diff --git a/assets/dynatrace/dynatrace-operator-0.8.2.tgz b/assets/dynatrace/dynatrace-operator-0.8.2.tgz new file mode 100644 index 000000000..4f923c540 Binary files /dev/null and b/assets/dynatrace/dynatrace-operator-0.8.2.tgz differ diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/.helmignore b/charts/dynatrace/dynatrace-operator/0.8.2/.helmignore new file mode 100644 index 000000000..98229532e --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/.helmignore @@ -0,0 +1,25 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ + +tests/ diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/Chart.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/Chart.yaml new file mode 100644 index 000000000..35dee3ca6 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/Chart.yaml @@ -0,0 +1,23 @@ +annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dynatrace Operator + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: dynatrace-operator +apiVersion: v2 +appVersion: 0.8.2 +description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift +home: https://www.dynatrace.com/ +icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png +kubeVersion: '>=1.21.0-0' +maintainers: +- email: marcell.sevcsik@dynatrace.com + name: 0sewa0 +- email: christoph.muellner@dynatrace.com + name: chrismuellner +- email: lukas.hinterreiter@dynatrace.com + name: luhi-DT +name: dynatrace-operator +sources: +- https://github.com/Dynatrace/dynatrace-operator +type: application +version: 0.8.2 diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/README.md b/charts/dynatrace/dynatrace-operator/0.8.2/README.md new file mode 100644 index 000000000..60ae0d5f2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/README.md @@ -0,0 +1,33 @@ +# Dynatrace Operator Helm Chart + +The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift. + +This Helm Chart requires Helm 3. + +## Quick Start +Migration instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-dto-helm#migrate). + +Install the Dynatrace Operator via Helm by running the following commands. + +### Installation + +> For instructions on how to install the dynatrace-operator on Openshift, head to the +> [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm) + +Add `dynatrace` helm repository: +``` +helm repo add dynatrace https://raw.githubusercontent.com/Dynatrace/dynatrace-operator/master/config/helm/repos/stable +``` + +Install `dynatrace-operator` helm chart and create the corresponding `dynatrace` namespace: +```console +helm install dynatrace-operator dynatrace/dynatrace-operator -n dynatrace --create-namespace --atomic +``` + +## Uninstall chart +> Full instructions can be found in the [official help page](https://www.dynatrace.com/support/help/shortlink/k8s-helm#uninstall-dynatrace-operator) + +Uninstall the Dynatrace Operator by running the following command: +```console +helm uninstall dynatrace-operator -n dynatrace +``` diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/app-readme.md b/charts/dynatrace/dynatrace-operator/0.8.2/app-readme.md new file mode 100644 index 000000000..844c96dd7 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/app-readme.md @@ -0,0 +1,5 @@ +# Dynatrace Operator + +The Dynatrace Operator supports rollout and lifecycle of various Dynatrace components in Kubernetes and OpenShift. + +As of launch, the Dynatrace Operator can be used to deploy a containerized ActiveGate for Kubernetes API monitoring. New capabilities will be added to the Dynatrace Operator over time including metric routing, and API monitoring for AWS, Azure, GCP, and vSphere. diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/generated/dynatrace-operator-crd.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/generated/dynatrace-operator-crd.yaml new file mode 100644 index 000000000..04d3bd72f --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/generated/dynatrace-operator-crd.yaml @@ -0,0 +1,3093 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.9.0 + name: dynakubes.dynatrace.com +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: dynatrace-webhook + namespace: dynatrace + path: /convert + conversionReviewVersions: + - v1beta1 + group: dynatrace.com + names: + categories: + - dynatrace + kind: DynaKube + listKind: DynaKubeList + plural: dynakubes + singular: dynakube + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.apiUrl + name: ApiUrl + type: string + - jsonPath: .status.tokens + name: Tokens + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + description: DynaKube is the Schema for the DynaKube API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DynaKubeSpec defines the desired state of DynaKube + properties: + activeGate: + description: General configuration about ActiveGate instances + properties: + autoUpdate: + description: Disable automatic restarts of OneAgent pods in case + a new version is available + type: boolean + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the Docker Registry + implementation from the Dynatrace environment set as API URL.' + type: string + type: object + apiUrl: + description: Location of the Dynatrace API to connect to, including + your specific environment UUID + type: string + classicFullStack: + description: Configuration for ClassicFullStack Monitoring + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + enabled: + description: Enables FullStack Monitoring + type: boolean + env: + description: 'Optional: List of environment variables to set for + the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes (optional) + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s priority. + Name must be defined by creating a PriorityClass object with + that name. If not specified the setting will be removed from + the DaemonSet.' + type: string + resources: + description: 'Optional: define resources requests and limits for + single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceAccountName: + description: 'Optional: set custom Service Account Name used with + OneAgent pods' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + useImmutableImage: + description: Defines if you want to use the immutable image or + the installer + type: boolean + useUnprivilegedMode: + description: 'Optional: Runs the OneAgent Pods as unprivileged + (Early Adopter)' + type: boolean + waitReadySeconds: + description: 'Optional: Defines the time to wait until OneAgent + pod is ready after update - default 300 sec' + minimum: 0 + type: integer + type: object + customPullSecret: + description: 'Optional: Pull secret for your private registry' + type: string + enableIstio: + description: If enabled, Istio on the cluster will be configured automatically + to allow access to the Dynatrace environment + type: boolean + kubernetesMonitoring: + description: Configuration for Kubernetes Monitoring + properties: + args: + description: 'Optional: Adds additional arguments for the ActiveGate + instances' + items: + type: string + type: array + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your DynaKube + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceAccountName: + description: 'Optional: set custom Service Account Name used with + ActiveGate pods' + type: string + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + networkZone: + description: 'Optional: Sets Network Zone for OneAgent and ActiveGate + pods' + type: string + oneAgent: + description: General configuration about OneAgent instances + properties: + autoUpdate: + description: Disable automatic restarts of OneAgent pods in case + a new version is available + type: boolean + image: + description: 'Optional: the Dynatrace installer container image + Defaults to docker.io/dynatrace/oneagent:latest for Kubernetes + and to registry.connect.redhat.com/dynatrace/oneagent for OpenShift' + type: string + version: + description: 'Optional: If specified, indicates the OneAgent version + to use Defaults to latest Example: {major.minor.release} - 1.200.0' + type: string + type: object + proxy: + description: 'Optional: Set custom proxy settings either directly + or from a secret with the field ''proxy''' + properties: + value: + type: string + valueFrom: + type: string + type: object + routing: + description: Configuration for Routing + properties: + args: + description: 'Optional: Adds additional arguments for the ActiveGate + instances' + items: + type: string + type: array + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your DynaKube + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + serviceAccountName: + description: 'Optional: set custom Service Account Name used with + ActiveGate pods' + type: string + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + skipCertCheck: + description: Disable certificate validation checks for installer download + and API communication + type: boolean + tokens: + description: Credentials for the DynaKube to connect back to Dynatrace. + type: string + trustedCAs: + description: 'Optional: Adds custom RootCAs from a configmap This + property only affects certificates used to communicate with the + Dynatrace API. The property is not applied to the ActiveGate' + type: string + required: + - apiUrl + type: object + status: + description: DynaKubeStatus defines the observed state of DynaKube + properties: + activeGate: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + imageVersion: + description: ImageVersion contains the version from the last image + seen. + type: string + lastImageProbeTimestamp: + description: LastImageProbeTimestamp defines the last timestamp + when the querying for image updates have been done. + format: date-time + type: string + type: object + conditions: + description: Conditions includes status about the current state of + the instance + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + environmentID: + description: EnvironmentID contains the environment UUID corresponding + to the API URL + type: string + lastAPITokenProbeTimestamp: + description: LastAPITokenProbeTimestamp tracks when the last request + for the API token validity was sent + format: date-time + type: string + lastClusterVersionProbeTimestamp: + description: LastClusterVersionProbeTimestamp indicates when the cluster's + version was last checked + format: date-time + type: string + lastPaaSTokenProbeTimestamp: + description: LastPaaSTokenProbeTimestamp tracks when the last request + for the PaaS token validity was sent + format: date-time + type: string + oneAgent: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + imageVersion: + description: ImageVersion contains the version from the last image + seen. + type: string + instances: + additionalProperties: + properties: + ipAddress: + type: string + podName: + type: string + version: + type: string + type: object + type: object + lastImageProbeTimestamp: + description: LastImageProbeTimestamp defines the last timestamp + when the querying for image updates have been done. + format: date-time + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + useImmutableImage: + description: UseImmutableImage is set when an immutable image + is currently in use + type: boolean + version: + description: Dynatrace version being used. + type: string + type: object + phase: + description: Defines the current state (Running, Updating, Error, + ...) + type: string + tokens: + description: