVersion: triliovault.trilio.io/v1
kind: TrilioVaultManager
metadata:
name: "triliovault-manager"
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install
spec:
{{- if eq .Chart.Version "0.1.0" }}
trilioVaultAppVersion: latest
{{- else}}
trilioVaultAppVersion: {{ .Chart.AppVersion }}
{{- end }}
applicationScope: {{ .Values.installTVK.applicationScope }}
{{- if .Values.installTVK.tvkInstanceName }}
tvkInstanceName: {{ .Values.installTVK.tvkInstanceName }}
{{- end }}
# User can configure the ingress hosts, annotations and TLS secret through the ingressConfig section
ingressConfig:
{{- if and (gt (len .Values.installTVK.ingressConfig.annotations) 0) (not .Values.installTVK.ComponentConfiguration.ingressController.enabled) }}
annotations:
{{- range $key, $value := .Values.installTVK.ingressConfig.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end -}}
{{- end }}
host: {{ .Values.installTVK.ingressConfig.host | quote }}
{{- if not .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
ingressClass: {{ .Values.installTVK.ingressConfig.ingressClass | quote }}
{{- end }}
{{- if .Values.installTVK.ingressConfig.tlsSecretName }}
tlsSecretName: {{ .Values.installTVK.ingressConfig.tlsSecretName | quote }}
{{- end }}
# TVK components configuration, currently supports control-plane, web, exporter, web-backend, ingress-controller, admission-webhook.
# User can configure resources for all componentes and can configure service type and host for the ingress-controller
componentConfiguration:
ingress-controller:
enabled: {{ .Values.installTVK.ComponentConfiguration.ingressController.enabled }}
service:
type: {{ .Values.installTVK.ComponentConfiguration.ingressController.service.type }}
{{- end -}}
{{- end -}}

66
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,66 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "k8s-triliovault-operator.name" -}}
{{- default .Release.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- define "k8s-triliovault-operator.appName" -}}
{{- printf "%s" .Chart.Name -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
*/}}
{{- define "k8s-triliovault-operator.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Return the proper TrilioVault Operator image name
*/}}
{{- define "k8s-triliovault-operator.image" -}}
{{- $registryName := .Values.image.registry -}}
{{- $repositoryName := .Values.image.repository -}}
{{- $tag := .Values.image.tag | toString -}}
{{- printf "%s/%s:%s" $registryName $repositoryName $tag -}}
{{- end -}}
{{/*
Validation of the secret of CA bundle if provided
*/}}
{{- define "k8s-triliovault-operator.caBundleValidation" -}}
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- if not (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP) }}
{{ fail "Proxy CA bundle proxy is not present in the release namespace" }}
{{- else }}
{{- $caMap := (lookup "v1" "ConfigMap" .Release.Namespace .Values.proxySettings.CA_BUNDLE_CONFIGMAP).data }}
{{- if not (get $caMap "ca-bundle.crt") }}
{{ fail "Proxy CA certificate file key should be ca-bundle.crt" }}
{{- end }}
{{- end }}
{{- end }}
{{- end -}}
{{/*
Validation for the ingress tlsSecret, should exists if provided
*/}}
{{- define "k8s-triliovault-operator.tlsSecretValidation" }}
{{- if .Values.installTVK.ingressConfig.tlsSecretName -}}
{{- if not (lookup "v1" "Secret" .Release.Namespace .Values.installTVK.ingressConfig.tlsSecretName ) -}}
{{ fail "Ingress tls secret is not present in the release namespace" }}
{{- end -}}
{{- end -}}
{{- end -}}

133
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/clusterrole.yaml Normal file
View File

@ -0,0 +1,133 @@
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{template "k8s-triliovault-operator.name" .}}-{{.Release.Namespace}}-manager-role
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{template "k8s-triliovault-operator.appName" .}}-manager-role
app.kubernetes.io/managed-by: {{ .Release.Service }}
rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- update
- delete
- patch
- apiGroups:
- ""
resources:
- serviceaccounts
- services
- services/finalizers
- secrets
- events
- pods
- endpoints
- configmaps
verbs:
- create
- update
- delete
- patch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
- mutatingwebhookconfigurations
verbs:
- create
- update
- delete
- patch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- update
- delete
- patch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterroles
- clusterrolebindings
- roles
- rolebindings
verbs:
- create
- update
- delete
- patch
- bind
- escalate
- apiGroups:
- triliovault.trilio.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- namespaces
verbs:
- update
- apiGroups:
- batch
resources:
- cronjobs
verbs:
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- create
- delete
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- update
- patch
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- create
- patch
- update
- delete
- apiGroups:
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- networking.k8s.io
resources:
- ingressclasses
verbs:
- delete

17
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/clusterrole_binding.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-rolebinding
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-manager-rolebinding
app.kubernetes.io/managed-by: {{ .Release.Service }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ template "k8s-triliovault-operator.name" . }}-{{ .Release.Namespace }}-manager-role
subjects:
- kind: ServiceAccount
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
namespace: {{ .Release.Namespace }}