Credentials used to connect back to Dynatrace. + type: string + updatedTimestamp: + description: UpdatedTimestamp indicates when the instance was last + updated + format: date-time + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - jsonPath: .spec.apiUrl + name: ApiUrl + type: string + - jsonPath: .status.tokens + name: Tokens + type: string + - jsonPath: .status.phase + name: Status + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + description: DynaKube is the Schema for the DynaKube API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: DynaKubeSpec defines the desired state of DynaKube + properties: + activeGate: + description: General configuration about ActiveGate instances + properties: + capabilities: + description: Activegate capabilities enabled (routing, kubernetes-monitoring, + metrics-ingest, dynatrace-api) + items: + type: string + type: array + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + dnsPolicy: + description: 'Optional: Sets DNS Policy for the ActiveGate pods' + type: string + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the registry on the + tenant' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s priority. + Name must be defined by creating a PriorityClass object with + that name. If not specified the setting will be removed from + the StatefulSet.' + type: string + replicas: + description: Amount of replicas for your ActiveGates + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + tlsSecretName: + description: 'Optional: the name of a secret containing ActiveGate + TLS cert+key and password. If not set, self-signed certificate + is used. server.p12: certificate+key pair in pkcs12 format password: + passphrase to read server.p12' + type: string + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: 'Optional: Adds TopologySpreadConstraints for the + ActiveGate pods' + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to topologies + that would help reduce the skew. A constraint is considered + "Unsatisfiable" for an incoming pod if and only if every + possible node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + apiUrl: + description: Location of the Dynatrace API to connect to, including + your specific environment UUID + type: string + customPullSecret: + description: 'Optional: Pull secret for your private registry' + type: string + enableIstio: + description: If enabled, Istio on the cluster will be configured automatically + to allow access to the Dynatrace environment + type: boolean + kubernetesMonitoring: + description: 'Deprecated: Configuration for Kubernetes Monitoring' + properties: + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the registry on the + tenant' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your ActiveGates + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: 'Optional: Adds TopologySpreadConstraints for the + ActiveGate pods' + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to topologies + that would help reduce the skew. A constraint is considered + "Unsatisfiable" for an incoming pod if and only if every + possible node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + namespaceSelector: + description: 'Optional: set a namespace selector to limit which namespaces + are monitored By default, all namespaces will be monitored Has no + effect during classicFullStack and hostMonitoring mode' + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + networkZone: + description: 'Optional: Sets Network Zone for OneAgent and ActiveGate + pods' + type: string + oneAgent: + description: General configuration about OneAgent instances + properties: + applicationMonitoring: + description: 'Optional: enable application-only monitoring and + change its settings Cannot be used in conjunction with cloud-native + fullstack monitoring, classic fullstack monitoring or host monitoring' + nullable: true + properties: + codeModulesImage: + description: 'Optional: the Dynatrace installer container + image' + type: string + initResources: + description: 'Optional: define resources requests and limits + for the initContainer' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + useCSIDriver: + description: 'Optional: If you want to use CSIDriver; disable + if your cluster does not have ''nodes'' to fall back to + the volume approach.' + type: boolean + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + classicFullStack: + description: 'Optional: enable classic fullstack monitoring and + change its settings Cannot be used in conjunction with cloud-native + fullstack monitoring, application monitoring or host monitoring' + nullable: true + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + x-kubernetes-list-type: set + autoUpdate: + description: 'Optional: Enables automatic restarts of OneAgent + pods in case a new version is available Defaults to true' + type: boolean + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + env: + description: 'Optional: List of environment variables to set + for the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Optional: the Dynatrace installer container + image Defaults to the registry on the tenant for both Kubernetes + and for OpenShift' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes + (optional) + type: object + oneAgentResources: + description: 'Optional: define resources requests and limits + for single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s + priority. Name must be defined by creating a PriorityClass + object with that name. If not specified the setting will + be removed from the DaemonSet.' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + cloudNativeFullStack: + description: 'Optional: enable cloud-native fullstack monitoring + and change its settings Cannot be used in conjunction with classic + fullstack monitoring, application monitoring or host monitoring' + nullable: true + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + x-kubernetes-list-type: set + autoUpdate: + description: 'Optional: Enables automatic restarts of OneAgent + pods in case a new version is available Defaults to true' + type: boolean + codeModulesImage: + description: 'Optional: the Dynatrace installer container + image' + type: string + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + env: + description: 'Optional: List of environment variables to set + for the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Optional: the Dynatrace installer container + image Defaults to the registry on the tenant for both Kubernetes + and for OpenShift' + type: string + initResources: + description: 'Optional: define resources requests and limits + for the initContainer' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes + (optional) + type: object + oneAgentResources: + description: 'Optional: define resources requests and limits + for single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s + priority. Name must be defined by creating a PriorityClass + object with that name. If not specified the setting will + be removed from the DaemonSet.' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + hostMonitoring: + description: 'Optional: enable host monitoring and change its + settings Cannot be used in conjunction with cloud-native fullstack + monitoring, classic fullstack monitoring or application monitoring' + nullable: true + properties: + args: + description: 'Optional: Arguments to the OneAgent installer' + items: + type: string + type: array + x-kubernetes-list-type: set + autoUpdate: + description: 'Optional: Enables automatic restarts of OneAgent + pods in case a new version is available Defaults to true' + type: boolean + dnsPolicy: + description: 'Optional: Sets DNS Policy for the OneAgent pods' + type: string + env: + description: 'Optional: List of environment variables to set + for the installer' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must + be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables + in the container and any service environment variables. + If a variable cannot be resolved, the reference in + the input string will be unchanged. Double $$ are + reduced to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce + the string literal "$(VAR_NAME)". Escaped references + will never be expanded, regardless of whether the + variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or + its key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports + metadata.name, metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in + the specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: + only resources limits and requests (limits.cpu, + limits.memory, limits.ephemeral-storage, requests.cpu, + requests.memory and requests.ephemeral-storage) + are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of + the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select + from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, + kind, uid?' + type: string + optional: + description: Specify whether the Secret or its + key must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + description: 'Optional: the Dynatrace installer container + image Defaults to the registry on the tenant for both Kubernetes + and for OpenShift' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the OneAgent + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: Node selector to control the selection of nodes + (optional) + type: object + oneAgentResources: + description: 'Optional: define resources requests and limits + for single pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of + compute resources required. If Requests is omitted for + a container, it defaults to Limits if that is explicitly + specified, otherwise to an implementation-defined value. + More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + priorityClassName: + description: 'Optional: If specified, indicates the pod''s + priority. Name must be defined by creating a PriorityClass + object with that name. If not specified the setting will + be removed from the DaemonSet.' + type: string + tolerations: + description: 'Optional: set tolerations for the OneAgent pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, + allowed values are NoSchedule, PreferNoSchedule and + NoExecute. + type: string + key: + description: Key is the taint key that the toleration + applies to. Empty means match all taint keys. If the + key is empty, operator must be Exists; this combination + means to match all values and all keys. + type: string + operator: + description: Operator represents a key's relationship + to the value. Valid operators are Exists and Equal. + Defaults to Equal. Exists is equivalent to wildcard + for value, so that a pod can tolerate all taints of + a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period + of time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the + taint forever (do not evict). Zero and negative values + will be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration + matches to. If the operator is Exists, the value should + be empty, otherwise just a regular string. + type: string + type: object + type: array + version: + description: 'Optional: If specified, indicates the OneAgent + version to use Defaults to latest Example: {major.minor.release} + - 1.200.0' + type: string + type: object + type: object + proxy: + description: 'Optional: Set custom proxy settings either directly + or from a secret with the field ''proxy''' + properties: + value: + type: string + valueFrom: + type: string + type: object + routing: + description: 'Deprecated: Configuration for Routing' + properties: + customProperties: + description: 'Optional: Add a custom properties file by providing + it as a value or reference it from a secret If referenced from + a secret, make sure the key is called ''customProperties''' + properties: + value: + type: string + valueFrom: + type: string + type: object + enabled: + description: Enables Capability + type: boolean + env: + description: 'Optional: List of environment variables to set for + the ActiveGate' + items: + description: EnvVar represents an environment variable present + in a Container. + properties: + name: + description: Name of the environment variable. Must be a + C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in + the container and any service environment variables. If + a variable cannot be resolved, the reference in the input + string will be unchanged. Double $$ are reduced to a single + $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. + Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the ConfigMap or its + key must be defined + type: boolean + required: + - key + type: object + fieldRef: + description: 'Selects a field of the pod: supports metadata.name, + metadata.namespace, `metadata.labels['''']`, + `metadata.annotations['''']`, spec.nodeName, + spec.serviceAccountName, status.hostIP, status.podIP, + status.podIPs.' + properties: + apiVersion: + description: Version of the schema the FieldPath + is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the + specified API version. + type: string + required: + - fieldPath + type: object + resourceFieldRef: + description: 'Selects a resource of the container: only + resources limits and requests (limits.cpu, limits.memory, + limits.ephemeral-storage, requests.cpu, requests.memory + and requests.ephemeral-storage) are currently supported.' + properties: + containerName: + description: 'Container name: required for volumes, + optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the + exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + secretKeyRef: + description: Selects a key of a secret in the pod's + namespace + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + group: + description: 'Optional: Set activation group for ActiveGate' + type: string + image: + description: 'Optional: the ActiveGate container image. Defaults + to the latest ActiveGate image provided by the registry on the + tenant' + type: string + labels: + additionalProperties: + type: string + description: 'Optional: Adds additional labels for the ActiveGate + pods' + type: object + nodeSelector: + additionalProperties: + type: string + description: 'Optional: Node selector to control the selection + of nodes' + type: object + replicas: + description: Amount of replicas for your ActiveGates + format: int32 + type: integer + resources: + description: 'Optional: define resources requests and limits for + single ActiveGate pods' + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Limits describes the maximum amount of compute + resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + type: object + tolerations: + description: 'Optional: set tolerations for the ActiveGatePods + pods' + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + topologySpreadConstraints: + description: 'Optional: Adds TopologySpreadConstraints for the + ActiveGate pods' + items: + description: TopologySpreadConstraint specifies how to spread + matching pods among the given topology. + properties: + labelSelector: + description: LabelSelector is used to find matching pods. + Pods that match this label selector are counted to determine + the number of pods in their corresponding topology domain. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + maxSkew: + description: 'MaxSkew describes the degree to which pods + may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, + it is the maximum permitted difference between the number + of matching pods in the target topology and the global + minimum. For example, in a 3-zone cluster, MaxSkew is + set to 1, and pods with the same labelSelector spread + as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | + - if MaxSkew is 1, incoming pod can only be scheduled + to zone3 to become 1/1/1; scheduling it onto zone1(zone2) + would make the ActualSkew(2-0) on zone1(zone2) violate + MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled + onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, + it is used to give higher precedence to topologies that + satisfy it. It''s a required field. Default value is 1 + and 0 is not allowed.' + format: int32 + type: integer + topologyKey: + description: TopologyKey is the key of node labels. Nodes + that have a label with this key and identical values are + considered to be in the same topology. We consider each + as a "bucket", and try to put balanced number + of pods into each bucket. It's a required field. + type: string + whenUnsatisfiable: + description: 'WhenUnsatisfiable indicates how to deal with + a pod if it doesn''t satisfy the spread constraint. - + DoNotSchedule (default) tells the scheduler not to schedule + it. - ScheduleAnyway tells the scheduler to schedule the + pod in any location, but giving higher precedence to topologies + that would help reduce the skew. A constraint is considered + "Unsatisfiable" for an incoming pod if and only if every + possible node assignment for that pod would violate "MaxSkew" + on some topology. For example, in a 3-zone cluster, MaxSkew + is set to 1, and pods with the same labelSelector spread + as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | + If WhenUnsatisfiable is set to DoNotSchedule, incoming + pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) + as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). + In other words, the cluster can still be imbalanced, but + scheduler won''t make it *more* imbalanced. It''s a required + field.' + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + type: object + skipCertCheck: + description: Disable certificate validation checks for installer download + and API communication + type: boolean + tokens: + description: Credentials for the DynaKube to connect back to Dynatrace. + type: string + trustedCAs: + description: 'Optional: Adds custom RootCAs from a configmap This + property only affects certificates used to communicate with the + Dynatrace API. The property is not applied to the ActiveGate' + type: string + required: + - apiUrl + type: object + status: + description: DynaKubeStatus defines the observed state of DynaKube + properties: + activeGate: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + communicationHostForClient: + description: CommunicationHostForClient caches a communication host + specific to the api url. + properties: + host: + type: string + port: + format: int32 + type: integer + protocol: + type: string + type: object + conditions: + description: Conditions includes status about the current state of + the instance + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + connectionInfo: + description: ConnectionInfo caches information about the tenant and + its communication hosts + properties: + communicationHosts: + items: + properties: + host: + type: string + port: + format: int32 + type: integer + protocol: + type: string + type: object + type: array + formattedCommunicationEndpoints: + type: string + tenantUUID: + type: string + type: object + eec: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + kubeSystemUUID: + description: KubeSystemUUID contains the UUID of the current Kubernetes + cluster + type: string + lastAPITokenProbeTimestamp: + description: LastAPITokenProbeTimestamp tracks when the last request + for the API token validity was sent + format: date-time + type: string + lastClusterVersionProbeTimestamp: + description: LastClusterVersionProbeTimestamp indicates when the cluster's + version was last checked + format: date-time + type: string + lastDataIngestTokenProbeTimestamp: + description: LastDataIngestTokenProbeTimestamp tracks when the last + request for the DataIngest token validity was sent + format: date-time + type: string + lastPaaSTokenProbeTimestamp: + description: LastPaaSTokenProbeTimestamp tracks when the last request + for the PaaS token validity was sent + format: date-time + type: string + latestAgentVersionUnixDefault: + description: LatestAgentVersionUnixDefault caches the current agent + version for unix and the default installer which is configured for + the environment + type: string + latestAgentVersionUnixPaas: + description: LatestAgentVersionUnixDefault caches the current agent + version for unix and the PaaS installer which is configured for + the environment + type: string + oneAgent: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + instances: + additionalProperties: + properties: + ipAddress: + type: string + podName: + type: string + type: object + type: object + lastHostsRequestTimestamp: + description: LastHostsRequestTimestamp indicates the last timestamp + the Operator queried for hosts + format: date-time + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + phase: + description: Defines the current state (Running, Updating, Error, + ...) + type: string + statsd: + properties: + imageHash: + description: ImageHash contains the last image hash seen. + type: string + lastUpdateProbeTimestamp: + description: LastUpdateProbeTimestamp defines the last timestamp + when the querying for updates have been done + format: date-time + type: string + version: + description: Version contains the version to be deployed. + type: string + type: object + tokens: + description: Credentials used to connect back to Dynatrace. + type: string + updatedTimestamp: + description: UpdatedTimestamp indicates when the instance was last + updated + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/logo.png b/charts/dynatrace/dynatrace-operator/0.8.2/logo.png new file mode 100644 index 000000000..6714eb8a5 Binary files /dev/null and b/charts/dynatrace/dynatrace-operator/0.8.2/logo.png differ diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/questions.yml b/charts/dynatrace/dynatrace-operator/0.8.2/questions.yml new file mode 100644 index 000000000..ca4422b3c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/questions.yml @@ -0,0 +1,166 @@ +categories: + - APM + - Monitoring +questions: + + #################### Global Configuration #################### + - variable: installCRD + label: "Install Custom Resource Definitions" + description: "Installs the Custom Resource Definitions for the Dynakube. This is recommended if you haven't installed it manually yet. Default: true" + default: true + type: boolean + group: "Global Configuration" + + - variable: image + label: "Set a custom image for operator components" + description: "Set a custom image for operator. Defaults to docker.io/dynatrace/dynatrace-operator" + default: "" + type: string + group: "Global Configuration" + + - variable: customPullSecret + label: "Set a custom pull secret for operator image" + description: "Set a custom pull secret for the operator image" + default: "" + type: string + group: "Global Configuration" + + #################### Operator Deployment Configuration #################### + - variable: operator.nodeSelector + label: "Assign the Dynatrace Operator's pod to certain nodes" + description: "Defines a NodeSelector to customize to which nodes the Dynatrace Operator can be deployed on - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector" + default: "" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.tolerations + label: "Custom tolerations for the Dynatrace Operator's pod" + description: "Defines custom tolerations to the Dynatrace Operator - Please edit as Yaml for the best experience - see https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + default: "" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.apparmor + label: "Enable AppArmor for the Dynatrace Operator's pod" + description: "Adds AppArmor security annotations to the Dynatrace Operator's pod. Default: false" + default: false + type: boolean + group: "Operator Deployment Configuration" + + - variable: operator.requests.cpu + label: "CPU resource requests settings for Dynatrace Operator's pods" + description: "The minimum amount of CPU resources that the Dynatrace Operator's pods should request. Affects scheduling. Default: 50m" + default: "50m" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.requests.memory + label: "Memory resource requests settings for Dynatrace Operator's pods" + description: "The minimum amount of memory that the Dynatrace Operator's pods should request. Affects scheduling. Default: 64Mi" + default: "64Mi" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.limits.cpu + label: "CPU resource limits settings for Dynatrace Operator's pods" + description: "The maximum amount of CPU resources that the Dynatrace Operator's pods can use. Default: 100m" + default: "100m" + type: string + group: "Operator Deployment Configuration" + + - variable: operator.limits.memory + label: "Memory resource limits settings for Dynatrace Operator's pods" + description: "The maximum amount of memory that the Dynatrace Operator's pods can use. Pod restarted if exceeded. Default: 128Mi" + default: "128Mi" + type: string + group: "Operator Deployment Configuration" + + + #################### Webhook Deployment Configuration #################### + + - variable: webhook.apparmor + label: "Enable AppArmor for the Dynatrace Webhook's pod" + description: "Adds AppArmor security annotations to the Dynatrace Webhook's pod. Default: false" + default: false + type: boolean + group: "Webhook Deployment Configuration" + + - variable: webhook.highAvailability + label: "Enable high availability for the Dynatrace Webhook's pod" + description: "Adds topologySpreadConstraints and increases the replicas to 2 for the Dynatrace Webhook's pod. Default: false" + default: false + type: boolean + group: "Webhook Deployment Configuration" + + - variable: webhook.hostNetwork + label: "Enable hostNetwork for the Dynatrace Webhook's pod" + description: "Enables hostNetwork for the Dynatrace Webhook's pod. Default: false" + default: false + type: boolean + group: "Webhook Deployment Configuration" + + - variable: webhook.requests.cpu + label: "CPU resource requests settings for Dynatrace Webhook's pods" + description: "The minimum amount of CPU resources that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 300m" + default: "300m" + type: string + group: "Webhook Deployment Configuration" + + - variable: webhook.requests.memory + label: "Memory resource requests settings for Dynatrace Webhook's pods" + description: "The minimum amount of memory that the Dynatrace Webhook's pods should request. Affects scheduling. Default: 128Mi" + default: "128Mi" + type: string + group: "Webhook Deployment Configuration" + + - variable: webhook.limits.cpu + label: "CPU resource limits settings for Dynatrace Webhook's pods" + description: "The maximum amount of CPU resources that the Dynatrace Webhook's pods can use. Default: 300m" + default: "300m" + type: string + group: "Webhook Deployment Configuration" + + - variable: webhook.limits.memory + label: "Memory resource limits settings for Dynatrace Webhook's pods" + description: "The maximum amount of memory that the Dynatrace Webhook's pods can use. Pod restarted if exceeded. Default: 128Mi" + default: "128Mi" + type: string + group: "Webhook Deployment Configuration" + + + #################### CSI Driver Deployment Configuration #################### + + - variable: csidriver.enabled + label: "Deploy the Dynatrace CSI Driver" + description: "Deploys the Dynatrace CSI Driver via a DaemonSet to enable Cloud Native FullStack. Default: false" + default: false + type: boolean + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.requests.cpu + label: "CPU resource requests settings for Dynatrace CSI Driver's pods" + description: "The minimum amount of CPU resources that the Dynatrace CSI Driver's pods should request. Affects scheduling. Default: 300m" + default: "300m" + type: string + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.requests.memory + label: "Memory resource requests settings for Dynatrace CSI Driver's pods" + description: "The minimum amount of memory that the Dynatrace CSI Driver's pods should request. Affects scheduling. Default: 100Mi" + default: "100Mi" + type: string + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.limits.cpu + label: "CPU resource limits settings for Dynatrace CSI Driver's pods" + description: "The maximum amount of CPU resources that the Dynatrace CSI Driver's pods can use. Default: 300m" + default: "300m" + type: string + group: "CSI Driver Deployment Configuration" + + - variable: csidriver.limits.memory + label: "Memory resource limits settings for Dynatrace CSI Driver's pods" + description: "The maximum amount of memory that the Dynatrace CSI Driver's pods can use. Pod restarted if exceeded. Default: 100Mi" + default: "100Mi" + type: string + group: "CSI Driver Deployment Configuration" diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrole-activegate.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrole-activegate.yaml new file mode 100644 index 000000000..ed8feb1b4 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrole-activegate.yaml @@ -0,0 +1,35 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if eq (default false .Values.olm) true}} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} + +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-activegate + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +rules: + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use +{{- end -}} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrolebinding-activegate.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrolebinding-activegate.yaml new file mode 100644 index 000000000..c36e10990 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/clusterrolebinding-activegate.yaml @@ -0,0 +1,32 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if eq (default false .Values.olm) true}} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-activegate + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-activegate + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dynatrace-activegate + apiGroup: rbac.authorization.k8s.io +{{- end -}} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/serviceaccount-activegate.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/serviceaccount-activegate.yaml new file mode 100644 index 000000000..45adc0fc2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/activegate/serviceaccount-activegate.yaml @@ -0,0 +1,23 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-activegate + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/crd/dynatrace-operator-crd.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/crd/dynatrace-operator-crd.yaml new file mode 100644 index 000000000..fd90930da --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/crd/dynatrace-operator-crd.yaml @@ -0,0 +1,4 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if and .Values.installCRD (eq (include "dynatrace-operator.partial" .) "false") }} +{{ .Files.Get "generated/dynatrace-operator-crd.yaml" }} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrole-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrole-csi.yaml new file mode 100644 index 000000000..47013af33 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrole-csi.yaml @@ -0,0 +1,65 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - watch + - create + - update + - patch + - apiGroups: + - storage.k8s.io + resources: + - csinodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrolebinding-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrolebinding-csi.yaml new file mode 100644 index 000000000..caa125baa --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/clusterrolebinding-csi.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dynatrace-oneagent-csi-driver + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/csidriver.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/csidriver.yaml new file mode 100644 index 000000000..e92606d32 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/csidriver.yaml @@ -0,0 +1,27 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: storage.k8s.io/v1 +kind: CSIDriver +metadata: + name: csi.oneagent.dynatrace.com + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +spec: + attachRequired: false + podInfoOnMount: true + volumeLifecycleModes: + - Ephemeral +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/daemonset.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/daemonset.yaml new file mode 100644 index 000000000..8792d8d1c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/daemonset.yaml @@ -0,0 +1,243 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} + {{- if .Values.csidriver.labels }} + {{- toYaml .Values.csidriver.labels | nindent 4 }} + {{- end}} + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} +spec: + revisionHistoryLimit: 10 + selector: + matchLabels: + {{- include "dynatrace-operator.csiSelectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + kubectl.kubernetes.io/default-logs-container: driver + cluster-autoscaler.kubernetes.io/enable-ds-eviction: "false" + {{- if and (eq (default false .Values.apparmor) true) (ne .Values.platform "openshift") }} + container.apparmor.security.beta.kubernetes.io/driver: runtime/default + container.apparmor.security.beta.kubernetes.io/registrar: runtime/default + container.apparmor.security.beta.kubernetes.io/liveness-probe: runtime/default + {{- end}} + {{- if .Values.csidriver.annotations }} + {{- toYaml .Values.csidriver.annotations | nindent 8 }} + {{- end }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 8 }} + {{- include "dynatrace-operator.csiSelectorLabels" . | nindent 8 }} + {{- if .Values.csidriver.labels }} + {{- toYaml .Values.csidriver.labels | nindent 8 }} + {{- end }} + spec: + containers: + # Used to receive/execute gRPC requests (NodePublishVolume/NodeUnpublishVolume) from kubelet to mount/unmount volumes for a pod + # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so. + # - Needs access to the filesystem of pods on the node, and mount stuff to it,needs to read/write to it, needs root permissions to do so + # - Needs access to a dedicated folder on the node to persist data, needs to