202
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/deployment.yaml Normal file
View File

@ -0,0 +1,202 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
selector:
matchLabels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
replicas: {{ .Values.replicaCount }}
template:
metadata:
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
hostNetwork: {{ .Values.podSpec.hostNetwork }}
hostIPC: {{ .Values.podSpec.hostIPC }}
hostPID: {{ .Values.podSpec.hostPID }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.podSpec.securityContext | nindent 8 }}
{{- end }}
containers:
- name: k8s-triliovault-operator
image: {{ .Values.registry }}/{{ index .Values "k8s-triliovault-operator" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
{{- if .Values.tvkEnv }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
{{- end}}
{{- if .Values.tvkHelmRepo }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
{{- end }}
- name: INSTALL_NAMESPACE
value: {{ .Release.Namespace }}
- name: REGISTRY
value: {{ .Values.registry }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
livenessProbe:
httpGet:
path: /healthz
port: 8081
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 30
timeoutSeconds: 2
successThreshold: 1
failureThreshold: 3
readinessProbe:
httpGet:
path: /readyz
port: 8081
scheme: HTTP
initialDelaySeconds: 5
periodSeconds: 5
timeoutSeconds: 1
successThreshold: 1
failureThreshold: 3
volumeMounts:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
mountPath: /root/.helm
readOnly: true
{{- if .Values.tls.verify }}
- name: helm-tls-ca
mountPath: /root/.helm/ca.crt
readOnly: true
{{- end }}
{{- end }}
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: webhook-certs
readOnly: true
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
resources:
limits:
cpu: 200m
memory: 512Mi
requests:
cpu: 10m
memory: 10Mi
initContainers:
- name: webhook-init
image: {{ .Values.registry }}/{{ index .Values "operator-webhook-init" "repository" }}:{{ .Values.tag }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
{{- end }}
{{- if .Values.proxySettings.PROXY_ENABLED }}
envFrom:
- secretRef:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- end }}
env:
{{- if .Values.proxySettings.PROXY_ENABLED }}
- name: PROXY_SETTINGS_SECRET
value: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
{{- if .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: PROXY_CA_CONFIGMAP
value: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- end }}
- name: TVK_ENV
value: {{ .Values.tvkEnv }}
- name: TVK_HELM_REPO
value: {{ .Values.tvkHelmRepo }}
- name: RELEASE_VERSION
value: {{ .Chart.AppVersion }}
- name: ADMISSION_MUTATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
- name: ADMISSION_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
- name: NAMESPACE_VALIDATION_CONFIG
value: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
- name: WEBHOOK_SERVICE
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
- name: WEBHOOK_NAMESPACE
value: {{ .Release.Namespace }}
- name: SECRET_NAME
value: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
volumeMounts:
- name: proxy-ca-cert
mountPath: /proxy-certs
readOnly: true
{{- end }}
serviceAccountName: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
{{- if .Values.nodeSelector }}
nodeSelector: {{- .Values.nodeSelector | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.affinity }}
affinity:
{{- toYaml .Values.affinity | nindent 8 }}
{{- end }}
volumes:
{{- if and .Values.proxySettings.PROXY_ENABLED .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
- name: proxy-ca-cert
configMap:
name: {{ .Values.proxySettings.CA_BUNDLE_CONFIGMAP }}
{{- end }}
{{- if .Values.tls.enable }}
- name: helm-tls-certs
secret:
secretName: {{ .Values.tls.secretName }}
defaultMode: 0400
{{- if .Values.tls.verify }}
- name: helm-tls-ca
configMap:
name: {{ template "k8s-triliovault-operator.fullname" . }}-helm-tls-ca-config
defaultMode: 0600
{{- end }}
{{- end }}
- name: webhook-certs
secret:
defaultMode: 420
secretName: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs

31
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/mutating-webhook.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: admissionregistration.k8s.io/v1
kind: MutatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-mutating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-mutating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /mutate-triliovault-trilio-io-v1-triliovaultmanager
failurePolicy: Fail
name: v1-tvm-mutation.trilio.io
rules:
- apiGroups:
- triliovault.trilio.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- triliovaultmanagers
sideEffects: None
admissionReviewVersions:
- v1

37
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/ns-validating-webhook.yaml Normal file
View File

@ -0,0 +1,37 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-ns-validating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-ns-validating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-core-v1-namespace
failurePolicy: Fail
name: v1-tvm-ns-validation.trilio.io
namespaceSelector:
matchExpressions:
- key: trilio-operator-label
operator: In
values:
- {{ .Release.Namespace }}
rules:
- apiGroups:
- ""
apiVersions:
- v1
operations:
- DELETE
resources:
- namespaces
scope: '*'
sideEffects: None
admissionReviewVersions:
- v1

21
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/proxyConfig.yaml Normal file
View File