read/write to it. + - name: driver + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + args: + - csi-driver + - --endpoint=unix://csi/csi.sock + - --node-id=$(KUBE_NODE_NAME) + - --health-probe-bind-address=:10080 + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: KUBE_NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + livenessProbe: + failureThreshold: 3 + httpGet: + path: /livez + port: livez + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + ports: + - containerPort: 10080 + name: livez + protocol: TCP + resources: + limits: + cpu: {{ default "300m" ((.Values.csidriver).limits).cpu }} + memory: {{ default "100Mi" ((.Values.csidriver).limits).memory }} + requests: + cpu: {{ default "300m" ((.Values.csidriver).requests).cpu }} + memory: {{ default "100Mi" ((.Values.csidriver).requests).memory }} + securityContext: + runAsUser: 0 + privileged: true # Needed for mountPropagation + allowPrivilegeEscalation: true # Needed for privileged + readOnlyRootFilesystem: true + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + seLinuxOptions: + level: s0 + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /var/lib/kubelet/pods + mountPropagation: Bidirectional + name: mountpoint-dir + - mountPath: /data + mountPropagation: Bidirectional + name: dynatrace-oneagent-data-dir + - mountPath: /tmp + name: tmp-dir + # Used to make a gRPC request (GetPluginInfo()) to the driver to get driver name and driver contain + # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so. + # Used for registering the driver with kubelet + # - Needs access to the registration socket, needs to read/write to it, needs root permissions to do so. + - name: registrar + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + args: + - --csi-address=/csi/csi.sock + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/csi.sock + command: + - csi-node-driver-registrar + livenessProbe: + exec: + command: + - csi-node-driver-registrar + - --kubelet-registration-path=/var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/csi.sock + - --mode=kubelet-registration-probe + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 15 + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + securityContext: + runAsUser: 0 + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /csi + name: plugin-dir + - mountPath: /registration + name: registration-dir + - mountPath: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com + name: lockfile-dir + # Used to make a gRPC request (Probe()) to the driver to check if its running + # - Needs access to the csi socket, needs to read/write to it, needs root permissions to do so. + - name: liveness-probe + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + args: + - --csi-address=/csi/csi.sock + - --health-port=9898 + command: + - livenessprobe + resources: + limits: + cpu: 100m + memory: 100Mi + requests: + cpu: 10m + memory: 20Mi + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + securityContext: + runAsUser: 0 + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault + volumeMounts: + - mountPath: /csi + name: plugin-dir + dnsPolicy: ClusterFirst + restartPolicy: Always + schedulerName: default-scheduler + securityContext: {} + serviceAccountName: dynatrace-oneagent-csi-driver + terminationGracePeriodSeconds: 30 + priorityClassName: dynatrace-high-priority + volumes: + # This volume is where the registrar registers the plugin with kubelet + - hostPath: + path: /var/lib/kubelet/plugins_registry/ + type: Directory + name: registration-dir + # This volume is where the socket for kubelet->driver communication is done + - name: plugin-dir + hostPath: + path: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com + type: DirectoryOrCreate + # This volume is where the driver mounts volumes + - hostPath: + path: /var/lib/kubelet/pods + type: DirectoryOrCreate + name: mountpoint-dir + # This volume is where the driver persists data on the node + - hostPath: + path: /var/lib/kubelet/plugins/csi.oneagent.dynatrace.com/data + type: DirectoryOrCreate + name: dynatrace-oneagent-data-dir + # Used by the registrar to create its lockfile + - name: lockfile-dir + emptyDir: {} + # A volume for the driver to write temporary files to + - name: tmp-dir + emptyDir: {} + {{- if .Values.customPullSecret }} + imagePullSecrets: + - name: {{ .Values.customPullSecret }} + {{- end }} + {{- if .Values.csidriver.nodeSelector }} + nodeSelector: {{- toYaml .Values.csidriver.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.csidriver.tolerations }} + tolerations: {{- toYaml .Values.csidriver.tolerations | nindent 8 }} + {{- end }} + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/priority-class.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/priority-class.yaml new file mode 100644 index 000000000..e751149f6 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/priority-class.yaml @@ -0,0 +1,24 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} + +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: PriorityClass +apiVersion: scheduling.k8s.io/v1 +metadata: + name: dynatrace-high-priority +value: {{ default 1000000 (int (.Values.csidriver).priorityClassValue) }} +globalDefault: false +description: "This priority class is used for Dynatrace Components in order to make sure they are not evicted in favor of other pods" +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/role-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/role-csi.yaml new file mode 100644 index 000000000..d0f401f1b --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/role-csi.yaml @@ -0,0 +1,70 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - watch + - list + - delete + - update + - create + - apiGroups: + - dynatrace.com + resources: + - dynakubes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/rolebinding-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/rolebinding-csi.yaml new file mode 100644 index 000000000..a2b50b95e --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/rolebinding-csi.yaml @@ -0,0 +1,31 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: dynatrace-oneagent-csi-driver + apiGroup: rbac.authorization.k8s.io +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/serviceaccount-csi.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/serviceaccount-csi.yaml new file mode 100644 index 000000000..226b6821e --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/csi/serviceaccount-csi.yaml @@ -0,0 +1,23 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.needCSI" .) "true" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-oneagent-csi-driver + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml new file mode 100644 index 000000000..cce3af50c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrole-kubernetes-monitoring.yaml @@ -0,0 +1,96 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-kubernetes-monitoring + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes + - pods + - namespaces + - replicationcontrollers + - events + - resourcequotas + - pods/proxy + - nodes/proxy + - services + {{- if default false (.Values.additionalPermissions).pvcMonitoring}} + - nodes/metrics + {{- end }} + verbs: + - list + - watch + - get + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - list + - watch + - get + - apiGroups: + - apps + resources: + - deployments + - replicasets + - statefulsets + - daemonsets + verbs: + - list + - watch + - get + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - list + - watch + - get + - apiGroups: + - config.openshift.io + resources: + - clusterversions + verbs: + - list + - watch + - get + - nonResourceURLs: + - /metrics + - /version + - /readyz + - /livez + verbs: + - get + {{- if eq (default false .Values.olm) true}} + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use + {{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml new file mode 100644 index 000000000..07f9201a6 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/clusterrolebinding-kubernetes-monitoring.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-kubernetes-monitoring + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dynatrace-kubernetes-monitoring +subjects: + - kind: ServiceAccount + name: dynatrace-kubernetes-monitoring + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml new file mode 100644 index 000000000..18b2492d7 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/kubernetes-monitoring/serviceaccount-kubernetes-monitoring.yaml @@ -0,0 +1,23 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-kubernetes-monitoring + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.activegateLabels" . | nindent 4 }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml new file mode 100644 index 000000000..51d145b97 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-privileged.yaml @@ -0,0 +1,32 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-dynakube-oneagent-privileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +rules: + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml new file mode 100644 index 000000000..13c00aa8e --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrole-oneagent-unprivileged.yaml @@ -0,0 +1,32 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-dynakube-oneagent-unprivileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +rules: + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml new file mode 100644 index 000000000..a79a47c24 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-privileged.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-dynakube-oneagent-privileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: "dynatrace-dynakube-oneagent-privileged" + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: "dynatrace-dynakube-oneagent-privileged" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml new file mode 100644 index 000000000..2581546d4 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/clusterrolebinding-oneagent-unprivileged.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if (eq (include "dynatrace-operator.openshiftOrOlm" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-dynakube-oneagent-unprivileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-dynakube-oneagent-unprivileged + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: dynatrace-dynakube-oneagent-unprivileged +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml new file mode 100644 index 000000000..94d60bd0a --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-privileged.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-dynakube-oneagent-privileged + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +automountServiceAccountToken: false +{{- if eq .Values.platform "openshift"}} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{- end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml new file mode 100644 index 000000000..71f419de8 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/oneagent/serviceaccount-oneagent-unprivileged.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-dynakube-oneagent-unprivileged + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +automountServiceAccountToken: false +{{- if eq .Values.platform "openshift"}} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{- end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrole-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrole-operator.yaml new file mode 100644 index 000000000..feb3b13bd --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrole-operator.yaml @@ -0,0 +1,103 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - nodes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - dynatrace-dynakube-config + - dynatrace-data-ingest-endpoint + - dynatrace-activegate-internal-proxy + verbs: + - get + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + resourceNames: + - dynatrace-webhook + verbs: + - get + - update + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + resourceNames: + - dynatrace-webhook + verbs: + - get + - update + - apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + resourceNames: + - dynakubes.dynatrace.com + verbs: + - get + - update + {{- if eq (default false .Values.olm) true}} + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use + {{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrolebinding-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrolebinding-operator.yaml new file mode 100644 index 000000000..5ab0c0e88 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/clusterrolebinding-operator.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/deployment-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/deployment-operator.yaml new file mode 100644 index 000000000..9866b756c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/deployment-operator.yaml @@ -0,0 +1,139 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} + {{- if .Values.operator.labels }} + {{- toYaml .Values.operator.labels | nindent 4 }} + {{- end }} +spec: + replicas: 1 + revisionHistoryLimit: 1 + selector: + matchLabels: + {{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + template: + metadata: + {{- if or (.Values.operator).apparmor .Values.operator.annotations}} + annotations: + {{- if (.Values.operator).apparmor}} + container.apparmor.security.beta.kubernetes.io/{{ .Release.Name }}: runtime/default + {{- end }} + {{- if .Values.operator.annotations }} + {{- toYaml .Values.operator.annotations | nindent 8 }} + {{- end }} + {{- end }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 8 }} + {{- include "dynatrace-operator.operatorSelectorLabels" . | nindent 8 }} + {{- if .Values.operator.labels }} + {{- toYaml .Values.operator.labels | nindent 8 }} + {{- end }} + spec: + containers: + - name: {{ .Release.Name }} + args: + - operator + # Replace this with the built image name + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + ports: + - containerPort: 10080 + name: server-port + resources: + requests: + cpu: {{ default "50m" ((.Values.operator).requests).cpu }} + memory: {{ default "64Mi" ((.Values.operator).requests).memory }} + ephemeral-storage: "10Mi" + limits: + cpu: {{ default "100m" ((.Values.operator).limits).cpu }} + memory: {{ default "128Mi" ((.Values.operator).limits).memory }} + ephemeral-storage: "10Mi" + volumeMounts: + - name: tmp-cert-dir + mountPath: /tmp/dynatrace-operator + readinessProbe: + httpGet: + path: /livez + port: server-port + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + livenessProbe: + httpGet: + path: /livez + port: server-port + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + securityContext: + seccompProfile: + type: RuntimeDefault + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + capabilities: + drop: + - ALL + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- if ne .Values.platform "gke-autopilot"}} + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + {{- end }} + - key: kubernetes.io/os + operator: In + values: + - linux + volumes: + - emptyDir: { } + name: tmp-cert-dir + serviceAccountName: {{ .Release.Name }} + {{- if .Values.customPullSecret }} + imagePullSecrets: + - name: {{ .Values.customPullSecret }} + {{- end }} + {{- if .Values.operator.nodeSelector }} + nodeSelector: {{- toYaml .Values.operator.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.operator.tolerations }} + tolerations: {{- toYaml .Values.operator.tolerations | nindent 8 }} + {{- end -}} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/role-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/role-operator.yaml new file mode 100644 index 000000000..6991a9552 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/role-operator.yaml @@ -0,0 +1,159 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +rules: + - apiGroups: + - dynatrace.com + resources: + - dynakubes + verbs: + - get + - list + - watch + - update + - create + - apiGroups: + - dynatrace.com + resources: + - dynakubes/finalizers + - dynakubes/status + verbs: + - update + + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - apps + resources: + - replicasets + - deployments + verbs: + - get + - list + - watch + - apiGroups: + - apps + resources: + - deployments/finalizers + verbs: + - update + + - apiGroups: + - "" # "" indicates the core API group + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" # "" indicates the core API group + resources: + - pods + verbs: + - get + - list + - watch + - delete + - create + - apiGroups: + - "" # "" indicates the core API group + resources: + - secrets + verbs: + - get + - list + - watch + - create + - update + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - list + - create + - apiGroups: + - "" + resources: + - services + verbs: + - create + - update + - delete + - get + - list + - watch + + - apiGroups: + - monitoring.coreos.com + resources: + - servicemonitors + verbs: + - get + - create + + - apiGroups: + - networking.istio.io + resources: + - serviceentries + - virtualservices + verbs: + - get + - list + - create + - update + - delete + + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - update + - create +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/rolebinding-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/rolebinding-operator.yaml new file mode 100644 index 000000000..d7fd25b84 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/rolebinding-operator.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ .Release.Name }} +roleRef: + kind: Role + name: {{ .Release.Name }} + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/serviceaccount-operator.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/serviceaccount-operator.yaml new file mode 100644 index 000000000..4ec204757 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/operator/serviceaccount-operator.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} + +{{ if eq .Values.platform "openshift" }} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrole-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrole-webhook.yaml new file mode 100644 index 000000000..039b382ee --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrole-webhook.yaml @@ -0,0 +1,97 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - watch + - update + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - apiGroups: + - "" + resources: + - secrets + resourceNames: + - dynatrace-dynakube-config + - dynatrace-data-ingest-endpoint + verbs: + - get + - list + - watch + - update + # data-ingest workload owner lookup + - apiGroups: + - "" + resources: + - replicationcontrollers + verbs: + - get + - apiGroups: + - apps + resources: + - replicasets + - statefulsets + - daemonsets + - deployments + verbs: + - get + - apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: + - get + - apiGroups: + - apps.openshift.io + resources: + - deploymentconfigs + verbs: + - get + {{- if eq (default false .Values.olm) true}} + - apiGroups: + - security.openshift.io + resourceNames: + - host + - privileged + resources: + - securitycontextconstraints + verbs: + - use + {{ end }} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrolebinding-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrolebinding-webhook.yaml new file mode 100644 index 000000000..e6ab06164 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/clusterrolebinding-webhook.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: dynatrace-webhook + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/deployment-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/deployment-webhook.yaml new file mode 100644 index 000000000..b3a7a0e40 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/deployment-webhook.yaml @@ -0,0 +1,150 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: apps/v1 +kind: Deployment +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} + {{- if .Values.webhook.labels }} + {{- toYaml .Values.webhook.labels | nindent 4 }} + {{- end }} +spec: + replicas: {{ (default false (.Values.webhook).highAvailability) | ternary 2 1 }} + revisionHistoryLimit: 1 + selector: + matchLabels: + {{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + template: + metadata: + annotations: + kubectl.kubernetes.io/default-container: webhook + {{- if (.Values.webhook).apparmor}} + container.apparmor.security.beta.kubernetes.io/webhook: runtime/default + {{- end }} + {{- if .Values.webhook.annotations}} + {{- toYaml .Values.webhook.annotations | nindent 8 }} + {{- end }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 8 }} + {{- include "dynatrace-operator.webhookSelectorLabels" . | nindent 8 }} + {{- if .Values.webhook.labels }} + {{- toYaml .Values.webhook.labels | nindent 8 }} + {{- end }} + spec: + {{- if (.Values.webhook).highAvailability }} + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: "topology.kubernetes.io/zone" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: dynatrace-operator + - maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + app.kubernetes.io/component: webhook + app.kubernetes.io/name: dynatrace-operator + {{- end }} + volumes: + - emptyDir: {} + name: certs-dir + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + {{- if ne .Values.platform "gke-autopilot"}} + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + {{- end }} + - key: kubernetes.io/os + operator: In + values: + - linux + containers: + - name: webhook + args: + - webhook-server + # OLM mounts the certificates here, so we reuse it for simplicity + - --certs-dir=/tmp/k8s-webhook-server/serving-certs/ + image: {{- include "dynatrace-operator.image" . | nindent 12 }} + imagePullPolicy: Always + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + readinessProbe: + httpGet: + path: /livez + port: server-port + scheme: HTTPS + ports: + - name: server-port + containerPort: 8443 + resources: + requests: + cpu: {{ default "300m" ((.Values.webhook).requests).cpu }} + memory: {{ default "128Mi" ((.Values.webhook).requests).memory }} + ephemeral-storage: "10Mi" + limits: + cpu: {{ default "300m" ((.Values.webhook).limits).cpu }} + memory: {{ default "128Mi" ((.Values.webhook).limits).memory }} + ephemeral-storage: "10Mi" + volumeMounts: + - name: certs-dir + mountPath: /tmp/k8s-webhook-server/serving-certs/ + securityContext: + seccompProfile: + type: RuntimeDefault + privileged: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1001 + runAsGroup: 1001 + capabilities: + drop: + - ALL + serviceAccountName: dynatrace-webhook + {{- if (.Values.webhook).hostNetwork }} + hostNetwork: true + {{- end }} + {{- if .Values.customPullSecret }} + imagePullSecrets: + - name: {{ .Values.customPullSecret }} + {{- end }} + {{- if .Values.webhook.nodeSelector }} + nodeSelector: {{- toYaml .Values.webhook.