@ -0,0 +1,21 @@
{{- if .Values.proxySettings.PROXY_ENABLED }}
{{ template "k8s-triliovault-operator.caBundleValidation" . }}
apiVersion: v1
kind: Secret
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-proxy
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-proxy
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
{{- range $key, $val := .Values.proxySettings }}
{{ $val = $val| toString | b64enc }}
{{- if $val -}}
{{ $key }}: {{ $val }}
{{- end -}}
{{- end }}
type: Opaque
{{- end }}

11
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/secret.yaml Normal file
View File

@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-certs
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-certs
app.kubernetes.io/managed-by: {{ .Release.Service }}
type: Opaque

10
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/serviceAccount.yaml Normal file
View File

@ -0,0 +1,10 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-service-account
namespace: {{ .Release.Namespace }}
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-service-account
app.kubernetes.io/managed-by: {{ .Release.Service }}

31
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/validating-webhook.yaml Normal file
View File

@ -0,0 +1,31 @@
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
name: {{ template "k8s-triliovault-operator.name" . }}-validating-webhook-configuration
labels:
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-validating-webhook-configuration
app.kubernetes.io/managed-by: {{ .Release.Service }}
webhooks:
- clientConfig:
caBundle: Cg==
service:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
path: /validate-triliovault-trilio-io-v1-triliovaultmanager
failurePolicy: Fail
name: v1-tvm-validation.trilio.io
rules:
- apiGroups:
- triliovault.trilio.io
apiVersions:
- v1
operations:
- CREATE
- UPDATE
resources:
- triliovaultmanagers
sideEffects: None
admissionReviewVersions:
- v1

19
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/templates/webhook-service.yaml Normal file
View File

@ -0,0 +1,19 @@
apiVersion: v1
kind: Service
metadata:
name: {{ template "k8s-triliovault-operator.fullname" . }}-webhook-service
namespace: {{ .Release.Namespace }}
labels:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"
app.kubernetes.io/part-of: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/name: {{ template "k8s-triliovault-operator.appName" . }}
app.kubernetes.io/instance: {{ template "k8s-triliovault-operator.appName" . }}-webhook-service
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
ports:
- port: 443
targetPort: 9443
selector:
app: {{ template "k8s-triliovault-operator.fullname" . }}
release: "{{ .Release.Name }}"

77
charts/k8s-triliovault-operator/k8s-triliovault-operator/2.7.200/values.yaml Normal file
View File

@ -0,0 +1,77 @@
## TrilioVault Operator
registry: "eu.gcr.io/amazing-chalice-243510"
operator-webhook-init:
repository: operator-webhook-init
k8s-triliovault-operator:
repository: k8s-triliovault-operator
tag: "2.7.2"
tvkHelmRepo: ""
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- amd64
image:
pullPolicy: Always
tls:
secretName: "helm-client-certs"
verify: false
enable: false
keyFile: "tls.key"
certFile: "tls.crt"
caContent: ""
hostname: ""
nameOverride: ""
replicaCount: 1
proxySettings:
PROXY_ENABLED: false
NO_PROXY: ""
HTTP_PROXY: ""
HTTPS_PROXY: ""
CA_BUNDLE_CONFIGMAP: ""
podSpec:
hostIPC: false
hostNetwork: false
hostPID: false
securityContext:
runAsNonRoot: true
runAsUser: 1001
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1001
capabilities:
drop:
- ALL
installTVK:
enabled: true
applicationScope: Cluster
tvkInstanceName: ""
ingressConfig:
host: ""
tlsSecretName: ""
annotations: {}
ingressClass: ""
ComponentConfiguration:
ingressController:
enabled: true
service:
type: NodePort

22
index.yaml
View File

@ -2130,6 +2130,28 @@ entries:
- assets/instana-agent/instana-agent-1.0.2900.tgz - assets/instana-agent/instana-agent-1.0.2900.tgz
version: 1.0.2900 version: 1.0.2900
k8s-triliovault-operator: k8s-triliovault-operator:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator
catalog.cattle.io/release-name: k8s-triliovault-operator
apiVersion: v1
appVersion: 2.7.2
created: "2022-03-31T12:22:21.688018797Z"
description: K8s-TrilioVault-Operator is an operator designed to manage the K8s-TrilioVault
Application Lifecycle.
digest: 22c3ffc85030ccbf07799e02699a0515ac8ea88138dc1416f1d54293fda3d478
home: https://github.com/trilioData/k8s-triliovault-operator
icon: https://www.trilio.io/wp-content/uploads/2021/01/Trilio-2020-logo-RGB-gray-green.png
kubeVersion: '>=1.18.0-0'
maintainers:
- email: prafull.ladha@trilio.io
name: prafull11
name: k8s-triliovault-operator
sources:
- https://github.com/trilioData/k8s-triliovault-operator
urls:
- assets/k8s-triliovault-operator/k8s-triliovault-operator-2.7.200.tgz
version: 2.7.200
- annotations: - annotations:
catalog.cattle.io/certified: partner catalog.cattle.io/certified: partner
catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator catalog.cattle.io/display-name: TrilioVault for Kubernetes Operator