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.webhook.tolerations }} + tolerations: {{- toYaml .Values.webhook.tolerations | nindent 8 }} + {{- end -}} +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/mutatingwebhookconfiguration.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/mutatingwebhookconfiguration.yaml new file mode 100644 index 000000000..6a182eb1b --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/mutatingwebhookconfiguration.yaml @@ -0,0 +1,61 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +webhooks: + - name: webhook.pod.dynatrace.com + reinvocationPolicy: IfNeeded + failurePolicy: Ignore + timeoutSeconds: 2 + rules: + - apiGroups: [ "" ] + apiVersions: [ "v1" ] + operations: [ "CREATE" ] + resources: [ "pods" ] + scope: Namespaced + namespaceSelector: + matchExpressions: + - key: dynakube.internal.dynatrace.com/instance + operator: Exists + clientConfig: + service: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + path: /inject + admissionReviewVersions: [ "v1beta1", "v1" ] + sideEffects: None + - name: webhook.ns.dynatrace.com + reinvocationPolicy: IfNeeded + failurePolicy: Ignore + timeoutSeconds: 2 + rules: + - apiGroups: [ "" ] + apiVersions: [ "v1" ] + operations: [ "CREATE", "UPDATE"] + resources: [ "namespaces" ] + scope: Cluster + clientConfig: + service: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + path: /label-ns + admissionReviewVersions: [ "v1beta1", "v1" ] + sideEffects: None +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/poddisruptionbudget-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/poddisruptionbudget-webhook.yaml new file mode 100644 index 000000000..9b51a0148 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/poddisruptionbudget-webhook.yaml @@ -0,0 +1,13 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if and (.Values.webhook).highAvailability (eq (include "dynatrace-operator.partial" .) "false") }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} +spec: + minAvailable: 1 + selector: + matchLabels: + app.kubernetes.io/component: webhook +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/role-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/role-webhook.yaml new file mode 100644 index 000000000..cc1072cd2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/role-webhook.yaml @@ -0,0 +1,74 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +rules: + - apiGroups: + - "" + resources: + - services + - configmaps + - secrets + verbs: + - get + - list + - watch + - create + - update + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - list + - watch + - apiGroups: + - dynatrace.com + resources: + - dynakubes + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - list + - create + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - update + - create + - apiGroups: + - apps + resources: + - daemonsets + verbs: + - list + - watch +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/rolebinding-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/rolebinding-webhook.yaml new file mode 100644 index 000000000..c77009db2 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/rolebinding-webhook.yaml @@ -0,0 +1,31 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +subjects: + - kind: ServiceAccount + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: dynatrace-webhook + apiGroup: rbac.authorization.k8s.io +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/service.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/service.yaml new file mode 100644 index 000000000..46268b14c --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/service.yaml @@ -0,0 +1,30 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: Service +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +spec: + selector: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} + ports: + - port: 443 + protocol: TCP + targetPort: server-port +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/serviceaccount-webhook.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/serviceaccount-webhook.yaml new file mode 100644 index 000000000..ebc6a9828 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/serviceaccount-webhook.yaml @@ -0,0 +1,29 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: v1 +kind: ServiceAccount +metadata: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +{{- if eq .Values.platform "openshift" }} +imagePullSecrets: +- name: redhat-connect +- name: redhat-connect-sso +{{- end }} +{{ end }} + diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/validatingwebhookconfiguration.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/validatingwebhookconfiguration.yaml new file mode 100644 index 000000000..8791ec3f6 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Common/webhook/validatingwebhookconfiguration.yaml @@ -0,0 +1,45 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{ if eq (include "dynatrace-operator.partial" .) "false" }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.webhookLabels" . | nindent 4 }} +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + - v1alpha1 + clientConfig: + service: + name: dynatrace-webhook + namespace: {{ .Release.Namespace }} + path: /validate + rules: + - operations: + - CREATE + - UPDATE + apiGroups: + - dynatrace.com + apiVersions: + - v1beta1 + resources: + - dynakubes + name: webhook.dynatrace.com + timeoutSeconds: 2 + sideEffects: None +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/NOTES.txt b/charts/dynatrace/dynatrace-operator/0.8.2/templates/NOTES.txt new file mode 100644 index 000000000..8ff8ac567 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/NOTES.txt @@ -0,0 +1,10 @@ +Thank you for installing {{ .Chart.Name }}. + +Your release is named {{ .Release.Name }}. + +To find more information about the Dynatrace Operator, try: +https://github.com/Dynatrace/dynatrace-operator + +To verify the current state of the deployments, try: + $ kubectl get pods -n {{ .Release.Namespace }} + $ kubectl logs -f deployment/{{ .Release.Name }} -n {{ .Release.Namespace }} \ No newline at end of file diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/activegate/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/activegate/securitycontextconstraints.yaml new file mode 100644 index 000000000..b6bcaf2d4 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/activegate/securitycontextconstraints.yaml @@ -0,0 +1,52 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: dynatrace-activegate +allowPrivilegedContainer: false +fsGroup: + type: RunAsAny +priority: 1 +{{- if (.Values.activeGate).readOnlyFs }} +readOnlyRootFilesystem: true +{{ else }} +readOnlyRootFilesystem: false +{{ end }} +requiredDropCapabilities: + - ALL +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-activegate + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-kubernetes-monitoring +volumes: + - "*" + +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowedFlexVolumes: null +defaultAddCapabilities: [] +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml new file mode 100644 index 000000000..de5e8fc72 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/csi/securitycontextconstraints-csidriver.yaml @@ -0,0 +1,49 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.needCSI" .) "true") }} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: dynatrace-oneagent-csi-driver + labels: + {{- include "dynatrace-operator.csiLabels" . | nindent 4 }} +allowHostDirVolumePlugin: true +allowHostIPC: true +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: true +allowedCapabilities: + - "*" +allowedFlexVolumes: null +defaultAddCapabilities: null +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: false +requiredDropCapabilities: null +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:dynatrace:dynatrace-oneagent-csi-driver +volumes: + - "*" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml new file mode 100644 index 000000000..5936d103b --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-privileged.yaml @@ -0,0 +1,66 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: "dynatrace-dynakube-oneagent-privileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context." + name: dynatrace-dynakube-oneagent-privileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: true +allowedCapabilities: + - CHOWN + - DAC_OVERRIDE + - DAC_READ_SEARCH + - FOWNER + - FSETID + - KILL + - NET_ADMIN + - NET_RAW + - SETFCAP + - SETGID + - SETUID + - SYS_ADMIN + - SYS_CHROOT + - SYS_PTRACE + - SYS_RESOURCE +allowedFlexVolumes: null +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: false +requiredDropCapabilities: + - ALL +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-privileged +volumes: + - "*" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml new file mode 100644 index 000000000..756eac3aa --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/oneagent/securitycontextconstraints-unprivileged.yaml @@ -0,0 +1,66 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + annotations: + kubernetes.io/description: "dynatrace-dynakube-oneagent-unprivileged allows access to all privileged and host features and the ability to run as any user, any group, any fsGroup, and with any SELinux context. This is a copy of privileged scc." + name: dynatrace-dynakube-oneagent-unprivileged + labels: + {{- include "dynatrace-operator.oneagentLabels" . | nindent 4 }} +allowHostDirVolumePlugin: true +allowHostIPC: false +allowHostNetwork: true +allowHostPID: true +allowHostPorts: true +allowPrivilegedContainer: false +allowedCapabilities: + - CHOWN + - DAC_OVERRIDE + - DAC_READ_SEARCH + - FOWNER + - FSETID + - KILL + - NET_ADMIN + - NET_RAW + - SETFCAP + - SETGID + - SETUID + - SYS_ADMIN + - SYS_CHROOT + - SYS_PTRACE + - SYS_RESOURCE +allowedFlexVolumes: null +defaultAddCapabilities: [] +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: false +requiredDropCapabilities: + - ALL +runAsUser: + type: RunAsAny +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-dynakube-oneagent-unprivileged +volumes: + - "*" +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/operator/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/operator/securitycontextconstraints.yaml new file mode 100644 index 000000000..55cc05805 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/operator/securitycontextconstraints.yaml @@ -0,0 +1,49 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: {{ .Release.Name }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +allowPrivilegedContainer: false +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: true +requiredDropCapabilities: + - ALL +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:{{ .Release.Name }} +volumes: + - "*" + +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: false +allowHostPID: false +allowHostPorts: false +allowedFlexVolumes: null +defaultAddCapabilities: [] +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/webhook/securitycontextconstraints.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/webhook/securitycontextconstraints.yaml new file mode 100644 index 000000000..aa1b0a267 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/Openshift/webhook/securitycontextconstraints.yaml @@ -0,0 +1,49 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if and (eq .Values.platform "openshift") ((.Values.securityContextConstraints).enabled) (eq (include "dynatrace-operator.partial" .) "false")}} +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: security.openshift.io/v1 +kind: SecurityContextConstraints +metadata: + name: dynatrace-webhook + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} +allowPrivilegedContainer: false +fsGroup: + type: RunAsAny +priority: 1 +readOnlyRootFilesystem: true +requiredDropCapabilities: + - ALL +runAsUser: + type: MustRunAsNonRoot +seLinuxContext: + type: RunAsAny +seccompProfiles: + - "*" +supplementalGroups: + type: RunAsAny +users: + - system:serviceaccount:{{ .Release.Namespace }}:dynatrace-webhook +volumes: + - "*" + +allowHostDirVolumePlugin: false +allowHostIPC: false +allowHostNetwork: true +allowHostPID: false +allowHostPorts: false +allowedFlexVolumes: null +defaultAddCapabilities: [] +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/_helpers.tpl b/charts/dynatrace/dynatrace-operator/0.8.2/templates/_helpers.tpl new file mode 100644 index 000000000..7b2fc3108 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/_helpers.tpl @@ -0,0 +1,171 @@ +// Copyright 2020 Dynatrace LLC + +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at + +// http://www.apache.org/licenses/LICENSE-2.0 + +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "dynatrace-operator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "dynatrace-operator.futureSelectorLabels" -}} +app.kubernetes.io/name: {{ .Release.Name }} +{{- if not (.Values).manifests }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} +{{- end -}} + +{{/* +Common labels +*/}} +{{- define "dynatrace-operator.commonLabels" -}} +{{ include "dynatrace-operator.futureSelectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +{{- if not (.Values).manifests }} +helm.sh/chart: {{ include "dynatrace-operator.chart" . }} +{{- end -}} +{{- end -}} + +{{/* +Operator labels +*/}} +{{- define "dynatrace-operator.operatorLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: operator +{{- end -}} + +{{/* +Operator selector labels +*/}} +{{- define "dynatrace-operator.operatorSelectorLabels" -}} +name: {{ .Release.Name }} +{{- end -}} + +{{/* +Webhook labels +*/}} +{{- define "dynatrace-operator.webhookLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: webhook +{{- end -}} + +{{/* +Webhook selector labels +*/}} +{{- define "dynatrace-operator.webhookSelectorLabels" -}} +internal.dynatrace.com/component: webhook +internal.dynatrace.com/app: webhook +{{- end -}} + +{{/* +CSI labels +*/}} +{{- define "dynatrace-operator.csiLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: csi-driver +{{- end -}} + +{{/* +CSI selector labels +*/}} +{{- define "dynatrace-operator.csiSelectorLabels" -}} +internal.oneagent.dynatrace.com/app: csi-driver +internal.oneagent.dynatrace.com/component: csi-driver +{{- end -}} + +{{/* +ActiveGate labels +*/}} +{{- define "dynatrace-operator.activegateLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: activegate +{{- end -}} + +{{/* +OneAgent labels +*/}} +{{- define "dynatrace-operator.oneagentLabels" -}} +{{ include "dynatrace-operator.commonLabels" . }} +app.kubernetes.io/component: oneagent +{{- end -}} + + +{{/* +Check if default image is used +*/}} +{{- define "dynatrace-operator.image" -}} +{{- if .Values.image -}} + {{- printf "%s" .Values.image -}} +{{- else -}} + {{- if eq .Values.platform "google-marketplace" -}} + {{- printf "%s:%s" "gcr.io/dynatrace-marketplace-prod/dynatrace-operator" "{{ .Chart.AppVersion }}" }} + {{- else -}} + {{- printf "%s:v%s" "docker.io/dynatrace/dynatrace-operator" .Chart.AppVersion }} + {{- end -}} +{{- end -}} +{{- end -}} + + +{{/* +Check if we need the csi driver. +*/}} +{{- define "dynatrace-operator.needCSI" -}} + {{- if or (.Values.csidriver.enabled) (eq (include "dynatrace-operator.partial" .) "csi") -}} + {{- printf "true" -}} + {{- end -}} +{{- end -}} + + +{{/* +Check if we are generating only a part of the yamls +*/}} +{{- define "dynatrace-operator.partial" -}} + {{- if (default false .Values.partial) -}} + {{- printf "%s" .Values.partial -}} + {{- else -}} + {{- printf "false" -}} + {{- end -}} +{{- end -}} + + +{{/* +Check if platform is set +*/}} +{{- define "dynatrace-operator.platformSet" -}} +{{- if or (eq .Values.platform "kubernetes") (eq .Values.platform "openshift") (eq .Values.platform "google-marketplace") (eq .Values.platform "gke-autopilot") -}} + {{ default "set" }} +{{- end -}} +{{- end -}} + +{{/* +Exclude Kubernetes manifest not running on OLM +*/}} +{{- define "dynatrace-operator.openshiftOrOlm" -}} +{{- if and (or (eq .Values.platform "openshift") (.Values.olm)) (eq (include "dynatrace-operator.partial" .) "false") -}} + {{ default "true" }} +{{- end -}} +{{- end -}} + +{{/* +Check if the platform is set +*/}} +{{- define "dynatrace-operator.platformRequired" -}} +{{- $platformIsSet := printf "%s" (required "Platform needs to be set to kubernetes, openshift, google-marketplace, or gke-autopilot" (include "dynatrace-operator.platformSet" .))}} +{{- end -}} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/templates/application.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/templates/application.yaml new file mode 100644 index 000000000..ff895bde3 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/templates/application.yaml @@ -0,0 +1,99 @@ +{{- include "dynatrace-operator.platformRequired" . }} +{{- if eq .Values.platform "google-marketplace" }} +# Copyright 2020 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# http://www.apache.org/licenses/LICENSE-2.0 +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +apiVersion: app.k8s.io/v1beta1 +kind: Application +metadata: + name: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "dynatrace-operator.operatorLabels" . | nindent 4 }} + annotations: + kubernetes-engine.cloud.google.com/icon: data:image/png;base64,{{ .Files.Get "logo.png" | b64enc }} + marketplace.cloud.google.com/deploy-info: '{"partner_id": "dynatrace-marketplace-prod", "product_id": "dynatrace-operator", "partner_name": "Dynatrace LLC"}' +spec: + descriptor: + type: "Dynatrace Operator" + version: "0.8.1" + maintainers: + - name: Dynatrace LLC + url: https://www.dynatrace.com/ + keywords: + - "dynatrace" + - "operator" + - "activegate" + - "k8s" + - "monitoring" + - "apm" + description: | + # Dynatrace Operator + + The Dynatrace Operator supports rollout and lifecycle management of various Dynatrace components in Kubernetes and OpenShift. + + * OneAgent + * `classicFullStack` rolls out a OneAgent pod per node to monitor pods on it and the node itself + * `applicationMonitoring` is a webhook based injection mechanism for automatic app-only injection + * CSI Driver can be enabled to cache OneAgent downloads per node + * `hostMonitoring` is only monitoring the hosts (i.e. nodes) in the cluster without app-only injection + * `cloudNativeFullStack` is a combination of `applicationMonitoring` with CSI driver and `hostMonitoring` + * ActiveGate + * `routing` routes OneAgent traffic through the ActiveGate + * `kubernetes-monitoring` allows monitoring of the Kubernetes API + * `metrics-ingest` routes enriched metrics through ActiveGate + + For more information please have a look at [our DynaKube Custom Resource examples](config/samples) and + our [official help page](https://www.dynatrace.com/support/help/setup-and-configuration/setup-on-container-platforms/kubernetes/). + links: + - description: Dynatrace Website + url: https://www.dynatrace.com/ + - description: Operator Deploy Guide + url: ToDo + - description: Kubernetes Monitoring Info + url: https://www.dynatrace.com/technologies/kubernetes-monitoring + selector: + matchLabels: + app.kubernetes.io/name: "{{ .Release.Name }}" + componentKinds: + - group: apps/v1 + kind: DaemonSet + - group: v1 + kind: Pod + - group: v1 + kind: ConfigMap + - group: apps/v1 + kind: Deployment + - group: v1 + kind: Secret + - group: batch/v1 + kind: Job + - group: v1 + kind: Service + - group: v1 + kind: ServiceAccount + - group: admissionregistration.k8s.io/v1 + kind: ValidatingWebhookConfiguration + - group: admissionregistration.k8s.io/v1 + kind: MutatingWebhookConfiguration + - group: apps/v1 + kind: StatefulSet + - group: storage.k8s.io/v1 + kind: CSIDriver + - group: rbac.authorization.k8s.io/v1 + kind: ClusterRole + - group: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + - group: rbac.authorization.k8s.io/v1 + kind: Role + - group: rbac.authorization.k8s.io/v1 + kind: RoleBinding +{{ end }} diff --git a/charts/dynatrace/dynatrace-operator/0.8.2/values.yaml b/charts/dynatrace/dynatrace-operator/0.8.2/values.yaml new file mode 100644 index 000000000..6dd4b6a40 --- /dev/null +++ b/charts/dynatrace/dynatrace-operator/0.8.2/values.yaml @@ -0,0 +1,77 @@ +# Copyright 2021 Dynatrace LLC + +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at + +# http://www.apache.org/licenses/LICENSE-2.0 + +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# may be set to "kubernetes", "openshift", or "gke-autopilot" +platform: "kubernetes" + +image: "" +customPullSecret: "" +installCRD: false + +operator: + nodeSelector: {} + tolerations: [] + labels: [] + annotations: [] + apparmor: false + requests: + cpu: 50m + memory: 64Mi + limits: + cpu: 100m + memory: 128Mi + +webhook: + hostNetwork: false + nodeSelector: {} + tolerations: [] + labels: [] + annotations: [] + apparmor: false + requests: + cpu: 300m + memory: 128Mi + limits: + cpu: 300m + memory: 128Mi + highAvailability: true + +csidriver: + enabled: false + nodeSelector: {} + priorityClassValue: "1000000" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + operator: Exists + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane + operator: Exists + - effect: NoSchedule + key: ToBeDeletedByClusterAutoscaler + operator: Exists + labels: [] + annotations: [] + requests: + cpu: 300m + memory: 100Mi + limits: + cpu: 300m + memory: 100Mi + +securityContextConstraints: + enabled: true # Only applicable for Openshift + +additionalPermissions: + pvcMonitoring: false diff --git a/index.yaml b/index.yaml old mode 100755 new mode 100644 index 5ca3814d9..898e77eb1 --- a/index.yaml +++ b/index.yaml @@ -1135,6 +1135,33 @@ entries: - assets/dynatrace/dynatrace-oneagent-operator-0.8.000.tgz version: 0.8.000 dynatrace-operator: + - annotations: + catalog.cattle.io/certified: partner + catalog.cattle.io/display-name: Dynatrace Operator + catalog.cattle.io/kube-version: '>=1.21.0-0' + catalog.cattle.io/release-name: dynatrace-operator + apiVersion: v2 + appVersion: 0.8.2 + created: "2022-08-30T12:34:53.716323-04:00" + description: The Dynatrace Operator Helm chart for Kubernetes and OpenShift + digest: f00dff617c06508dd3d18b3503ce65c6a241081566be53b2b4449b9e08f765c8 + home: https://www.dynatrace.com/ + icon: https://assets.dynatrace.com/global/resources/Signet_Logo_RGB_CP_512x512px.png + kubeVersion: '>=1.21.0-0' + maintainers: + - email: marcell.sevcsik@dynatrace.com + name: 0sewa0 + - email: christoph.muellner@dynatrace.com + name: chrismuellner + - email: lukas.hinterreiter@dynatrace.com + name: luhi-DT + name: dynatrace-operator + sources: + - https://github.com/Dynatrace/dynatrace-operator + type: application + urls: + - assets/dynatrace/dynatrace-operator-0.8.2.tgz + version: 0.8.2 - annotations: catalog.cattle.io/certified: partner catalog.cattle.io/display-name: Dynatrace Operator